* Fail hard if SSL certs or keys cannot be read by user
Previously if an SSL cert or key could not be read, Puma would bind to
the configured SSL port but not accept any connections. The only
indication that something went awry is an obscure log message:
```
#<Puma::MiniSSL::SSLError: OpenSSL error: error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher - 193>
```
We now fail hard with an exception if this happens to make it clear
that the permissions need to be fixed.
Relates to https://github.com/puma/puma/issues/1339
* minissl.rb - add check_file method
Co-authored-by: MSP-Greg <Greg.mpls@gmail.com>
* Fix deprecation warning
DEPRECATED: Use assert_nil if expecting nil from test/test_binder.rb:265. This will fail in Minitest 6.
* Extend MiniSSL with support for cert_pem and key_pem
* Extend Puma ssl_bind DSL with support for cert_pem and cert_key
* Make some variables in binder test more readable
running `rake` loads all files starting with `test_` which is not supposed to also load the helper,
since the helper should be loaded by each test and is not a test itself.
* Bump minitest version.
* Add basic test helper file.
* Use minitest for web server tests.
* Use Minitest for unix socket tests.
* Use Minitest for ThreadPool tests.
* Use Minitest for TCP-Rack tests
* Use Minitest for TCPLogger tests.
* Add missing helper to test helpers.
* Use Minitest for Rack server tests.
* Use Minitest for Rack handler tests.
* Use Minitest for Puma::Server tests.
* Use Minitest for Puma::Server with SSL tests.
* Use Minitest for persisten connections tests.
* Require puma in test_helper file.
* Use minitest for Puma::NullIO tests.
* Remove unnecessary requires on test files.
* Use Minitest for MiniSSL tests.
* Use Minitest for IOBuffer tests.
* Require bundler/setup in Rakefile.
* Use Minitest for HttpParser tests.
* Use Minitest for Puma::Configuration tests.
* Use Minitest for Puma::CLI tests.
* Bump Minitest version for Ruby 2.1 Gemfile.
* Use Minitest for integration tests.
* Use Minitest for Puma::App::Status tests.
* Remove test-unit from Gemfiles.
* Add timeout helper to Minitest::Test.
* Use Minitest for Puma::Binder tests.
* Remove testhelp file.
* Add missing require to Puma::Binder tests.
* Prefer require instead of require_relative.
- Implement MiniSSL for JRuby
- Modify `Binder` and `MiniSSL::Context` to to accommodate the fact
that Java SSL demands a java keystore rather than a key/cert pair
- Change the MiniSSL native extension interface to take a
`MiniSSL::Context` rather than a key/cert pair so that each extension
can grab keys off the context as appropriate
Previously, MiniSSL accepted invalid paths for the key/cert file
and timed out on the first request. Now, MiniSSL raises an ArgumentError
if one of these files does not exist.
Fix for puma/puma#168
Stan Hu