Adjust code for compiling without SSL (MRI & JRuby), add SSL detection

Rakefile

@@ -47,6 +47,29 @@ if !Puma.jruby?
   end
 else
   # Java (JRuby)
+  # ::Rake::JavaExtensionTask.source_files supplies the list of files to
+  # compile.  At present, it only works with a glob prefixed with @ext_dir.
+  # override it so we can select the files
+  class ::Rake::JavaExtensionTask
+    def source_files
+      if ENV["DISABLE_SSL"]
+        # uses no_ssl/PumaHttp11Service.java, removes MiniSSL.java
+        FileList[
+          File.join(@ext_dir, "no_ssl/PumaHttp11Service.java"),
+          File.join(@ext_dir, "org/jruby/puma/Http11.java"),
+          File.join(@ext_dir, "org/jruby/puma/Http11Parser.java")
+        ]
+      else
+        FileList[
+          File.join(@ext_dir, "PumaHttp11Service.java"),
+          File.join(@ext_dir, "org/jruby/puma/Http11.java"),
+          File.join(@ext_dir, "org/jruby/puma/Http11Parser.java"),
+          File.join(@ext_dir, "org/jruby/puma/MiniSSL.java")
+        ]
+      end
+    end
+  end
+
   Rake::JavaExtensionTask.new("puma_http11", gemspec) do |ext|
     ext.lib_dir = "lib/puma"
   end

ext/puma_http11/no_ssl/PumaHttp11Service.java

@@ -0,0 +1,15 @@
+package puma;
+
+import java.io.IOException;
+
+import org.jruby.Ruby;
+import org.jruby.runtime.load.BasicLibraryService;
+
+import org.jruby.puma.Http11;
+
+public class PumaHttp11Service implements BasicLibraryService {
+    public boolean basicLoad(final Ruby runtime) throws IOException {
+        Http11.createHttp11(runtime);
+        return true;
+    }
+}

ext/puma_http11/puma_http11.c

@@ -434,7 +434,9 @@ VALUE HttpParser_body(VALUE self) {
   return http->body;
 }
 
+#ifdef HAVE_OPENSSL_BIO_H
 void Init_mini_ssl(VALUE mod);
+#endif
 
 void Init_puma_http11()
 {
@@ -463,5 +465,7 @@ void Init_puma_http11()
   rb_define_method(cHttpParser, "body", HttpParser_body, 0);
   init_common_fields();
 
+#ifdef HAVE_OPENSSL_BIO_H
   Init_mini_ssl(mPuma);
+#endif
 }

lib/puma.rb

@@ -10,6 +10,9 @@
 
 require 'thread'
 
+require_relative 'puma/puma_http11'
+require_relative 'puma/detect'
+
 module Puma
   autoload :Const, 'puma/const'
   autoload :Server, 'puma/server'
@@ -33,4 +36,12 @@ def self.set_thread_name(name)
     return unless Thread.current.respond_to?(:name=)
     Thread.current.name = "puma #{name}"
   end
+
+  unless HAS_SSL
+    module MiniSSL
+      # this class is defined so that it exists when Puma is compiled
+      # without ssl support, as Server and Reactor use it in rescue statements.
+      class SSLError < StandardError ; end
+    end
+  end
 end

lib/puma/binder.rb

@@ -5,10 +5,16 @@
 
 require 'puma/const'
 require 'puma/util'
-require 'puma/minissl/context_builder'
 require 'puma/configuration'
 
 module Puma
+
+  if HAS_SSL
+    require 'puma/minissl'
+    require 'puma/minissl/context_builder'
+    require 'puma/accept_nonblock'
+  end
+
   class Binder
     include Puma::Const
 
@@ -155,6 +161,9 @@ def parse(binds, logger, log_msg = 'Listening')
 
           @listeners << [str, io]
         when "ssl"
+
+          raise "Puma compiled without SSL support" unless HAS_SSL
+
           params = Util.parse_query uri.query
           ctx = MiniSSL::ContextBuilder.new(params, @events).context
 
@@ -245,9 +254,8 @@ def inherit_tcp_listener(host, port, fd)
 
     def add_ssl_listener(host, port, ctx,
                          optimize_for_latency=true, backlog=1024)
-      require 'puma/minissl'
 
-      MiniSSL.check
+      raise "Puma compiled without SSL support" unless HAS_SSL
 
       if host == "localhost"
         loopback_addresses.each do |addr|
@@ -264,7 +272,6 @@ def add_ssl_listener(host, port, ctx,
       s.setsockopt(Socket::SOL_SOCKET,Socket::SO_REUSEADDR, true)
       s.listen backlog
 
-
       ssl = MiniSSL::Server.new s, ctx
       env = @proto_env.dup
       env[HTTPS_KEY] = HTTPS
@@ -275,8 +282,7 @@ def add_ssl_listener(host, port, ctx,
     end
 
     def inherit_ssl_listener(fd, ctx)
-      require 'puma/minissl'
-      MiniSSL.check
+      raise "Puma compiled without SSL support" unless HAS_SSL
 
       if fd.kind_of? TCPServer
         s = fd

lib/puma/detect.rb

@@ -1,6 +1,13 @@
 # frozen_string_literal: true
 
 module Puma
+  # at present, MiniSSL::Engine is only defined in extension code, not in minissl.rb
+  HAS_SSL = const_defined?(:MiniSSL, false) && MiniSSL.const_defined?(:Engine, false)
+
+  def self.ssl?
+    HAS_SSL
+  end
+
   IS_JRUBY = defined?(JRUBY_VERSION)
 
   def self.jruby?

lib/puma/minissl.rb

@@ -10,7 +10,6 @@
 
 module Puma
   module MiniSSL
-
     # define constant at runtime, as it's easy to determine at built time,
     # but Puma could (it shouldn't) be loaded with an older OpenSSL version
     HAS_TLS1_3 = !IS_JRUBY &&
@@ -203,8 +202,6 @@ def peercert
       class SSLError < StandardError
         # Define this for jruby even though it isn't used.
       end
-
-      def self.check; end
     end
 
     class Context

lib/puma/minissl/context_builder.rb

@@ -2,9 +2,6 @@ module Puma
   module MiniSSL
     class ContextBuilder
       def initialize(params, events)
-        require 'puma/minissl'
-        MiniSSL.check
-
         @params = params
         @events = events
       end

lib/puma/reactor.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 require 'puma/util'
-require 'puma/minissl'
+require 'puma/minissl' if ::Puma::HAS_SSL
 
 require 'nio'
 

lib/puma/runner.rb

@@ -2,7 +2,6 @@
 
 require 'puma/server'
 require 'puma/const'
-require 'puma/minissl/context_builder'
 
 module Puma
   # Generic class that is used by `Puma::Cluster` and `Puma::Single` to

lib/puma/server.rb

@@ -9,12 +9,9 @@
 require 'puma/reactor'
 require 'puma/client'
 require 'puma/binder'
-require 'puma/accept_nonblock'
 require 'puma/util'
 require 'puma/io_buffer'
 
-require 'puma/puma_http11'
-
 require 'socket'
 require 'forwardable'