mirror of
https://github.com/puma/puma.git
synced 2022-11-09 13:48:40 -05:00
Use OpenSSL DTLS_method & TLS_server_method when available (#1832)
* Add extconf test for DTLS_method & use in mini_ssl.c * Rakefile - use require_relative for 'lib/puma/detect' * Add Trusty OpenSSL 1.0.1 job to Travis * Add extconf test for TLS_server_method & use in mini_ssl.c
This commit is contained in:
MSP-Greg
Nate Berkopec
parent
12d1706ddc
commit
18140082d6
5 changed files with 23 additions and 4 deletions
|
|
@ -35,6 +35,9 @@ rvm:
|
||||||
matrix:
|
matrix:
|
||||||
fast_finish: true
|
fast_finish: true
|
||||||
include:
|
include:
|
||||||
|
- rvm: 2.2
|
||||||
|
dist: trusty
|
||||||
|
env: NOTES="Trusty OpenSSL 1.0.1"
|
||||||
- rvm: ruby-head
|
- rvm: ruby-head
|
||||||
env: RUBYOPT="--jit"
|
env: RUBYOPT="--jit"
|
||||||
- rvm: 2.4.6
|
- rvm: 2.4.6
|
||||||
|
|
|
||||||
|
|
@ -1,7 +1,9 @@
|
||||||
## Master
|
## Master
|
||||||
|
|
||||||
x features
|
x features
|
||||||
x bugfixes
|
|
||||||
|
* ? bugfixes
|
||||||
|
* Add extconf tests for DTLS_method & TLS_server_method, use in minissl.rb. (#1832)
|
||||||
|
|
||||||
## 4.0.0 / 2019-06-25
|
## 4.0.0 / 2019-06-25
|
||||||
|
|
||||||
|
|
|
||||||
2
Rakefile
2
Rakefile
|
|
@ -3,7 +3,7 @@ require "rake/testtask"
|
||||||
require "rake/extensiontask"
|
require "rake/extensiontask"
|
||||||
require "rake/javaextensiontask"
|
require "rake/javaextensiontask"
|
||||||
require "rubocop/rake_task"
|
require "rubocop/rake_task"
|
||||||
require 'puma/detect'
|
require_relative 'lib/puma/detect'
|
||||||
require 'rubygems/package_task'
|
require 'rubygems/package_task'
|
||||||
require 'bundler/gem_tasks'
|
require 'bundler/gem_tasks'
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -9,6 +9,14 @@ unless ENV["DISABLE_SSL"]
|
||||||
%w'ssl ssleay32'.find {|ssl| have_library(ssl, 'SSL_CTX_new')}
|
%w'ssl ssleay32'.find {|ssl| have_library(ssl, 'SSL_CTX_new')}
|
||||||
|
|
||||||
have_header "openssl/bio.h"
|
have_header "openssl/bio.h"
|
||||||
|
|
||||||
|
# below is yes for 1.0.2 & later
|
||||||
|
have_func "DTLS_method" , "openssl/ssl.h"
|
||||||
|
|
||||||
|
# below are yes for 1.1.0 & later, may need to check func rather than macro
|
||||||
|
# with versions after 1.1.1
|
||||||
|
have_func "TLS_server_method" , "openssl/ssl.h"
|
||||||
|
have_macro "SSL_CTX_set_min_proto_version", "openssl/ssl.h"
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -168,8 +168,11 @@ VALUE engine_init_server(VALUE self, VALUE mini_ssl_ctx) {
|
||||||
ID sym_no_tlsv1 = rb_intern("no_tlsv1");
|
ID sym_no_tlsv1 = rb_intern("no_tlsv1");
|
||||||
VALUE no_tlsv1 = rb_funcall(mini_ssl_ctx, sym_no_tlsv1, 0);
|
VALUE no_tlsv1 = rb_funcall(mini_ssl_ctx, sym_no_tlsv1, 0);
|
||||||
|
|
||||||
|
#ifdef HAVE_TLS_SERVER_METHOD
|
||||||
|
ctx = SSL_CTX_new(TLS_server_method());
|
||||||
|
#else
|
||||||
ctx = SSL_CTX_new(SSLv23_server_method());
|
ctx = SSL_CTX_new(SSLv23_server_method());
|
||||||
|
#endif
|
||||||
conn->ctx = ctx;
|
conn->ctx = ctx;
|
||||||
|
|
||||||
SSL_CTX_use_certificate_chain_file(ctx, RSTRING_PTR(cert));
|
SSL_CTX_use_certificate_chain_file(ctx, RSTRING_PTR(cert));
|
||||||
|
|
@ -232,8 +235,11 @@ VALUE engine_init_server(VALUE self, VALUE mini_ssl_ctx) {
|
||||||
VALUE engine_init_client(VALUE klass) {
|
VALUE engine_init_client(VALUE klass) {
|
||||||
VALUE obj;
|
VALUE obj;
|
||||||
ms_conn* conn = engine_alloc(klass, &obj);
|
ms_conn* conn = engine_alloc(klass, &obj);
|
||||||
|
#ifdef HAVE_DTLS_METHOD
|
||||||
conn->ctx = SSL_CTX_new(DTLS_method());
|
conn->ctx = SSL_CTX_new(DTLS_method());
|
||||||
|
#else
|
||||||
|
conn->ctx = SSL_CTX_new(DTLSv1_method());
|
||||||
|
#endif
|
||||||
conn->ssl = SSL_new(conn->ctx);
|
conn->ssl = SSL_new(conn->ctx);
|
||||||
SSL_set_app_data(conn->ssl, NULL);
|
SSL_set_app_data(conn->ssl, NULL);
|
||||||
SSL_set_verify(conn->ssl, SSL_VERIFY_NONE, NULL);
|
SSL_set_verify(conn->ssl, SSL_VERIFY_NONE, NULL);
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue