Re: [RFC] initial cut at OpenSSL support

[Eric Wong <e@80x24.org>]

Pushed OpenSSL support with a few (unrelated) minor fixes and cleanups

Eric Wong (4):
      extras/autoindex: simplify checking non-.gz
      Rakefile: kill more useless gsub use
      initial cut at OpenSSL support
      test/test_ssl: skip test if SSL on older Rubies

 Rakefile                    |  4 +--
 extras/autoindex.rb         |  4 ++-
 lib/yahns/config.rb         |  2 ++
 lib/yahns/openssl_client.rb | 52 +++++++++++++++++++++++++++++
 lib/yahns/openssl_server.rb | 21 ++++++++++++
 lib/yahns/server.rb         | 15 +++++----
 lib/yahns/socket_helper.rb  | 17 +++++++---
 test/server_helper.rb       |  6 ++--
 test/test_ssl.rb            | 79 +++++++++++++++++++++++++++++++++++++++++++++
 9 files changed, 183 insertions(+), 17 deletions(-)

commit 71aea810c6e15ba8af662698adbcb28be7e2c395
Author: Eric Wong <e@80x24.org>
Date:   Tue Dec 2 02:21:15 2014 +0000

    test/test_ssl: skip test if SSL on older Rubies
    
    We rely on exception-free non-blocking I/O for performance,
    so it is easier for us to avoid supporting new features on
    old Rubies.

commit 65a903181cd5cdd78b4df7eacc1c574f0ef8e95c
Author: Eric Wong <e@80x24.org>
Date:   Sat Nov 29 04:08:54 2014 +0000

    initial cut at OpenSSL support
    
    The current CA model and code quality of OpenSSL have long put me off
    from supporting TLS; however but efforts such as "Let's Encrypt"
    and the fallout from Heartbleed give me hope for the future.
    
    This implements, as much as possible, a "hands-off" approach to TLS
    support via OpenSSL.  This implementation allows us to shift
    responsibility away from us to users and upstreams (the Ruby 'openssl'
    extension maintainers, software packagers, and OpenSSL project itself).
    
    This is also perhaps the easiest way for now for us, while being most
    powerful for users.  It requires users to configure their own OpenSSL
    context object which we'll use as-is.
    
    This context object is used as the :ssl_ctx parameter to the "listen"
    directive in the yahns configuration file:
    
    	require 'openssl' # we will not do this for the user, even
            ctx = OpenSSL::SSL::SSLContext.new
    	# user must configure ctx here...
    	listen 443, ssl_ctx: ctx
    
    This way, in case we support GnuTLS or other TLS libraries, there'll
    be less confusion as to what a user is actually using.
    
    Note: this feature requires Ruby 2.1 and later for non-kgio
    {read,write}_nonblock(.. exception: false) support.

commit a1dba8aa91a533870c44ec0b695391f16be9a71f
Author: Eric Wong <e@80x24.org>
Date:   Tue Dec 2 01:56:31 2014 +0000

    Rakefile: kill more useless gsub use
    
    It's wrong to use gsub when stripping text in those cases.

commit 7a552121db4937f00d2b9a8586a475d02a8f833c
Author: Eric Wong <e@80x24.org>
Date:   Tue Dec 2 01:47:52 2014 +0000

    extras/autoindex: simplify checking non-.gz
    
    We only want to strip one ".gz" suffix to check for the
    original, so avoid a needless use of gsub! and use sub!
    instead.
    
    While we're at it, note the use of "dup.sub!" (vs plain "sub")
    to ensure we only handle files with a .gz suffix.