unicorn 4.1.1 → 4.2.0

data/t/.gitignore

@@ -1,2 +1,5 @@
 /random_blob
 /.dep+*
+/*.crt
+/*.key
+/ssl-stamp

data/t/GNUmakefile

@@ -45,7 +45,11 @@ random_blob:
 	dd if=/dev/urandom bs=1M count=30 of=$@.$(pid)
 	mv $@.$(pid) $@
 
-$(T): random_blob
+ssl-stamp:
+	./sslgen.sh
+	> $@
+
+$(T): random_blob ssl-stamp
 
 dependencies := socat curl
 deps := $(addprefix .dep+,$(dependencies))

data/t/bin/sha1sum.rb

@@ -1,12 +1,6 @@
 #!/usr/bin/env ruby
 # -*- encoding: binary -*-
-
-# Reads from stdin and outputs the SHA1 hex digest of the input this is
-# ONLY used as a last resort, our test code will try to use sha1sum(1),
-# openssl(1), or gsha1sum(1) before falling back to using this.  We try
-# all options first because we have a strong and healthy distrust of our
-# Ruby abilities in general, and *especially* when it comes to
-# understanding (and trusting the implementation of) Ruby 1.9 encoding.
+# Reads from stdin and outputs the SHA1 hex digest of the input
 
 require 'digest/sha1'
 $stdout.sync = $stderr.sync = true

data/t/sslgen.sh

@@ -0,0 +1,71 @@
+#!/bin/sh
+set -e
+
+lock=$0.lock
+while ! mkdir $lock 2>/dev/null
+do
+	echo >&2 "PID=$$ waiting for $lock"
+	sleep 1
+done
+pid=$$
+trap 'if test $$ -eq $pid; then rmdir $lock; fi' EXIT
+
+certinfo() {
+	echo US
+	echo Hell
+	echo A Very Special Place
+	echo Monkeys
+	echo Poo-Flingers
+	echo 127.0.0.1
+	echo kgio@bogomips.org
+}
+
+certinfo2() {
+	certinfo
+	echo
+	echo
+}
+
+ca_certinfo () {
+	echo US
+	echo Hell
+	echo An Even More Special Place
+	echo Deranged Monkeys
+	echo Poo-Hurlers
+	echo 127.6.6.6
+	echo unicorn@bogomips.org
+}
+
+openssl genrsa -out ca.key 512
+ca_certinfo | openssl req -new -x509 -days 666 -key ca.key -out ca.crt
+
+openssl genrsa -out bad-ca.key 512
+ca_certinfo | openssl req -new -x509 -days 666 -key bad-ca.key -out bad-ca.crt
+
+openssl genrsa -out server.key 512
+certinfo2 | openssl req -new -key server.key -out server.csr
+
+openssl x509 -req -days 666 \
+	-in server.csr -CA ca.crt -CAkey ca.key -set_serial 1 -out server.crt
+n=2
+mk_client_cert () {
+	CLIENT=$1
+	openssl genrsa -out $CLIENT.key 512
+	certinfo2 | openssl req -new -key $CLIENT.key -out $CLIENT.csr
+
+	openssl x509 -req -days 666 \
+		-in $CLIENT.csr -CA $CA.crt -CAkey $CA.key -set_serial $n \
+		-out $CLIENT.crt
+	rm -f $CLIENT.csr
+	n=$(($n + 1))
+}
+
+CA=ca
+mk_client_cert client1
+mk_client_cert client2
+
+CA=bad-ca mk_client_cert bad-client
+
+rm -f server.csr
+
+echo OK

data/t/t0011-active-unix-socket.sh

@@ -7,7 +7,7 @@ read_pid_unix () {
 	    socat - UNIX:$unix_socket | \
 	    tail -1)
 	test -n "$x"
-	y="$(expr "$x" : '\([0-9]\+\)')"
+	y="$(expr "$x" : '\([0-9][0-9]*\)')"
 	test x"$x" = x"$y"
 	test -n "$y"
 	echo "$y"

