Julian Langschaedel
|
e8d25b30f3
|
ssl: Add Client Side Certificate Auth
Add Client Side Certificate Auth feature and handling to puma's MiniSSL. Also exposes SSL errors to puma/apps.
compatibility notes: MRI only
shell example:
puma -b 'ssl://127.0.0.1:9292?key=path_to_key&cert=path_to_cert&ca=path_to_ca&verify_mode=force_peer'
code example: (examples/client_side_ssl)
app = proc {|env| p env['puma.peercert']; [200, {}, ["hey"]] }
events = SSLEvents.new($stdout, $stderr)
server = Puma::Server.new(app, events)
admin_context = Puma::MiniSSL::Context.new
admin_context.key = KEY_PATH
admin_context.cert = CERT_PATH
admin_context.ca = CA_CERT_PATH
admin_context.verify_mode = Puma::MiniSSL::VERIFY_PEER | Puma::MiniSSL::VERIFY_FAIL_IF_NO_PEER_CERT
server.add_ssl_listener("0.0.0.0", ADMIN_PORT, admin_context)
server.min_threads = MIN_THREADS
server.max_threads = MAX_THREADS
server.persistent_timeout = IDLE_TIMEOUT
server.run.join
additional credits: Andy Alness <andy.alness@gmail.com>
|
2015-06-06 23:15:00 +02:00 |
|