[ANN] yahns 1.5.0 - initial OpenSSL support and bugfixes

yahns Ruby server user/dev discussion
 help / color / mirror / code / Atom feed

* [ANN] yahns 1.5.0 - initial OpenSSL support and bugfixes
@ 2014-12-21  2:25 Eric Wong
  0 siblings, 0 replies; only message in thread
From: Eric Wong @ 2014-12-21  2:25 UTC (permalink / raw)
  To: yahns-public

This release adds basic OpenSSL support for HTTPS connections.

Users must supply a OpenSSL::SSL::SSLContext object which yahns will use
as-is.  yahns will only support HTTPS on Ruby 2.1 and later, as we rely
on "exception: false" in the read_nonblock and write_nonblock methods in
OpenSSL::SSL::SSLSocket.

See the Ruby standard library documentation on how to configure
OpenSSL::SSL::SSLContext objects to pass to the yahns "listen" directive
Editing the yahns config file to use OpenSSL goes something like this:

    require 'openssl' # we will not do this for the user, even
    ctx = OpenSSL::SSL::SSLContext.new
    # user must configure ctx here...

    listen 443, ssl_ctx: ctx

Note: yahns developers are not responsible for bugs in OpenSSL itself
or misconfigured SSLContext objects created by users.  However, our
support of OpenSSL sockets is barely-tested and likely buggy, too.

Furthermore, the "sendfile" (or "kgio-sendfile") gem is no longer a
required dependency.  It is currently impossible to use zero-copy
system calls with TLS sockets.

There are also minor cleanups and a bugfix to ensure body#close is
called for folks using body#to_path where `body' is the Rack
response body.  This bug affected logging using the 'clogger' gem
when serving static files.

Shortlog of changes since 1.4.0

      save around 1500 bytes of memory on x86-64
      http_response: remove arg for Array#join
      remove unused client_max_header_size config
      config: use literal symbol array for now
      http_response: reduce constants for 100 responses
      favor Array#map! for freshly-split arrays
      sendfile_compat: remove dependency on pread
      extras/autoindex: simplify checking non-.gz
      Rakefile: kill more useless gsub use
      initial cut at OpenSSL support
      test/test_ssl: skip test if SSL on older Rubies
      wbuf_common: close body proxies on sendfile abort
      bump published Ruby version requirement to 2.0
      make sendfile an optional dependency
      openssl_client: ignore SSL_accept errors during negotiation

Disclaimer: the yahns project does not and will never endorse
any commercial entities, including certificate authorities.

Shpx Nhgubevgl.

-- 
EW

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2014-12-21  2:25 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-12-21  2:25 [ANN] yahns 1.5.0 - initial OpenSSL support and bugfixes Eric Wong

Code repositories for project(s) associated with this public inbox

	https://yhbt.net/yahns.git/

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).