mirror of
https://github.com/puma/puma.git
synced 2022-11-09 13:48:40 -05:00
JRuby - Add Puma::MiniSSL::Engine#init? and #teardown methods, run all SSL tests (#2317)
Update MiniSSL.java and minissl.rb for JRuby Add Puma::MiniSSL::Engine#init? and #teardown methods
This commit is contained in:
parent
2710a6a071
commit
fa6e916fc0
4 changed files with 53 additions and 10 deletions
|
@ -1,5 +1,7 @@
|
|||
### Master
|
||||
* Bugfixes
|
||||
* JRuby - Add Puma::MiniSSL::Engine#init? and #teardown methods, run all SSL tests (#2317)
|
||||
* Improve shutdown reliability (#2312)
|
||||
* Resolve issue with threadpool waiting counter decrement when thread is killed
|
||||
* Constrain rake-compiler version to 0.9.4 to fix `ClassNotFound` exception when using MiniSSL with Java8.
|
||||
* Ensure that TCP_CORK is usable
|
||||
|
|
|
@ -120,6 +120,8 @@ public class MiniSSL extends RubyObject {
|
|||
}
|
||||
|
||||
private SSLEngine engine;
|
||||
private boolean closed;
|
||||
private boolean handshake;
|
||||
private MiniSSLBuffer inboundNetData;
|
||||
private MiniSSLBuffer outboundAppData;
|
||||
private MiniSSLBuffer outboundNetData;
|
||||
|
@ -157,6 +159,8 @@ public class MiniSSL extends RubyObject {
|
|||
SSLContext sslCtx = SSLContext.getInstance("TLS");
|
||||
|
||||
sslCtx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
|
||||
closed = false;
|
||||
handshake = false;
|
||||
engine = sslCtx.createSSLEngine();
|
||||
|
||||
String[] protocols;
|
||||
|
@ -240,14 +244,21 @@ public class MiniSSL extends RubyObject {
|
|||
// need to wait for more data to come in before we retry
|
||||
retryOp = false;
|
||||
break;
|
||||
default:
|
||||
// other cases are OK and CLOSED. We're done here.
|
||||
case CLOSED:
|
||||
closed = true;
|
||||
retryOp = false;
|
||||
break;
|
||||
default:
|
||||
// other case is OK. We're done here.
|
||||
retryOp = false;
|
||||
}
|
||||
if (res.getHandshakeStatus() == HandshakeStatus.FINISHED) {
|
||||
handshake = true;
|
||||
}
|
||||
}
|
||||
|
||||
// after each op, run any delegated tasks if needed
|
||||
if(engine.getHandshakeStatus() == HandshakeStatus.NEED_TASK) {
|
||||
if(res.getHandshakeStatus() == HandshakeStatus.NEED_TASK) {
|
||||
Runnable runnable;
|
||||
while ((runnable = engine.getDelegatedTask()) != null) {
|
||||
runnable.run();
|
||||
|
@ -271,13 +282,14 @@ public class MiniSSL extends RubyObject {
|
|||
|
||||
HandshakeStatus handshakeStatus = engine.getHandshakeStatus();
|
||||
boolean done = false;
|
||||
SSLEngineResult res = null;
|
||||
while (!done) {
|
||||
switch (handshakeStatus) {
|
||||
case NEED_WRAP:
|
||||
doOp(SSLOperation.WRAP, inboundAppData, outboundNetData);
|
||||
res = doOp(SSLOperation.WRAP, inboundAppData, outboundNetData);
|
||||
break;
|
||||
case NEED_UNWRAP:
|
||||
SSLEngineResult res = doOp(SSLOperation.UNWRAP, inboundNetData, inboundAppData);
|
||||
res = doOp(SSLOperation.UNWRAP, inboundNetData, inboundAppData);
|
||||
if (res.getStatus() == Status.BUFFER_UNDERFLOW) {
|
||||
// need more data before we can shake more hands
|
||||
done = true;
|
||||
|
@ -286,7 +298,9 @@ public class MiniSSL extends RubyObject {
|
|||
default:
|
||||
done = true;
|
||||
}
|
||||
handshakeStatus = engine.getHandshakeStatus();
|
||||
if (!done) {
|
||||
handshakeStatus = res.getHandshakeStatus();
|
||||
}
|
||||
}
|
||||
|
||||
if (inboundNetData.hasRemaining()) {
|
||||
|
@ -360,4 +374,21 @@ public class MiniSSL extends RubyObject {
|
|||
return getRuntime().getNil();
|
||||
}
|
||||
}
|
||||
|
||||
@JRubyMethod(name = "init?")
|
||||
public IRubyObject isInit(ThreadContext context) {
|
||||
return handshake ? getRuntime().getFalse() : getRuntime().getTrue();
|
||||
}
|
||||
|
||||
@JRubyMethod
|
||||
public IRubyObject shutdown() {
|
||||
if (closed || engine.isInboundDone() && engine.isOutboundDone()) {
|
||||
if (engine.isOutboundDone()) {
|
||||
engine.closeOutbound();
|
||||
}
|
||||
return getRuntime().getTrue();
|
||||
} else {
|
||||
return getRuntime().getFalse();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -197,6 +197,9 @@ module Puma
|
|||
end
|
||||
|
||||
if IS_JRUBY
|
||||
OPENSSL_NO_SSL3 = false
|
||||
OPENSSL_NO_TLS1 = false
|
||||
|
||||
class SSLError < StandardError
|
||||
# Define this for jruby even though it isn't used.
|
||||
end
|
||||
|
|
|
@ -23,10 +23,17 @@ DISABLE_SSL = begin
|
|||
Puma::MiniSSL.check
|
||||
# net/http (loaded in helper) does not necessarily load OpenSSL
|
||||
require "openssl" unless Object.const_defined? :OpenSSL
|
||||
if Puma::IS_JRUBY
|
||||
puts "", RUBY_DESCRIPTION, "RUBYOPT: #{ENV['RUBYOPT']}",
|
||||
" OpenSSL",
|
||||
"OPENSSL_LIBRARY_VERSION: #{OpenSSL::OPENSSL_LIBRARY_VERSION}",
|
||||
" OPENSSL_VERSION: #{OpenSSL::OPENSSL_VERSION}", ""
|
||||
else
|
||||
puts "", RUBY_DESCRIPTION, "RUBYOPT: #{ENV['RUBYOPT']}",
|
||||
" Puma::MiniSSL OpenSSL",
|
||||
"OPENSSL_LIBRARY_VERSION: #{Puma::MiniSSL::OPENSSL_LIBRARY_VERSION.ljust 32}#{OpenSSL::OPENSSL_LIBRARY_VERSION}",
|
||||
" OPENSSL_VERSION: #{Puma::MiniSSL::OPENSSL_VERSION.ljust 32}#{OpenSSL::OPENSSL_VERSION}", ""
|
||||
end
|
||||
rescue
|
||||
true
|
||||
else
|
||||
|
|
Loading…
Reference in a new issue