class Puma::MiniSSL::Socket

Public Class Methods

new(socket, engine) click to toggle source
# File lib/puma/minissl.rb, line 23
def initialize(socket, engine)
  @socket = socket
  @engine = engine
  @peercert = nil
  @reuse = nil
end

Public Instance Methods

<<(data)
Alias for: write
close() click to toggle source
# File lib/puma/minissl.rb, line 167
def close
  begin
    unless @engine.shutdown
      while alert_data = @engine.extract
        @socket.write alert_data
      end
    end
  rescue IOError, SystemCallError
    Puma::Util.purge_interrupt_queue
    # nothing
  ensure
    @socket.close
  end
end
closed?() click to toggle source
# File lib/puma/minissl.rb, line 35
def closed?
  @socket.closed?
end
engine_read_all() click to toggle source
# File lib/puma/minissl.rb, line 77
def engine_read_all
  output = @engine.read
  while output and additional_output = @engine.read
    output << additional_output
  end
  output
end
flush() click to toggle source
# File lib/puma/minissl.rb, line 163
def flush
  @socket.flush
end
peeraddr() click to toggle source

@!attribute [r] peeraddr

# File lib/puma/minissl.rb, line 183
def peeraddr
  @socket.peeraddr
end
peercert() click to toggle source

OpenSSL is loaded in `MiniSSL::ContextBuilder` when `MiniSSL::Context#verify_mode` is not `VERIFY_NONE`. When `VERIFY_NONE`, `MiniSSL::Engine#peercert` is nil, regardless of whether the client sends a cert. @return [OpenSSL::X509::Certificate, nil] @!attribute [r] peercert

# File lib/puma/minissl.rb, line 193
def peercert
  return @peercert if @peercert

  raw = @engine.peercert
  return nil unless raw

  @peercert = OpenSSL::X509::Certificate.new raw
end
read_nonblock(size, *_) click to toggle source
# File lib/puma/minissl.rb, line 85
def read_nonblock(size, *_)
  # *_ is to deal with keyword args that were added
  # at some point (and being used in the wild)
  while true
    output = engine_read_all
    return output if output

    data = @socket.read_nonblock(size, exception: false)
    if data == :wait_readable || data == :wait_writable
      # It would make more sense to let @socket.read_nonblock raise
      # EAGAIN if necessary but it seems like it'll misbehave on Windows.
      # I don't have a Windows machine to debug this so I can't explain
      # exactly whats happening in that OS. Please let me know if you
      # find out!
      #
      # In the meantime, we can emulate the correct behavior by
      # capturing :wait_readable & :wait_writable and raising EAGAIN
      # ourselves.
      raise IO::EAGAINWaitReadable
    elsif data.nil?
      raise SSLError.exception "HTTP connection?" if bad_tlsv1_3?
      return nil
    end

    @engine.inject(data)
    output = engine_read_all

    return output if output

    while neg_data = @engine.extract
      @socket.write neg_data
    end
  end
end
readpartial(size) click to toggle source
# File lib/puma/minissl.rb, line 60
def readpartial(size)
  while true
    output = @engine.read
    return output if output

    data = @socket.readpartial(size)
    @engine.inject(data)
    output = @engine.read

    return output if output

    while neg_data = @engine.extract
      @socket.write neg_data
    end
  end
end
ssl_version_state() click to toggle source

Returns a two element array, first is protocol version (SSL_get_version), second is 'handshake' state (SSL_state_string)

Used for dropping tcp connections to ssl. See OpenSSL ssl/ssl_stat.c SSL_state_string for info @!attribute [r] ssl_version_state @version 5.0.0

# File lib/puma/minissl.rb, line 48
def ssl_version_state
  IS_JRUBY ? [nil, nil] : @engine.ssl_vers_st
end
syswrite(data)
Alias for: write
to_io() click to toggle source

@!attribute [r] to_io

# File lib/puma/minissl.rb, line 31
def to_io
  @socket
end
write(data) click to toggle source
# File lib/puma/minissl.rb, line 120
def write(data)
  return 0 if data.empty?

  data_size = data.bytesize
  need = data_size

  while true
    wrote = @engine.write data

    enc_wr = +''
    while (enc = @engine.extract)
      enc_wr << enc
    end
    @socket.write enc_wr unless enc_wr.empty?

    need -= wrote

    return data_size if need == 0

    data = data.byteslice(wrote..-1)
  end
end
Also aliased as: syswrite, <<
write_nonblock(data, *_) click to toggle source

The problem with implementing it properly is that it means we'd have to have the ability to rewind an engine because after we write+extract, the socket write_nonblock call might raise an exception and later code would pass the same data in, but the engine would think it had already written the data in.

So for the time being (and since write blocking is quite rare), go ahead and actually block in write_nonblock.

# File lib/puma/minissl.rb, line 159
def write_nonblock(data, *_)
  write data
end

Private Instance Methods

bad_tlsv1_3?() click to toggle source

Used to check the handshake status, in particular when a TCP connection is made with TLSv1.3 as an available protocol @version 5.0.0

# File lib/puma/minissl.rb, line 55
def bad_tlsv1_3?
  HAS_TLS1_3 && ssl_version_state == ['TLSv1.3', 'SSLERR']
end