Check SSLContext better. Fixes #828

2022-11-09 13:48:40 -05:00 · 2016-07-24 14:29:23 -07:00 · 2016-07-24 14:29:23 -07:00 · 8648e057e4
commit 8648e057e4
parent 50ccba8a9e
2 changed files with 17 additions and 0 deletions
--- a/ext/puma_http11/mini_ssl.c
+++ b/ext/puma_http11/mini_ssl.c
@ -134,9 +134,13 @@ VALUE engine_init_server(VALUE self, VALUE mini_ssl_ctx) {
  ID sym_key = rb_intern("key");
  VALUE key = rb_funcall(mini_ssl_ctx, sym_key, 0);

+  StringValue(key);
+
  ID sym_cert = rb_intern("cert");
  VALUE cert = rb_funcall(mini_ssl_ctx, sym_cert, 0);

+  StringValue(cert);
+
  ID sym_ca = rb_intern("ca");
  VALUE ca = rb_funcall(mini_ssl_ctx, sym_ca, 0);

@ -150,6 +154,7 @@ VALUE engine_init_server(VALUE self, VALUE mini_ssl_ctx) {
  SSL_CTX_use_PrivateKey_file(ctx, RSTRING_PTR(key), SSL_FILETYPE_PEM);

  if (!NIL_P(ca)) {
+    StringValue(ca);
    SSL_CTX_load_verify_locations(ctx, RSTRING_PTR(ca), NULL);
  }
  
--- a/lib/puma/minissl.rb
+++ b/lib/puma/minissl.rb
@ -118,6 +118,11 @@ module Puma
          raise ArgumentError, "No such keystore file '#{keystore}'" unless File.exist? keystore
          @keystore = keystore
        end
+
+        def check
+          raise "Keystore not configured" unless @keystore
+        end
+
      else
        # non-jruby Context properties
        attr_reader :key
@ -138,6 +143,11 @@ module Puma
          raise ArgumentError, "No such ca file '#{ca}'" unless File.exist? ca
          @ca = ca
        end
+
+        def check
+          raise "Key not configured" unless @key
+          raise "Cert not configured" unless @cert
+        end
      end
    end

@ -156,6 +166,7 @@ module Puma
      end

      def accept
+        @ctx.check
        io = @socket.accept
        engine = Engine.server @ctx

@ -163,6 +174,7 @@ module Puma
      end

      def accept_nonblock
+        @ctx.check
        io = @socket.accept_nonblock
        engine = Engine.server @ctx