kotovalexarian-likes-github/puma--puma
1
0
Fork 0
mirror of https://github.com/puma/puma.git synced 2022-11-09 13:48:40 -05:00
Code Releases Activity
1906 commits 39 branches 142 tags 14 MiB
Commit graph

15 commits

Author SHA1 Message Date
Evan Phoenix
302954190c Make building with SSL support optional 2015-09-18 09:43:51 -07:00
Julian Langschaedel
e8d25b30f3 ssl: Add Client Side Certificate Auth 
Add Client Side Certificate Auth feature and handling to puma's MiniSSL. Also exposes SSL errors to puma/apps.

 compatibility notes: MRI only

 shell example:

   puma -b 'ssl://127.0.0.1:9292?key=path_to_key&cert=path_to_cert&ca=path_to_ca&verify_mode=force_peer'

 code example: (examples/client_side_ssl)

    app = proc {|env| p env['puma.peercert']; [200, {}, ["hey"]] }

    events = SSLEvents.new($stdout, $stderr)
    server = Puma::Server.new(app, events)

    admin_context             = Puma::MiniSSL::Context.new
    admin_context.key         = KEY_PATH
    admin_context.cert        = CERT_PATH
    admin_context.ca          = CA_CERT_PATH
    admin_context.verify_mode = Puma::MiniSSL::VERIFY_PEER | Puma::MiniSSL::VERIFY_FAIL_IF_NO_PEER_CERT

    server.add_ssl_listener("0.0.0.0", ADMIN_PORT, admin_context)
    server.min_threads = MIN_THREADS
    server.max_threads = MAX_THREADS
    server.persistent_timeout = IDLE_TIMEOUT
    server.run.join

 additional credits: Andy Alness <andy.alness@gmail.com>
 2015-06-06 23:15:00 +02:00
Daniel Marcotte
abcce826d1 Remove enable_SSLv3 support from JRuby 
The C implementation has not supported SSLv3 at all since #591, and
SSLv3 is disabled by default in java now
(http://www.oracle.com/technetwork/java/javase/documentation/cve-2014-3566-2342133.html)
so we can drop support from JRuby.
 2015-05-01 16:49:48 -07:00
Daniel Marcotte
8eee16d445 JRuby SSL POODLE update 
Default SSLv3 to disabled in response to the POODLE vulnerability.
 2014-10-15 20:04:58 -07:00
Daniel Marcotte
c54807700c Add SSL support for JRuby 
- Implement MiniSSL for JRuby

- Modify `Binder` and `MiniSSL::Context` to to accommodate the fact
that Java SSL demands a java keystore rather than a key/cert pair

- Change the MiniSSL native extension interface to take a
`MiniSSL::Context` rather than a key/cert pair so that each extension
can grab keys off the context as appropriate
 2014-05-05 14:30:15 -07:00
Colin J. Fuller
6e914cf02d Fix for issue 350. 
Within MiniSSL#read_nonblock it was possible for all data to be read from the
network connection but only partially read from the engine on the first
attempt.  This could lead to a hang during a later IO.select call because no more data
was being sent over the socket but the request could not be processed because
all the data hadn't been read from the engine.

Changed read nonblock to repeatedly attempt to read from the engine until there
is nothing more ready to read.
 2013-11-24 19:57:12 -08:00
Evan Phoenix
d996daa15a Handle all engine data when possible. Fixes #251. 2013-06-17 23:20:54 -07:00
Ward Vandewege
eac3cc7f82 Make sure to use bytesize instead of size when writing data in the 
MiniSSL's write.

@engine.write reports bytes written, not characters written.
 2013-05-06 14:32:03 -04:00
Evan Phoenix
db01585874 Fixup some tests to pass in travis 2013-03-18 16:20:37 -07:00
rubiii
30ea3d0506 made MiniSSL validate key/cert file existence 
Previously, MiniSSL accepted invalid paths for the key/cert file
and timed out on the first request. Now, MiniSSL raises an ArgumentError
if one of these files does not exist.

Fix for puma/puma#168
 2012-11-30 13:52:05 +01:00
Evan Phoenix
9114e3c9d2 Add proper methods for nonblocking 2012-09-10 08:50:43 -07:00
Jingwen Owen Ou
6a5b30ea30 Move singleton method to MiniSSL.java 2012-08-23 20:06:18 -07:00
Evan Phoenix
e191003fc4 Start java version of MiniSSL 2012-08-23 16:56:37 -07:00
Evan Phoenix
f38678f2d7 Handle SSL eof and nonblocking 2012-08-22 22:34:10 -07:00
Evan Phoenix
17a058a158 Minor cleanup and properly scope 2012-08-22 22:12:12 -07:00
Renamed from lib/minissl.rb (Browse further)