data/t/t0600-https-server-basic.sh

@@ -0,0 +1,48 @@
+#!/bin/sh
+. ./test-lib.sh
+t_plan 7 "simple HTTPS connection tests"
+
+t_begin "setup and start" && {
+	rtmpfiles curl_err
+	unicorn_setup
+cat > $unicorn_config <<EOF
+ssl do
+  listen "$listen"
+  ssl_certificate "server.crt"
+  ssl_certificate_key "server.key"
+end
+pid "$pid"
+stderr_path "$r_err"
+stdout_path "$r_out"
+EOF
+	unicorn -D -c $unicorn_config env.ru
+	unicorn_wait_start
+}
+
+t_begin "single request" && {
+	curl -sSfv --cacert ca.crt https://$listen/
+}
+
+t_begin "check stderr has no errors" && {
+	check_stderr
+}
+
+t_begin "multiple requests" && {
+	curl -sSfv --no-keepalive --cacert ca.crt \
+		https://$listen/ https://$listen/ 2>> $curl_err >> $tmp
+		dbgcat curl_err
+}
+
+t_begin "check stderr has no errors" && {
+	check_stderr
+}
+
+t_begin "killing succeeds" && {
+	kill $unicorn_pid
+}
+
+t_begin "check stderr has no errors" && {
+	check_stderr
+}
+
+t_done

data/t/test-lib.sh

@@ -38,20 +38,29 @@ rtmpfiles () {
 	for id in "$@"
 	do
 		name=$id
-		_tmp=$t_pfx.$id
-		eval "$id=$_tmp"
 
 		case $name in
 		*fifo)
+			_tmp=$t_pfx.$id
+			eval "$id=$_tmp"
 			rm -f $_tmp
 			mkfifo $_tmp
 			T_RM_LIST="$T_RM_LIST $_tmp"
 			;;
 		*socket)
+			_tmp="$(mktemp -t $id.$$.XXXXXXXX)"
+			if test $(printf "$_tmp" |wc -c) -gt 108
+			then
+				echo >&2 "$_tmp too long, tests may fail"
+				echo >&2 "Try to set TMPDIR to a shorter path"
+			fi
+			eval "$id=$_tmp"
 			rm -f $_tmp
 			T_RM_LIST="$T_RM_LIST $_tmp"
 			;;
 		*)
+			_tmp=$t_pfx.$id
+			eval "$id=$_tmp"
 			> $_tmp
 			T_OK_RM_LIST="$T_OK_RM_LIST $_tmp"
 			;;
@@ -100,11 +109,5 @@ unicorn_wait_start () {
 }
 
 rsha1 () {
-	_cmd="$(which sha1sum 2>/dev/null || :)"
-	test -n "$_cmd" || _cmd="$(which openssl 2>/dev/null || :) sha1"
-	test "$_cmd" != " sha1" || _cmd="$(which gsha1sum 2>/dev/null || :)"
-
-	# last resort, see comments in sha1sum.rb for reasoning
-	test -n "$_cmd" || _cmd=sha1sum.rb
-	expr "$($_cmd)" : '\([a-f0-9]\{40\}\)'
+	sha1sum.rb
 }

data/test/rails/test_rails.rb

@@ -45,7 +45,10 @@ end
 
 ROR_V = UNICORN_RAILS_TEST_VERSION.split(/\./).map { |x| x.to_i }
 RB_V = RUBY_VERSION.split(/\./).map { |x| x.to_i }
-if RB_V[0] >= 1 && RB_V[1] >= 9
+if RB_V[0] >= 2
+  warn "skipping Ruby 2.0+ test with Rails <3"
+  do_test = false
+elsif RB_V[0] >= 1 && RB_V[1] >= 9
   if RB_V[2] >= 2
     warn "Ruby 1.9.2+ is not compatible with Rails 2.x"
     do_test = false

data/test/test_helper.rb

@@ -1,7 +1,8 @@
 # -*- encoding: binary -*-
 
 # Copyright (c) 2005 Zed A. Shaw 
-# You can redistribute it and/or modify it under the same terms as Ruby.
+# You can redistribute it and/or modify it under the same terms as Ruby 1.8 or
+# the GPLv3
 #
 # Additional work donated by contributors.  See http://mongrel.rubyforge.org/attributions.html 
 # for more information.
@@ -72,6 +73,7 @@ def hit(uris)
     res = nil
 
     if u.kind_of? String
+      u = 'http://127.0.0.1:8080/' if u == 'http://0.0.0.0:8080/'
       res = Net::HTTP.get(URI.parse(u))
     else
       url = URI.parse(u[0])

data/test/unit/test_http_parser.rb

@@ -1,7 +1,8 @@
 # -*- encoding: binary -*-
 
 # Copyright (c) 2005 Zed A. Shaw 
-# You can redistribute it and/or modify it under the same terms as Ruby.
+# You can redistribute it and/or modify it under the same terms as Ruby 1.8 or
+# the GPLv3
 #
 # Additional work donated by contributors.  See http://mongrel.rubyforge.org/attributions.html
 # for more information.

