Allow mutual TLS CA to be set using ssl_bind
DSL
#1689
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
When using mutual TLS, you must specify the CA certificate chain to use
for verifying the peer. Using Puma's
ssl_bind
DSL did not give you theoption of doing so, which lead to confusing errors when attempting to
use it.
Now, when specifying the
verify_mode
as eitherpeer
orforce_peer
,you can use the DSL to set the
ca
value as needed within theBinder
.This allows you to use the DSL instead of falling back to the default
bind
syntax via the URI-style configuration pattern.