`rake ragel` failed due to renaming the ragel machine from
`http_parser` to `puma_parser` in 3726b7ef19.
The problem was probably overseen since the file
http11_parser.java.rl has not been touched at this commit
and therefore the rake task did not invoke the parser
generation for the java parser.
Adds support for `verify_mode` to configure client authentication when running under JRuby.
Things to note:
- Assumes the CA used to verify client certs is in the same java
keystore file that is used when setting up the HTTPS TLS listener. We
could split this out, but not sure if it's necessary.
- Friendly/helpful error messages explaining why the verification failed
are not present in the same way they are in the CRuby/OpenSSL code
path. I'm not sure how to make them available.
- I did not include any code to create the `keystore.jks` file in the
`examples/puma/client-certs` directory because I didn't see any
existing code to create the `examples/puma/keystore.jks` file. The
commands to create this keystore would be:
```
cd examples/puma/client-certs
openssl pkcs12 -chain -CAfile ./ca.crt -export -password pass:blahblah -inkey server.key -in server.crt -name server -out server.p12
keytool -importkeystore -srckeystore server.p12 -srcstoretype pkcs12 -srcstorepass blahblah -destkeystore keystore.jks -deststoretype JKS -storepass blahblah
keytool -importcert -alias ca -noprompt -trustcacerts -file ca.crt -keystore keystore.jks -storepass blahblah
```
The parser stores headers in a Ruby hash table so that when a header
is found twice its value replaces the old one. As per RFC[1] this is
not correct, since duplicated headers should all be considered. In
particular, they are semantically equivalent to a single header with
comma separated values. In this case, we follow existing practice of
joining values with a comma and a single space character.
[1] See RFC2616 section 4.2:
http://www.w3.org/Protocols/rfc2616/rfc2616-sec4.html#sec4.2
Previously, even when not debugging, we were doing work to compose the
log messages. Delete these diagnostic messages to keep things as fast
and lean as possible.
Both the C and JRuby SSL implementations would hang on a bad handshake
because they were not producing the EOF expected in that case.
Update their error handling to behave correctly here (note:
`test_ssl_v3_rejection` covers this).
- Implement MiniSSL for JRuby
- Modify `Binder` and `MiniSSL::Context` to to accommodate the fact
that Java SSL demands a java keystore rather than a key/cert pair
- Change the MiniSSL native extension interface to take a
`MiniSSL::Context` rather than a key/cert pair so that each extension
can grab keys off the context as appropriate
* Rename Mongrel to Puma and move files appropriately
* Add HttParser11#body method
* Fix native.rake to not attempt C ext under JRuby
* Mask out all of test_unix_socket.rb under JRuby
