From 3c2f158802b3605e0f0f2e1d6ba9f399dbd8c031 Mon Sep 17 00:00:00 2001 From: MSP-Greg Date: Mon, 12 Jun 2023 16:30:28 -0500 Subject: [PATCH] Update comments --- ext/puma_http11/mini_ssl.c | 4 ++++ lib/puma/minissl.rb | 5 +++++ lib/puma/minissl/context_builder.rb | 2 +- 3 files changed, 10 insertions(+), 1 deletion(-) diff --git a/ext/puma_http11/mini_ssl.c b/ext/puma_http11/mini_ssl.c index 52626b9319..5d9f23bc49 100644 --- a/ext/puma_http11/mini_ssl.c +++ b/ext/puma_http11/mini_ssl.c @@ -804,6 +804,10 @@ void Init_mini_ssl(VALUE puma) { rb_define_method(eng, "init?", engine_init, 0); + /* @!attribute [r] peercert + * Returns `nil` when `MiniSSL::Context#verify_mode` is set to `VERIFY_NONE`. + * @return [String, nil] DER encoded cert + */ rb_define_method(eng, "peercert", engine_peercert, 0); rb_define_method(eng, "ssl_vers_st", engine_ssl_vers_st, 0); diff --git a/lib/puma/minissl.rb b/lib/puma/minissl.rb index d69a8b3838..3e1b96727e 100644 --- a/lib/puma/minissl.rb +++ b/lib/puma/minissl.rb @@ -184,6 +184,11 @@ def peeraddr @socket.peeraddr end + # OpenSSL is loaded in `MiniSSL::ContextBuilder` when + # `MiniSSL::Context#verify_mode` is not `VERIFY_NONE`. + # When `VERIFY_NONE`, `MiniSSL::Engine#peercert` is nil, regardless of + # whether the client sends a cert. + # @return [OpenSSL::X509::Certificate, nil] # @!attribute [r] peercert def peercert return @peercert if @peercert diff --git a/lib/puma/minissl/context_builder.rb b/lib/puma/minissl/context_builder.rb index 96b03bd125..e5323ad676 100644 --- a/lib/puma/minissl/context_builder.rb +++ b/lib/puma/minissl/context_builder.rb @@ -52,7 +52,7 @@ def context log_writer.error "Please specify the SSL ca via 'ca='" end # needed for Puma::MiniSSL::Socket#peercert, env['puma.peercert'] - require 'openssl' unless Object.const_defined? :OpenSSL + require 'openssl' end ctx.ca = params['ca'] if params['ca']