kotovalexarian-likes-github/puma--puma
1
0
Fork 0
mirror of https://github.com/puma/puma.git synced 2022-11-09 13:48:40 -05:00
Code Releases Activity
1816 commits 39 branches 142 tags 14 MiB
Commit graph

5 commits

Author SHA1 Message Date
Julian Langschaedel
e8d25b30f3 ssl: Add Client Side Certificate Auth 
Add Client Side Certificate Auth feature and handling to puma's MiniSSL. Also exposes SSL errors to puma/apps.

 compatibility notes: MRI only

 shell example:

   puma -b 'ssl://127.0.0.1:9292?key=path_to_key&cert=path_to_cert&ca=path_to_ca&verify_mode=force_peer'

 code example: (examples/client_side_ssl)

    app = proc {|env| p env['puma.peercert']; [200, {}, ["hey"]] }

    events = SSLEvents.new($stdout, $stderr)
    server = Puma::Server.new(app, events)

    admin_context             = Puma::MiniSSL::Context.new
    admin_context.key         = KEY_PATH
    admin_context.cert        = CERT_PATH
    admin_context.ca          = CA_CERT_PATH
    admin_context.verify_mode = Puma::MiniSSL::VERIFY_PEER | Puma::MiniSSL::VERIFY_FAIL_IF_NO_PEER_CERT

    server.add_ssl_listener("0.0.0.0", ADMIN_PORT, admin_context)
    server.min_threads = MIN_THREADS
    server.max_threads = MAX_THREADS
    server.persistent_timeout = IDLE_TIMEOUT
    server.run.join

 additional credits: Andy Alness <andy.alness@gmail.com>
 2015-06-06 23:15:00 +02:00
Daniel Marcotte
abcce826d1 Remove enable_SSLv3 support from JRuby 
The C implementation has not supported SSLv3 at all since #591, and
SSLv3 is disabled by default in java now
(http://www.oracle.com/technetwork/java/javase/documentation/cve-2014-3566-2342133.html)
so we can drop support from JRuby.
 2015-05-01 16:49:48 -07:00
Daniel Marcotte
6995981303 Fix hang on bad SSL handshake 
Both the C and JRuby SSL implementations would hang on a bad handshake
because they were not producing the EOF expected in that case.
Update their error handling to behave correctly here (note:
`test_ssl_v3_rejection` covers this).
 2015-05-01 16:39:22 -07:00
Daniel Marcotte
8eee16d445 JRuby SSL POODLE update 
Default SSLv3 to disabled in response to the POODLE vulnerability.
 2014-10-15 20:04:58 -07:00
Daniel Marcotte
c54807700c Add SSL support for JRuby 
- Implement MiniSSL for JRuby

- Modify `Binder` and `MiniSSL::Context` to to accommodate the fact
that Java SSL demands a java keystore rather than a key/cert pair

- Change the MiniSSL native extension interface to take a
`MiniSSL::Context` rather than a key/cert pair so that each extension
can grab keys off the context as appropriate
 2014-05-05 14:30:15 -07:00