Feedback changes

puma · Oct 1, 2021 · 2f41a31 · 2f41a31
1 parent e3a05b0
commit 2f41a31
Show file tree

Hide file tree

Showing 3 changed files with 31 additions and 36 deletions.
diff --git a/lib/puma/binder.rb b/lib/puma/binder.rb
@@ -57,7 +57,6 @@ def initialize(events, conf = Configuration.new)
 
       @envs = {}
       @ios = []
-      localhost_authority
     end
 
     attr_reader :ios
@@ -229,11 +228,6 @@ def parse(binds, logger, log_msg = 'Listening')
 
           params = Util.parse_query uri.query
 
-          # If key and certs are not defined and localhost gem is required.
-          # localhost gem will be used for self signed
-          # Load localhost authority if not loaded.
-          ctx = localhost_authority && localhost_authority_context if params.empty?
-
           ctx ||= MiniSSL::ContextBuilder.new(params, @events).context
 
           if fd = @inherited_fds.delete(str)
@@ -246,9 +240,11 @@ def parse(binds, logger, log_msg = 'Listening')
             ios_len = @ios.length
             io = add_ssl_listener uri.host, uri.port, ctx
 
+            uri_query = params.map { |k, v| "#{k}=#{v}" }.join('&')
+
             @ios[ios_len..-1].each do |i|
               addr = loc_addr_str i
-              logger.log "* #{log_msg} on ssl://#{addr}?#{uri.query}"
+              logger.log "* #{log_msg} on ssl://#{addr}?#{uri_query}"
             end
           end
 
@@ -292,22 +288,6 @@ def parse(binds, logger, log_msg = 'Listening')
       end
     end
 
-    def localhost_authority
-      @localhost_authority ||= Localhost::Authority.fetch if defined?(Localhost::Authority) && !Puma::IS_JRUBY
-    end
-
-    def localhost_authority_context
-      return unless localhost_authority
-
-      key_path, crt_path = if [:key_path, :certificate_path].all? { |m| localhost_authority.respond_to?(m) }
-        [localhost_authority.key_path, localhost_authority.certificate_path]
-      else
-        local_certificates_path = File.expand_path("~/.localhost")
-        [File.join(local_certificates_path, "localhost.key"), File.join(local_certificates_path, "localhost.crt")]
-      end
-      MiniSSL::ContextBuilder.new({ "key" => key_path, "cert" => crt_path }, @events).context
-    end
-
     # Tell the server to listen on host +host+, port +port+.
     # If +optimize_for_latency+ is true (the default) then clients connecting
     # will be optimized for latency over throughput.
@@ -348,7 +328,7 @@ def add_ssl_listener(host, port, ctx,
 
       raise "Puma compiled without SSL support" unless HAS_SSL
       # Puma will try to use local authority context if context is supplied nil
-      ctx ||= localhost_authority_context
+      ctx ||= MiniSSL::ContextBuilder.new({}, @events).context
 
       if host == "localhost"
         loopback_addresses.each do |addr|
@@ -377,7 +357,7 @@ def add_ssl_listener(host, port, ctx,
     def inherit_ssl_listener(fd, ctx)
       raise "Puma compiled without SSL support" unless HAS_SSL
       # Puma will try to use local authority context if context is supplied nil
-      ctx ||= localhost_authority_context
+      ctx ||= MiniSSL::ContextBuilder.new({}, @events).context
 
       s = fd.kind_of?(::TCPServer) ? fd : ::TCPServer.for_fd(fd)
 

diff --git a/lib/puma/dsl.rb b/lib/puma/dsl.rb
@@ -46,14 +46,6 @@ def self.ssl_bind_str(host, port, opts)
         else ''
         end
 
-      if ['127.0.0.1', 'localhost'].include?(host)
-        key = "#{ENV["HOME"]}/.localhost/localhost.key"
-        cert = "#{ENV["HOME"]}/.localhost/localhost.crt"
-      end
-
-      key = opts[:key] if opts[:key]
-      cert = opts[:cert] if opts[:cert]
-
       ca_additions = "&ca=#{opts[:ca]}" if ['peer', 'force_peer'].include?(verify)
 
       if defined?(JRUBY_VERSION)
@@ -71,7 +63,7 @@ def self.ssl_bind_str(host, port, opts)
         v_flags = (ary = opts[:verification_flags]) ?
           "&verification_flags=#{Array(ary).join ','}" : nil
 
-        "ssl://#{host}:#{port}?cert=#{cert}&key=#{key}" \
+        "ssl://#{host}:#{port}?cert=#{opts[:cert]}&key=#{opts[:key]}" \
           "#{ssl_cipher_filter}&verify_mode=#{verify}#{tls_str}#{ca_additions}#{v_flags}"
       end
     end

diff --git a/lib/puma/minissl/context_builder.rb b/lib/puma/minissl/context_builder.rb
@@ -6,6 +6,21 @@ def initialize(params, events)
         @events = events
       end
 
+      def localhost_authority
+        @localhost_authority ||= Localhost::Authority.fetch if defined?(Localhost::Authority) && !Puma::IS_JRUBY
+      end
+
+      def localhost_authority_context
+        return unless localhost_authority
+
+        key_path, crt_path = if [:key_path, :certificate_path].all? { |m| localhost_authority.respond_to?(m) }
+          [localhost_authority.key_path, localhost_authority.certificate_path]
+        else
+          local_certificates_path = File.expand_path("~/.localhost")
+          [File.join(local_certificates_path, "localhost.key"), File.join(local_certificates_path, "localhost.crt")]
+        end
+      end
+
       def context
         ctx = MiniSSL::Context.new
 
@@ -24,13 +39,21 @@ def context
           ctx.ssl_cipher_list = params['ssl_cipher_list'] if params['ssl_cipher_list']
         else
           unless params['key']
-            events.error "Please specify the SSL key via 'key='"
+            if localhost_authority
+              params['key'] = localhost_authority_context[0]
+            else
+              events.error "Please specify the SSL key via 'key='"
+            end
           end
 
           ctx.key = params['key']
 
           unless params['cert']
-            events.error "Please specify the SSL cert via 'cert='"
+            if localhost_authority
+              params['cert'] = localhost_authority_context[1]
+            else
+              events.error "Please specify the SSL cert via 'cert='"
+            end
           end
 
           ctx.cert = params['cert']