Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add SSL support for the control app (#2046)
* Extract class for building SSL context This commit extracts the `MiniSSL::Context` creation into its own `MiniSSL::ContextBuilder` class along the same lines as in [#1989]. This will allow us to reuse this code for adding SSL support to the control app (issue [#2015]). Since we will need the `MiniSSL` require and check in both places, I moved that into the `ContextBuilder` class as well. [#1989]: #1989 [#2015]: #2015 * Add SSL support for the control app This starts to address [#2015]. I think we will need to add SSL support to the control cli as well. [#2015]: #2015
- Loading branch information
1 parent
b484bda
commit f5ccd03
Showing
7 changed files
with
141 additions
and
70 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,76 @@ | ||
module Puma | ||
module MiniSSL | ||
class ContextBuilder | ||
def initialize(params, events) | ||
require 'puma/minissl' | ||
MiniSSL.check | ||
|
||
@params = params | ||
@events = events | ||
end | ||
|
||
def context | ||
ctx = MiniSSL::Context.new | ||
|
||
if defined?(JRUBY_VERSION) | ||
unless params['keystore'] | ||
events.error "Please specify the Java keystore via 'keystore='" | ||
end | ||
|
||
ctx.keystore = params['keystore'] | ||
|
||
unless params['keystore-pass'] | ||
events.error "Please specify the Java keystore password via 'keystore-pass='" | ||
end | ||
|
||
ctx.keystore_pass = params['keystore-pass'] | ||
ctx.ssl_cipher_list = params['ssl_cipher_list'] if params['ssl_cipher_list'] | ||
else | ||
unless params['key'] | ||
events.error "Please specify the SSL key via 'key='" | ||
end | ||
|
||
ctx.key = params['key'] | ||
|
||
unless params['cert'] | ||
events.error "Please specify the SSL cert via 'cert='" | ||
end | ||
|
||
ctx.cert = params['cert'] | ||
|
||
if ['peer', 'force_peer'].include?(params['verify_mode']) | ||
unless params['ca'] | ||
events.error "Please specify the SSL ca via 'ca='" | ||
end | ||
end | ||
|
||
ctx.ca = params['ca'] if params['ca'] | ||
ctx.ssl_cipher_filter = params['ssl_cipher_filter'] if params['ssl_cipher_filter'] | ||
end | ||
|
||
ctx.no_tlsv1 = true if params['no_tlsv1'] == 'true' | ||
ctx.no_tlsv1_1 = true if params['no_tlsv1_1'] == 'true' | ||
|
||
if params['verify_mode'] | ||
ctx.verify_mode = case params['verify_mode'] | ||
when "peer" | ||
MiniSSL::VERIFY_PEER | ||
when "force_peer" | ||
MiniSSL::VERIFY_PEER | MiniSSL::VERIFY_FAIL_IF_NO_PEER_CERT | ||
when "none" | ||
MiniSSL::VERIFY_NONE | ||
else | ||
events.error "Please specify a valid verify_mode=" | ||
MiniSSL::VERIFY_NONE | ||
end | ||
end | ||
|
||
ctx | ||
end | ||
|
||
private | ||
|
||
attr_reader :params, :events | ||
end | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
module SSLHelper | ||
def ssl_query | ||
@ssl_query ||= if Puma.jruby? | ||
@keystore = File.expand_path "../../../examples/puma/keystore.jks", __FILE__ | ||
@ssl_cipher_list = "TLS_DHE_RSA_WITH_DES_CBC_SHA,TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA" | ||
"keystore=#{@keystore}&keystore-pass=pswd&ssl_cipher_list=#{@ssl_cipher_list}" | ||
else | ||
@cert = File.expand_path "../../../examples/puma/cert_puma.pem", __FILE__ | ||
@key = File.expand_path "../../../examples/puma/puma_keypair.pem", __FILE__ | ||
"key=#{@key}&cert=#{@cert}" | ||
end | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters