mirror of
https://github.com/ruby/ruby.git
synced 2022-11-09 12:17:21 -05:00
a6c13d08d7
* lib/webrick/https.rb: check ssl context of virtual host. * lib/webrick/ssl.rb: ensure to return ssl context. * test/webrick/test_https.rb: test returned cert is correct. [Feature #13729][ruby-dev:50173] Author: Tietew <tietew@gmail.com> git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@59351 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
152 lines
3.1 KiB
Ruby
152 lines
3.1 KiB
Ruby
# frozen_string_literal: false
|
|
#
|
|
# https.rb -- SSL/TLS enhancement for HTTPServer
|
|
#
|
|
# Author: IPR -- Internet Programming with Ruby -- writers
|
|
# Copyright (c) 2001 GOTOU Yuuzou
|
|
# Copyright (c) 2002 Internet Programming with Ruby writers. All rights
|
|
# reserved.
|
|
#
|
|
# $IPR: https.rb,v 1.15 2003/07/22 19:20:42 gotoyuzo Exp $
|
|
|
|
require 'webrick/ssl'
|
|
require 'webrick/httpserver'
|
|
|
|
module WEBrick
|
|
module Config
|
|
HTTP.update(SSL)
|
|
end
|
|
|
|
##
|
|
#--
|
|
# Adds SSL functionality to WEBrick::HTTPRequest
|
|
|
|
class HTTPRequest
|
|
|
|
##
|
|
# HTTP request SSL cipher
|
|
|
|
attr_reader :cipher
|
|
|
|
##
|
|
# HTTP request server certificate
|
|
|
|
attr_reader :server_cert
|
|
|
|
##
|
|
# HTTP request client certificate
|
|
|
|
attr_reader :client_cert
|
|
|
|
# :stopdoc:
|
|
|
|
alias orig_parse parse
|
|
|
|
def parse(socket=nil)
|
|
if socket.respond_to?(:cert)
|
|
@server_cert = socket.cert || @config[:SSLCertificate]
|
|
@client_cert = socket.peer_cert
|
|
@client_cert_chain = socket.peer_cert_chain
|
|
@cipher = socket.cipher
|
|
end
|
|
orig_parse(socket)
|
|
end
|
|
|
|
alias orig_parse_uri parse_uri
|
|
|
|
def parse_uri(str, scheme="https")
|
|
if server_cert
|
|
return orig_parse_uri(str, scheme)
|
|
end
|
|
return orig_parse_uri(str)
|
|
end
|
|
private :parse_uri
|
|
|
|
alias orig_meta_vars meta_vars
|
|
|
|
def meta_vars
|
|
meta = orig_meta_vars
|
|
if server_cert
|
|
meta["HTTPS"] = "on"
|
|
meta["SSL_SERVER_CERT"] = @server_cert.to_pem
|
|
meta["SSL_CLIENT_CERT"] = @client_cert ? @client_cert.to_pem : ""
|
|
if @client_cert_chain
|
|
@client_cert_chain.each_with_index{|cert, i|
|
|
meta["SSL_CLIENT_CERT_CHAIN_#{i}"] = cert.to_pem
|
|
}
|
|
end
|
|
meta["SSL_CIPHER"] = @cipher[0]
|
|
meta["SSL_PROTOCOL"] = @cipher[1]
|
|
meta["SSL_CIPHER_USEKEYSIZE"] = @cipher[2].to_s
|
|
meta["SSL_CIPHER_ALGKEYSIZE"] = @cipher[3].to_s
|
|
end
|
|
meta
|
|
end
|
|
|
|
# :startdoc:
|
|
end
|
|
|
|
##
|
|
#--
|
|
# Fake WEBrick::HTTPRequest for lookup_server
|
|
|
|
class SNIRequest
|
|
|
|
##
|
|
# The SNI hostname
|
|
|
|
attr_reader :host
|
|
|
|
##
|
|
# The socket address of the server
|
|
|
|
attr_reader :addr
|
|
|
|
##
|
|
# The port this request is for
|
|
|
|
attr_reader :port
|
|
|
|
##
|
|
# Creates a new SNIRequest.
|
|
|
|
def initialize(sslsocket, hostname)
|
|
@host = hostname
|
|
@addr = sslsocket.addr
|
|
@port = @addr[1]
|
|
end
|
|
end
|
|
|
|
|
|
##
|
|
#--
|
|
# Adds SSL functionality to WEBrick::HTTPServer
|
|
|
|
class HTTPServer < ::WEBrick::GenericServer
|
|
##
|
|
# ServerNameIndication callback
|
|
|
|
def ssl_servername_callback(sslsocket, hostname = nil)
|
|
req = SNIRequest.new(sslsocket, hostname)
|
|
server = lookup_server(req)
|
|
server ? server.ssl_context : nil
|
|
end
|
|
|
|
# :stopdoc:
|
|
|
|
##
|
|
# Check whether +server+ is also SSL server.
|
|
# Also +server+'s SSL context will be created.
|
|
|
|
alias orig_virtual_host virtual_host
|
|
|
|
def virtual_host(server)
|
|
if @config[:SSLEnable] && !server.ssl_context
|
|
raise ArgumentError, "virtual host must set SSLEnable to true"
|
|
end
|
|
orig_virtual_host(server)
|
|
end
|
|
|
|
# :startdoc:
|
|
end
|
|
end
|