class Puma::MiniSSL::Socket
Public Class Methods
# File lib/puma/minissl.rb, line 20 def initialize(socket, engine) @socket = socket @engine = engine @peercert = nil end
Public Instance Methods
# File lib/puma/minissl.rb, line 178 def close begin # Read any drop any partially initialized sockets and any received bytes during shutdown. # Don't let this socket hold this loop forever. # If it can't send more packets within 1s, then give up. return if [:timeout, :eof].include?(read_and_drop(1)) while should_drop_bytes? rescue IOError, SystemCallError Thread.current.purge_interrupt_queue if Thread.current.respond_to? :purge_interrupt_queue # nothing ensure @socket.close end end
# File lib/puma/minissl.rb, line 31 def closed? @socket.closed? end
# File lib/puma/minissl.rb, line 73 def engine_read_all output = @engine.read raise SSLError.exception "HTTP connection?" if bad_tlsv1_3? while output and additional_output = @engine.read output << additional_output end output end
# File lib/puma/minissl.rb, line 158 def flush @socket.flush end
@!attribute [r] peeraddr
# File lib/puma/minissl.rb, line 193 def peeraddr @socket.peeraddr end
@!attribute [r] peercert
# File lib/puma/minissl.rb, line 198 def peercert return @peercert if @peercert raw = @engine.peercert return nil unless raw @peercert = OpenSSL::X509::Certificate.new raw end
# File lib/puma/minissl.rb, line 162 def read_and_drop(timeout = 1) return :timeout unless IO.select([@socket], nil, nil, timeout) case @socket.read_nonblock(1024, exception: false) when nil :eof when :wait_readable :eagain else :drop end end
# File lib/puma/minissl.rb, line 82 def read_nonblock(size, *_) # *_ is to deal with keyword args that were added # at some point (and being used in the wild) while true output = engine_read_all return output if output data = @socket.read_nonblock(size, exception: false) if data == :wait_readable || data == :wait_writable # It would make more sense to let @socket.read_nonblock raise # EAGAIN if necessary but it seems like it'll misbehave on Windows. # I don't have a Windows machine to debug this so I can't explain # exactly whats happening in that OS. Please let me know if you # find out! # # In the meantime, we can emulate the correct behavior by # capturing :wait_readable & :wait_writable and raising EAGAIN # ourselves. raise IO::EAGAINWaitReadable elsif data.nil? return nil end @engine.inject(data) output = engine_read_all return output if output while neg_data = @engine.extract @socket.write neg_data end end end
# File lib/puma/minissl.rb, line 56 def readpartial(size) while true output = @engine.read return output if output data = @socket.readpartial(size) @engine.inject(data) output = @engine.read return output if output while neg_data = @engine.extract @socket.write neg_data end end end
# File lib/puma/minissl.rb, line 174 def should_drop_bytes? @engine.init? || !@engine.shutdown end
Returns a two element array, first is protocol version (SSL_get_version), second is 'handshake' state (SSL_state_string)
Used for dropping tcp connections to ssl. See OpenSSL ssl/ssl_stat.c SSL_state_string for info @!attribute [r] #ssl_version_state @version 5.0.0
# File lib/puma/minissl.rb, line 44 def ssl_version_state IS_JRUBY ? [nil, nil] : @engine.ssl_vers_st end
@!attribute [r] #to_io
# File lib/puma/minissl.rb, line 27 def to_io @socket end
# File lib/puma/minissl.rb, line 116 def write(data) return 0 if data.empty? need = data.bytesize while true wrote = @engine.write data enc = @engine.extract while enc @socket.write enc enc = @engine.extract end need -= wrote return data.bytesize if need == 0 data = data[wrote..-1] end end
The problem with implementing it properly is that it means we'd have to have the ability to rewind an engine because after we write+extract, the socket #write_nonblock call might raise an exception and later code would pass the same data in, but the engine would think it had already written the data in.
So for the time being (and since write blocking is quite rare), go ahead and actually block in write_nonblock.
# File lib/puma/minissl.rb, line 154 def write_nonblock(data, *_) write data end
Private Instance Methods
Used to check the handshake status, in particular when a TCP connection is made with TLSv1.3 as an available protocol @version 5.0.0
# File lib/puma/minissl.rb, line 51 def bad_tlsv1_3? HAS_TLS1_3 && @engine.ssl_vers_st == ['TLSv1.3', 'SSLERR'] end