about summary refs log tree commit homepage
diff options
context:
space:
mode:
authorEric Wong <e@80x24.org>2016-02-14 22:02:57 +0000
committerEric Wong <e@80x24.org>2016-02-14 22:27:50 +0000
commit3c341acc9dc8d0faa583d12d97b83f43eb0358c7 (patch)
tree368647f421b044a6631da2d65a8672e6dac1012c
parent61f71e4487c172083e3f0b8c3f14706e76c5f30d (diff)
downloadyahns-3c341acc9dc8d0faa583d12d97b83f43eb0358c7.tar.gz
Most notably, serving static files over HTTPS did not work
before this release with the "sendfile" gem installed.  The
yahns_config(5) manpage is also updated with an example for
using OpenSSL::SSL::SSLContext objects.  Users of
Rack::Request#scheme and env['rack.url_scheme'] should see
"https" properly set for HTTPS connections.

There's also a bunch of internal tweaks like taking advantage of
the file-level frozen_string_literal: directive in 2.3 and
explicitly clearing short-lived string buffers

TLS support is still in its early stages, but I'm experimenting
with Let's Encrypt (via getssl[1]) and hosting https://YHBT.net/
on it.

For now, I suggest using a separate yahns instance (with a
different master process) to avoid any potential data leaks
between HTTPS and HTTP instances.  In the future, it may be
possible to isolate HTTPS from HTTP at the worker process level.
Supporting GnuTLS (alongside OpenSSL) may be in our future, too.

To paraphrase the warning in http://www.postfix.org/TLS_README.html
(which was written before Heartbleed):

    WARNING

      By turning on TLS support in yahns, you not only get the
      ability to encrypt traffic and to authenticate remote
      clients.  You also turn on thousands and thousands of
      lines of OpenSSL library code.  Assuming that OpenSSL is
      written as carefully as Eric's own code, every 1000 lines
      introduce one additional bug into yahns.

I'm not nearly as careful with yahns as Wietse is with postfix,
either.

20 changes since v1.11.0:
      README: updates for kqueue
      add .gitattributes for Ruby method detection
      nodoc internals
      enable frozen_string_literal for Ruby 2.3+
      copyright updates for 2016
      extras/exec_cgi: fix frozen string error on slow responses
      avoid StringIO#binmode for the next few years
      use String#clear for short-lived buffers we create
      gemspec: make rack a development dependency
      build: install-gem forced to "--local" domain
      acceptor: all subclasses of TCPServer use TCP_INFO
      properly emulate sendfile for OpenSSL sockets
      avoid race conditions in OpenSSL::SSL::SSLContext#setup
      set HTTPS and rack.url_scheme in Rack env as appropriate
      proxy_pass: pass X-Forwarded-Proto through
      doc: switch to perlpod (from pandoc-flavored Markdown)
      doc: trim down documentation slightly
      doc: document ssl_ctx for "listen" directive
      doc: various doc and linkification improvements
      http_context: reduce constant lookup + bytecode

[1] git clone https://github.com/srvrco/getssl.git
-rwxr-xr-xGIT-VERSION-GEN2
1 files changed, 1 insertions, 1 deletions
diff --git a/GIT-VERSION-GEN b/GIT-VERSION-GEN
index 8d84137..fb2a8a6 100755
--- a/GIT-VERSION-GEN
+++ b/GIT-VERSION-GEN
@@ -5,7 +5,7 @@
 CONSTANT = "Yahns::VERSION"
 RVF = "lib/yahns/version.rb"
 GVF = "GIT-VERSION-FILE"
-DEF_VER = "v1.11.0"
+DEF_VER = "v1.12.0"
 vn = DEF_VER.dup
 
 # First see if there is a version file (included in release tarballs),