mirror of
https://github.com/puma/puma.git
synced 2022-11-09 13:48:40 -05:00
Use OpenSSL DTLS_method & TLS_server_method when available (#1832)
* Add extconf test for DTLS_method & use in mini_ssl.c * Rakefile - use require_relative for 'lib/puma/detect' * Add Trusty OpenSSL 1.0.1 job to Travis * Add extconf test for TLS_server_method & use in mini_ssl.c
This commit is contained in:
MSP-Greg
Nate Berkopec
parent
12d1706ddc
commit
18140082d6
5 changed files with 23 additions and 4 deletions
|
|
@ -35,6 +35,9 @@ rvm:
|
|||
matrix:
|
||||
fast_finish: true
|
||||
include:
|
||||
- rvm: 2.2
|
||||
dist: trusty
|
||||
env: NOTES="Trusty OpenSSL 1.0.1"
|
||||
- rvm: ruby-head
|
||||
env: RUBYOPT="--jit"
|
||||
- rvm: 2.4.6
|
||||
|
|
|
|||
|
|
@ -1,7 +1,9 @@
|
|||
## Master
|
||||
|
||||
x features
|
||||
x bugfixes
|
||||
|
||||
* ? bugfixes
|
||||
* Add extconf tests for DTLS_method & TLS_server_method, use in minissl.rb. (#1832)
|
||||
|
||||
## 4.0.0 / 2019-06-25
|
||||
|
||||
|
|
|
|||
2
Rakefile
2
Rakefile
|
|
@ -3,7 +3,7 @@ require "rake/testtask"
|
|||
require "rake/extensiontask"
|
||||
require "rake/javaextensiontask"
|
||||
require "rubocop/rake_task"
|
||||
require 'puma/detect'
|
||||
require_relative 'lib/puma/detect'
|
||||
require 'rubygems/package_task'
|
||||
require 'bundler/gem_tasks'
|
||||
|
||||
|
|
|
|||
|
|
@ -9,6 +9,14 @@ unless ENV["DISABLE_SSL"]
|
|||
%w'ssl ssleay32'.find {|ssl| have_library(ssl, 'SSL_CTX_new')}
|
||||
|
||||
have_header "openssl/bio.h"
|
||||
|
||||
# below is yes for 1.0.2 & later
|
||||
have_func "DTLS_method" , "openssl/ssl.h"
|
||||
|
||||
# below are yes for 1.1.0 & later, may need to check func rather than macro
|
||||
# with versions after 1.1.1
|
||||
have_func "TLS_server_method" , "openssl/ssl.h"
|
||||
have_macro "SSL_CTX_set_min_proto_version", "openssl/ssl.h"
|
||||
end
|
||||
end
|
||||
|
||||
|
|
|
|||
|
|
@ -168,8 +168,11 @@ VALUE engine_init_server(VALUE self, VALUE mini_ssl_ctx) {
|
|||
ID sym_no_tlsv1 = rb_intern("no_tlsv1");
|
||||
VALUE no_tlsv1 = rb_funcall(mini_ssl_ctx, sym_no_tlsv1, 0);
|
||||
|
||||
|
||||
#ifdef HAVE_TLS_SERVER_METHOD
|
||||
ctx = SSL_CTX_new(TLS_server_method());
|
||||
#else
|
||||
ctx = SSL_CTX_new(SSLv23_server_method());
|
||||
#endif
|
||||
conn->ctx = ctx;
|
||||
|
||||
SSL_CTX_use_certificate_chain_file(ctx, RSTRING_PTR(cert));
|
||||
|
|
@ -232,8 +235,11 @@ VALUE engine_init_server(VALUE self, VALUE mini_ssl_ctx) {
|
|||
VALUE engine_init_client(VALUE klass) {
|
||||
VALUE obj;
|
||||
ms_conn* conn = engine_alloc(klass, &obj);
|
||||
|
||||
#ifdef HAVE_DTLS_METHOD
|
||||
conn->ctx = SSL_CTX_new(DTLS_method());
|
||||
#else
|
||||
conn->ctx = SSL_CTX_new(DTLSv1_method());
|
||||
#endif
|
||||
conn->ssl = SSL_new(conn->ctx);
|
||||
SSL_set_app_data(conn->ssl, NULL);
|
||||
SSL_set_verify(conn->ssl, SSL_VERIFY_NONE, NULL);
|
||||
|
|
|
|||
Loading…
Reference in a new issue