Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix rejecting HTTP requests when TLS1.3 is used by server #2116

Merged
merged 3 commits into from May 15, 2020
Merged

Fix rejecting HTTP requests when TLS1.3 is used by server #2116

merged 3 commits into from May 15, 2020

Commits on May 13, 2020

  1. ext/puma_http11/mini_ssl.c - add Puma::MiniSSL::Engine#ssl_vers_st 

    1. Add method Puma::MiniSSL::Engine#ssl_vers_st.  This returns connection protocol version and SSL_state_string info.

2. Add 12 bit mask for ssl erors of type SSL_ERROR_SSL that do not involve certificate verification.  This translates numbers suffixing error message to match numbers in OpenSSL's 'SSL reason codes' defined  include/openssl/sslerr.h
    @MSP-Greg
    MSP-Greg committed May 13, 2020
    Copy the full SHA
    68d535c View commit details
    Browse the repository at this point in the history

  2. lib/puma\minissl.rb - TLSv1.3 updates 

    Changes to Puma::MiniSSL

1. Add HAS_TLS1_3 constant.
2. Add #bad_tlsv1_3? method, used to determine if an http  connection to an https server has been made.  TLSv1.3 behaves differently than previous TLS versions.
3. Change #engine_read_all to close http connections.
4. Add #ssl_version_state method, unused at present.
    @MSP-Greg
    MSP-Greg committed May 13, 2020
    Copy the full SHA
    ee85962 View commit details
    Browse the repository at this point in the history

  3. test/test_puma_server_ssl.rb - add test_http_rejection 

    Add History.md item
    @MSP-Greg
    MSP-Greg committed May 13, 2020
    Copy the full SHA
    1f439c0 View commit details
    Browse the repository at this point in the history