* [ANN] yahns 1.5.0 - initial OpenSSL support and bugfixes
@ 2014-12-21 2:25 Eric Wong
0 siblings, 0 replies; only message in thread
From: Eric Wong @ 2014-12-21 2:25 UTC (permalink / raw)
To: yahns-public
This release adds basic OpenSSL support for HTTPS connections.
Users must supply a OpenSSL::SSL::SSLContext object which yahns will use
as-is. yahns will only support HTTPS on Ruby 2.1 and later, as we rely
on "exception: false" in the read_nonblock and write_nonblock methods in
OpenSSL::SSL::SSLSocket.
See the Ruby standard library documentation on how to configure
OpenSSL::SSL::SSLContext objects to pass to the yahns "listen" directive
Editing the yahns config file to use OpenSSL goes something like this:
require 'openssl' # we will not do this for the user, even
ctx = OpenSSL::SSL::SSLContext.new
# user must configure ctx here...
listen 443, ssl_ctx: ctx
Note: yahns developers are not responsible for bugs in OpenSSL itself
or misconfigured SSLContext objects created by users. However, our
support of OpenSSL sockets is barely-tested and likely buggy, too.
Furthermore, the "sendfile" (or "kgio-sendfile") gem is no longer a
required dependency. It is currently impossible to use zero-copy
system calls with TLS sockets.
There are also minor cleanups and a bugfix to ensure body#close is
called for folks using body#to_path where `body' is the Rack
response body. This bug affected logging using the 'clogger' gem
when serving static files.
Shortlog of changes since 1.4.0
save around 1500 bytes of memory on x86-64
http_response: remove arg for Array#join
remove unused client_max_header_size config
config: use literal symbol array for now
http_response: reduce constants for 100 responses
favor Array#map! for freshly-split arrays
sendfile_compat: remove dependency on pread
extras/autoindex: simplify checking non-.gz
Rakefile: kill more useless gsub use
initial cut at OpenSSL support
test/test_ssl: skip test if SSL on older Rubies
wbuf_common: close body proxies on sendfile abort
bump published Ruby version requirement to 2.0
make sendfile an optional dependency
openssl_client: ignore SSL_accept errors during negotiation
Disclaimer: the yahns project does not and will never endorse
any commercial entities, including certificate authorities.
Shpx Nhgubevgl.
--
EW
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2014-12-21 2:25 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-12-21 2:25 [ANN] yahns 1.5.0 - initial OpenSSL support and bugfixes Eric Wong
Code repositories for project(s) associated with this public inbox
https://yhbt.net/yahns.git/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).