Remove accept_nonblock.rb, add test_integration_ssl.rb (#2448)

History.md

@@ -5,6 +5,7 @@
   *  Adds max_fast_inline as a configuration option for the Server object (#2406)
 
 * Bugfixes
+  * Add Client#io_ok?, check before Reactor#register (#2432)
   * Fix hang on shutdown in refork (#2442)
   * Fix `Bundler::GemNotFound` errors for `nio4r` gem during phased restarts (#2427, #2018)
   * Server run thread safety fix (#2435) 
@@ -12,7 +13,9 @@
   * Cleanup daemonization in rc.d script (#2409)
 
 * Refactor
-  * queue_close.rb - refactor loading, move comment for docs
+  * Remove accept_nonblock.rb, add test_integration_ssl.rb (#2448)
+  * Refactor status.rb - dry it up a bit (#2450)
+  * queue_close.rb - refactor loading, move comment for docs (#2447)
   * Extract req/resp methods to new request.rb from server.rb (#2419)
   * Refactor Reactor and Client request buffering (#2279)
   * client.rb - remove JRuby specific 'finish' code (#2412)

lib/puma/accept_nonblock.rb

@@ -1,29 +0,0 @@
-# frozen_string_literal: true
-
-require 'openssl'
-
-module OpenSSL
-  module SSL
-    class SSLServer
-      unless public_method_defined? :accept_nonblock
-        def accept_nonblock
-          sock = @svr.accept_nonblock
-
-          begin
-            ssl = OpenSSL::SSL::SSLSocket.new(sock, @ctx)
-            ssl.sync_close = true
-            ssl.accept if @start_immediately
-            ssl
-          rescue SSLError => ex
-            if ssl
-              ssl.close
-            else
-              sock.close
-            end
-            raise ex
-          end
-        end
-      end
-    end
-  end
-end

lib/puma/binder.rb

@@ -12,7 +12,15 @@ module Puma
   if HAS_SSL
     require 'puma/minissl'
     require 'puma/minissl/context_builder'
-    require 'puma/accept_nonblock'
+
+    # Odd bug in 'pure Ruby' nio4r verion 2.5.2, which installs with Ruby 2.3.
+    # NIO doesn't create any OpenSSL objects, but it rescues an OpenSSL error.
+    # The bug was that it did not require openssl.
+    # @todo remove when Ruby 2.3 support is dropped
+    #
+    if windows? && RbConfig::CONFIG['ruby_version'] == '2.3.0'
+      require 'openssl'
+    end
   end
 
   class Binder

test/test_integration_ssl.rb

@@ -0,0 +1,92 @@
+require_relative 'helper'
+require_relative "helpers/integration"
+
+# These tests are used to verify that Puma works with SSL sockets.  Only
+# integration tests isolate the server from the test environment, so there
+# should be a few SSL tests.
+#
+# For instance, since other tests make use of 'client' SSLSockets created by
+# net/http, OpenSSL is loaded in the CI process.  By shelling out with IO.popen,
+# the server process isn't affected by whatever is loaded in the CI process.
+
+class TestIntegrationSSL < TestIntegration
+  parallelize_me! if ::Puma.mri?
+
+  require "net/http"
+  require "openssl"
+
+  def teardown
+    @server.close unless @server.closed?
+    @server = nil
+    super
+  end
+
+  def generate_config(opts = nil)
+    @bind_port = UniquePort.call
+    @control_tcp_port = UniquePort.call
+
+    config = <<RUBY
+#{opts}
+if ::Puma.jruby?
+  keystore =  '#{File.expand_path '../examples/puma/keystore.jks', __dir__}'
+  keystore_pass = 'jruby_puma'
+
+  ssl_bind '#{HOST}', '#{@bind_port}', {
+    keystore: keystore,
+    keystore_pass:  keystore_pass,
+    verify_mode: 'none'
+  }
+else
+  key  = '#{File.expand_path '../examples/puma/puma_keypair.pem', __dir__}'
+  cert = '#{File.expand_path '../examples/puma/cert_puma.pem', __dir__}'
+
+  ssl_bind '#{HOST}', '#{@bind_port}', {
+    cert: cert,
+    key:  key,
+    verify_mode: 'none'
+  }
+end
+
+activate_control_app 'tcp://#{HOST}:#{@control_tcp_port}', { auth_token: '#{TOKEN}' }
+
+app do |env|
+  [200, {}, [env['rack.url_scheme']]]
+end
+RUBY
+
+    config_file = Tempfile.new %w(config .rb)
+    config_file.write config
+    config_file.close
+    config_file.path
+  end
+
+  def start_server(opts = nil)
+    cmd = "#{BASE} bin/puma -C #{generate_config opts}"
+    @server = IO.popen cmd, 'r'
+    wait_for_server_to_boot
+    @pid = @server.pid
+
+    @http = Net::HTTP.new HOST, @bind_port
+    @http.use_ssl = true
+    @http.verify_mode = OpenSSL::SSL::VERIFY_NONE
+  end
+
+  def stop_server
+    sock = TCPSocket.new HOST, @control_tcp_port
+    @ios_to_close << sock
+    sock.syswrite "GET /stop?token=#{TOKEN} HTTP/1.1\r\n\r\n"
+    sock.read
+    assert_match 'Goodbye!', @server.read
+  end
+
+  def test_ssl_run
+    body = nil
+    start_server
+    @http.start do
+      req = Net::HTTP::Get.new '/', {}
+      @http.request(req) { |resp| body = resp.body }
+    end
+    assert_equal 'https', body
+    stop_server
+  end
+end if ::Puma::HAS_SSL