data/test/unit/test_http_parser_ng.rb

@@ -31,6 +31,14 @@ class HttpParserNgTest < Test::Unit::TestCase
     assert_raises(TypeError) { HttpParser.keepalive_requests = [] }
   end
 
+  def test_connection_TE
+    @parser.buf << "GET / HTTP/1.1\r\nHost: example.com\r\nConnection: TE\r\n"
+    @parser.buf << "TE: trailers\r\n\r\n"
+    assert_nothing_raised { @parser.parse }
+    assert @parser.keepalive?
+    assert @parser.next?
+  end
+
   def test_keepalive_requests_with_next?
     req = "GET / HTTP/1.1\r\nHost: example.com\r\n\r\n".freeze
     expect = {

data/test/unit/test_request.rb

@@ -1,7 +1,8 @@
 # -*- encoding: binary -*-
 
 # Copyright (c) 2009 Eric Wong
-# You can redistribute it and/or modify it under the same terms as Ruby.
+# You can redistribute it and/or modify it under the same terms as Ruby 1.8 or
+# the GPLv3
 
 require 'test/test_helper'
 

data/test/unit/test_response.rb

@@ -1,7 +1,8 @@
 # -*- encoding: binary -*-
 
 # Copyright (c) 2005 Zed A. Shaw 
-# You can redistribute it and/or modify it under the same terms as Ruby.
+# You can redistribute it and/or modify it under the same terms as Ruby 1.8 or
+# the GPLv3
 #
 # Additional work donated by contributors.  See http://mongrel.rubyforge.org/attributions.html 
 # for more information.

data/test/unit/test_server.rb

@@ -1,7 +1,8 @@
 # -*- encoding: binary -*-
 
 # Copyright (c) 2005 Zed A. Shaw 
-# You can redistribute it and/or modify it under the same terms as Ruby.
+# You can redistribute it and/or modify it under the same terms as Ruby 1.8 or
+# the GPLv3
 #
 # Additional work donated by contributors.  See http://mongrel.rubyforge.org/attributions.html
 # for more information.

data/test/unit/test_signals.rb

@@ -1,7 +1,8 @@
 # -*- encoding: binary -*-
 
 # Copyright (c) 2009 Eric Wong
-# You can redistribute it and/or modify it under the same terms as Ruby.
+# You can redistribute it and/or modify it under the same terms as Ruby 1.8 or
+# the GPLv3
 #
 # Ensure we stay sane in the face of signals being sent to us
 

data/test/unit/test_sni_hostnames.rb

@@ -0,0 +1,47 @@
+# -*- encoding: binary -*-
+require "test/unit"
+require "unicorn"
+
+# this tests an implementation detail, it may change so this test
+# can be removed later.
+class TestSniHostnames < Test::Unit::TestCase
+  include Unicorn::SSLServer
+
+  def setup
+    GC.start
+  end
+
+  def teardown
+    GC.start
+  end
+
+  def test_host_name_detect_one
+    app = Rack::Builder.new do
+      map "http://sni1.example.com/" do
+        use Rack::ContentLength
+        use Rack::ContentType, "text/plain"
+        run lambda { |env| [ 200, {}, [] ] }
+      end
+    end.to_app
+    hostnames = rack_sni_hostnames(app)
+    assert hostnames.include?("sni1.example.com")
+  end
+
+  def test_host_name_detect_multiple
+    app = Rack::Builder.new do
+      map "http://sni2.example.com/" do
+        use Rack::ContentLength
+        use Rack::ContentType, "text/plain"
+        run lambda { |env| [ 200, {}, [] ] }
+      end
+      map "http://sni3.example.com/" do
+        use Rack::ContentLength
+        use Rack::ContentType, "text/plain"
+        run lambda { |env| [ 200, {}, [] ] }
+      end
+    end.to_app
+    hostnames = rack_sni_hostnames(app)
+    assert hostnames.include?("sni2.example.com")
+    assert hostnames.include?("sni3.example.com")
+  end
+end

data/unicorn.gemspec

@@ -34,11 +34,11 @@ Gem::Specification.new do |s|
   # commented out.  Nevertheless, upgrading to Rails 2.3.4 or later is
   # *strongly* recommended for security reasons.
   s.add_dependency(%q<rack>)
-  s.add_dependency(%q<kgio>, '~> 2.4')
-  s.add_dependency(%q<raindrops>, '~> 0.6')
+  s.add_dependency(%q<kgio>, '~> 2.6')
+  s.add_dependency(%q<raindrops>, '~> 0.7')
 
