From 8e4580abbf0fe1aad7e663622dcec03caae228ad Mon Sep 17 00:00:00 2001 From: Frank Wong Date: Sat, 23 Apr 2016 16:16:06 +0800 Subject: [PATCH] Fix puma/puma#968 Cannot bind SSL port due to missing verify_mode option --- lib/puma/binder.rb | 28 +++++++++++++++------------- lib/puma/dsl.rb | 4 ++-- 2 files changed, 17 insertions(+), 15 deletions(-) diff --git a/lib/puma/binder.rb b/lib/puma/binder.rb index 977d87f2..7e44f064 100644 --- a/lib/puma/binder.rb +++ b/lib/puma/binder.rb @@ -179,20 +179,22 @@ module Puma end ctx.ca = params['ca'] if params['ca'] + end - if params['verify_mode'] - ctx.verify_mode = case params['verify_mode'] - when "peer" - MiniSSL::VERIFY_PEER - when "force_peer" - MiniSSL::VERIFY_PEER | MiniSSL::VERIFY_FAIL_IF_NO_PEER_CERT - when "none" - MiniSSL::VERIFY_NONE - else - @events.error "Please specify a valid verify_mode=" - MiniSSL::VERIFY_NONE - end - end + if params['verify_mode'] + ctx.verify_mode = case params['verify_mode'] + when "peer" + MiniSSL::VERIFY_PEER + when "force_peer" + MiniSSL::VERIFY_PEER | MiniSSL::VERIFY_FAIL_IF_NO_PEER_CERT + when "none" + MiniSSL::VERIFY_NONE + else + @events.error "Please specify a valid verify_mode=" + MiniSSL::VERIFY_NONE + end + else + ctx.verify_mode = MiniSSL::VERIFY_NONE end if fd = @inherited_fds.delete(str) diff --git a/lib/puma/dsl.rb b/lib/puma/dsl.rb index 6d8ad895..ba3a750e 100644 --- a/lib/puma/dsl.rb +++ b/lib/puma/dsl.rb @@ -259,9 +259,9 @@ module Puma def ssl_bind(host, port, opts) if defined?(JRUBY_VERSION) keystore_additions = "keystore=#{opts[:keystore]}&keystore-pass=#{opts[:keystore_pass]}" - bind "ssl://#{host}:#{port}?cert=#{opts[:cert]}&key=#{opts[:key]}&#{keystore_additions}" + bind "ssl://#{host}:#{port}?cert=#{opts[:cert]}&key=#{opts[:key]}&#{keystore_additions}&verify_mode=#{opts[:verify_mode] || 'none'}" else - bind "ssl://#{host}:#{port}?cert=#{opts[:cert]}&key=#{opts[:key]}" + bind "ssl://#{host}:#{port}?cert=#{opts[:cert]}&key=#{opts[:key]}&verify_mode=#{opts[:verify_mode] || 'none'}" end end