From: Eric Wong <e@80x24.org>
To: yahns-public@yhbt.net
Subject: Re: [RFC] initial cut at OpenSSL support
Date: Tue, 2 Dec 2014 07:37:29 +0000 [thread overview]
Message-ID: <20141202073729.GA16033@dcvr.yhbt.net> (raw)
In-Reply-To: <20141130042131.GA23176@dcvr.yhbt.net>
Pushed OpenSSL support with a few (unrelated) minor fixes and cleanups
Eric Wong (4):
extras/autoindex: simplify checking non-.gz
Rakefile: kill more useless gsub use
initial cut at OpenSSL support
test/test_ssl: skip test if SSL on older Rubies
Rakefile | 4 +--
extras/autoindex.rb | 4 ++-
lib/yahns/config.rb | 2 ++
lib/yahns/openssl_client.rb | 52 +++++++++++++++++++++++++++++
lib/yahns/openssl_server.rb | 21 ++++++++++++
lib/yahns/server.rb | 15 +++++----
lib/yahns/socket_helper.rb | 17 +++++++---
test/server_helper.rb | 6 ++--
test/test_ssl.rb | 79 +++++++++++++++++++++++++++++++++++++++++++++
9 files changed, 183 insertions(+), 17 deletions(-)
commit 71aea810c6e15ba8af662698adbcb28be7e2c395
Author: Eric Wong <e@80x24.org>
Date: Tue Dec 2 02:21:15 2014 +0000
test/test_ssl: skip test if SSL on older Rubies
We rely on exception-free non-blocking I/O for performance,
so it is easier for us to avoid supporting new features on
old Rubies.
commit 65a903181cd5cdd78b4df7eacc1c574f0ef8e95c
Author: Eric Wong <e@80x24.org>
Date: Sat Nov 29 04:08:54 2014 +0000
initial cut at OpenSSL support
The current CA model and code quality of OpenSSL have long put me off
from supporting TLS; however but efforts such as "Let's Encrypt"
and the fallout from Heartbleed give me hope for the future.
This implements, as much as possible, a "hands-off" approach to TLS
support via OpenSSL. This implementation allows us to shift
responsibility away from us to users and upstreams (the Ruby 'openssl'
extension maintainers, software packagers, and OpenSSL project itself).
This is also perhaps the easiest way for now for us, while being most
powerful for users. It requires users to configure their own OpenSSL
context object which we'll use as-is.
This context object is used as the :ssl_ctx parameter to the "listen"
directive in the yahns configuration file:
require 'openssl' # we will not do this for the user, even
ctx = OpenSSL::SSL::SSLContext.new
# user must configure ctx here...
listen 443, ssl_ctx: ctx
This way, in case we support GnuTLS or other TLS libraries, there'll
be less confusion as to what a user is actually using.
Note: this feature requires Ruby 2.1 and later for non-kgio
{read,write}_nonblock(.. exception: false) support.
commit a1dba8aa91a533870c44ec0b695391f16be9a71f
Author: Eric Wong <e@80x24.org>
Date: Tue Dec 2 01:56:31 2014 +0000
Rakefile: kill more useless gsub use
It's wrong to use gsub when stripping text in those cases.
commit 7a552121db4937f00d2b9a8586a475d02a8f833c
Author: Eric Wong <e@80x24.org>
Date: Tue Dec 2 01:47:52 2014 +0000
extras/autoindex: simplify checking non-.gz
We only want to strip one ".gz" suffix to check for the
original, so avoid a needless use of gsub! and use sub!
instead.
While we're at it, note the use of "dup.sub!" (vs plain "sub")
to ensure we only handle files with a .gz suffix.
prev parent reply other threads:[~2014-12-02 7:37 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-11-29 4:08 [RFC] initial cut at OpenSSL support Eric Wong
2014-11-30 4:21 ` Eric Wong
2014-12-02 7:37 ` Eric Wong [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://yhbt.net/yahns/README
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20141202073729.GA16033@dcvr.yhbt.net \
--to=e@80x24.org \
--cc=yahns-public@yhbt.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://yhbt.net/yahns.git/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).