-  s.add_development_dependency('isolate', '~> 3.1')
-  s.add_development_dependency('wrongdoc', '~> 1.6')
+  s.add_development_dependency('isolate', '~> 3.2')
+  s.add_development_dependency('wrongdoc', '~> 1.6.1')
 
   # s.licenses = %w(GPLv2 Ruby) # licenses= method is not in older RubyGems
 end

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: unicorn
 version: !ruby/object:Gem::Version 
-  hash: 57
+  hash: 55
   prerelease: 
   segments: 
   - 4
-  - 1
-  - 1
-  version: 4.1.1
+  - 2
+  - 0
+  version: 4.2.0
 platform: ruby
 authors: 
 - Unicorn hackers
@@ -15,7 +15,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2011-08-25 00:00:00 Z
+date: 2012-01-28 00:00:00 Z
 dependencies: 
 - !ruby/object:Gem::Dependency 
   name: rack
@@ -39,11 +39,11 @@ dependencies:
     requirements: 
     - - ~>
       - !ruby/object:Gem::Version 
-        hash: 11
+        hash: 15
         segments: 
         - 2
-        - 4
-        version: "2.4"
+        - 6
+        version: "2.6"
   type: :runtime
   version_requirements: *id002
 - !ruby/object:Gem::Dependency 
@@ -54,11 +54,11 @@ dependencies:
     requirements: 
     - - ~>
       - !ruby/object:Gem::Version 
-        hash: 7
+        hash: 5
         segments: 
         - 0
-        - 6
-        version: "0.6"
+        - 7
+        version: "0.7"
   type: :runtime
   version_requirements: *id003
 - !ruby/object:Gem::Dependency 
@@ -69,11 +69,11 @@ dependencies:
     requirements: 
     - - ~>
       - !ruby/object:Gem::Version 
-        hash: 5
+        hash: 3
         segments: 
         - 3
-        - 1
-        version: "3.1"
+        - 2
+        version: "3.2"
   type: :development
   version_requirements: *id004
 - !ruby/object:Gem::Dependency 
@@ -84,11 +84,12 @@ dependencies:
     requirements: 
     - - ~>
       - !ruby/object:Gem::Version 
-        hash: 3
+        hash: 13
         segments: 
         - 1
         - 6
-        version: "1.6"
+        - 1
+        version: 1.6.1
   type: :development
   version_requirements: *id005
 description: |-
@@ -201,6 +202,9 @@ files:
 - lib/unicorn/oob_gc.rb
 - lib/unicorn/preread_input.rb
 - lib/unicorn/socket_helper.rb
+- lib/unicorn/ssl_client.rb
+- lib/unicorn/ssl_configurator.rb
+- lib/unicorn/ssl_server.rb
 - lib/unicorn/stream_input.rb
 - lib/unicorn/tee_input.rb
 - lib/unicorn/tmpio.rb
@@ -258,6 +262,7 @@ files:
 - t/rails3-app/test/performance/browsing_test.rb
 - t/rails3-app/test/test_helper.rb
 - t/rails3-app/vendor/plugins/.gitkeep
+- t/sslgen.sh
 - t/t0000-http-basic.sh
 - t/t0001-reload-bad-config.sh
 - t/t0002-config-conflict.sh
@@ -293,6 +298,7 @@ files:
 - t/t0302-rails3-alt-working_directory.sh
 - t/t0303-rails3-alt-working_directory_config.ru.sh
 - t/t0304-rails3-alt-working_directory_no_embed_cli.sh
+- t/t0600-https-server-basic.sh
 - t/t9000-preread-input.sh
 - t/t9001-oob_gc.sh
 - t/t9002-oob_gc-path.sh
@@ -376,6 +382,7 @@ files:
 - test/unit/test_response.rb
 - test/unit/test_server.rb
 - test/unit/test_signals.rb
+- test/unit/test_sni_hostnames.rb
 - test/unit/test_socket_helper.rb
 - test/unit/test_stream_input.rb
 - test/unit/test_tee_input.rb
@@ -414,7 +421,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
 requirements: []
 
 rubyforge_project: mongrel
-rubygems_version: 1.8.5
+rubygems_version: 1.8.11
 signing_key: 
 specification_version: 3
 summary: Rack HTTP server for fast clients and Unix
@@ -426,4 +433,5 @@ test_files:
 - test/unit/test_request.rb
 - test/unit/test_response.rb
 - test/unit/test_server.rb
+- test/unit/test_sni_hostnames.rb
 - test/unit/test_util.rb