-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Openssl updates #1836
Openssl updates #1836
Conversation
A few notes:
|
🙏 Really solid work on all of this @MSP-Greg. The way a PR should be done! Will review soon, looks like there was an unrelated build failure. |
Thank you, really. Sorry for adding the method, but I needed a break from a Ruby/JS mess, and I've done a few other OpenSSL PR's this week, similar issues. So, I just wanted to get it done...
That pissed me off.
Long story short, I guess we'll all keep an eye on it... |
test/test_puma_server_ssl.rb
Outdated
end | ||
|
||
def teardown | ||
@http.finish if !@http.nil? && @http.started? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
style nitpick but I hate unnecessary predicates. I think if @http
is sufficient here, as is unless @server
in the next line.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I just pushed this change, and it's breaking things.
Although I can't recall what/why, there are times when connections aren't 'made' due to testing for restricted protocol versions. Are you ok with returning these to the original code in the PR?
EDIT: Generally, with new things, I will always test in my fork. I will not always check 'old code', but I am not the type to make code more complex. I also forget things/reasons (better with theory than details...). I'll try to add more comments in the future...
@http.finish if !@http.nil? && @http.started?
@server.stop(true) unless @server.nil?
changed to:
@http.finish if @http && @http.started?
@server.stop(true) if @server
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yup! if the predicate is necessary, then it's necessary. just thought it wasn't.
else | ||
@http.ssl_version = :TLSv1 | ||
end | ||
# Ruby 2.4.5 on Travis raises ArgumentError |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lmao
The Ruby here is good with me, needs a review from someone else on the C. |
0cca7c0
to
b397cc5
Compare
Should be ok if the 'review from someone else on the C' is good. Ruby master will fail on Travis until a bundler issue specific to 'nested bundle commands used when bundler is a default gem' is fixed. PR submitted to bundler... |
b397cc5
to
44b00a5
Compare
|
44b00a5
to
0237611
Compare
2019-08-03 15:30 UTC, I selfishly rebased to trigger a CI run to test ruby-head. The fix for 'nested bundle commands when bundler is a default gem' has been pushed from Bundler to ruby-head/trunk, and ruby-head is now passing. A small patch in this PR additionally fixes ruby-head with See: Note that this wasn't an issue on Appveyor, as all the tests that have bundle commands also use |
0237611
to
35dbec0
Compare
1st commit - OpenSSL 1.1.1 updates, add
#no_tlsv1_1
1.1 Adds three constants to MiniSSL, as many OpenSSL builds cannot/will not connect with older protocols:
1.2 Uses
SSL_CTX_set_min_proto_version
when available1.3 Add
#no_tlsv1_1
method toPuma::MiniSSL::Context
2nd commit - travis.yml - add bionic 18.04 job
2.1 Add Ubuntu bionic 18.04 job with Ruby 2.6.3. This tests with OpenSSL 1.1.1
3rd commit - test_puma_server_ssl.rb - add tests for
#no_tlsv1
,#no_tlsv1_1
3.1 Adds tests for
#no_tlsv1
and#no_tlsv1_1
3.2 Changes setup (via adding a
start_server
method), allowing the context to be passed to a block4th commit - add no_tlsv1_1 to binder, config, etc
4.1 Adds use of
#no_tlsv1_1
with binder.rb and dsl.rb4.2 Adds tests to test_binder.rb and test_config.rb for above
4.3 Adds feature to MiniSSL.java