diff options
author | Eric Wong <e@80x24.org> | 2014-12-21 10:53:03 +0000 |
---|---|---|
committer | Eric Wong <e@80x24.org> | 2014-12-21 11:16:10 +0000 |
commit | 776d3e3d7ac19a50f7342fa48c0a5d5a7e224359 (patch) | |
tree | b648a6e6b87b881d89536d59d2c3caaf0c5a2add /lib/unicorn/ssl_server.rb | |
parent | 080d910038a0572981f3cdd62c032963c513ecf3 (diff) | |
download | unicorn-776d3e3d7ac19a50f7342fa48c0a5d5a7e224359.tar.gz |
We implemented barely-advertised support for SSL for two reasons: 1) to detect corruption on LANs beyond what TCP offers 2) to support other servers based on unicorn (never happened) Since this feature is largely not useful for unicorn itself, there's no reason to penalize unicorn 5.x users with bloat. In our defense, SSL support appeared in version 4.2.0 :)
Diffstat (limited to 'lib/unicorn/ssl_server.rb')
-rw-r--r-- | lib/unicorn/ssl_server.rb | 42 |
1 files changed, 0 insertions, 42 deletions
diff --git a/lib/unicorn/ssl_server.rb b/lib/unicorn/ssl_server.rb deleted file mode 100644 index c00c3ae..0000000 --- a/lib/unicorn/ssl_server.rb +++ /dev/null @@ -1,42 +0,0 @@ -# -*- encoding: binary -*- -# :stopdoc: -# this module is meant to be included in Unicorn::HttpServer -# It is an implementation detail and NOT meant for users. -module Unicorn::SSLServer - attr_accessor :ssl_engine - - def ssl_enable! - sni_hostnames = rack_sni_hostnames(@app) - seen = {} # we map a single SSLContext to multiple listeners - listener_ctx = {} - @listener_opts.each do |address, address_opts| - ssl_opts = address_opts[:ssl_opts] or next - listener_ctx[address] = seen[ssl_opts.object_id] ||= begin - unless sni_hostnames.empty? - ssl_opts = ssl_opts.dup - ssl_opts[:sni_hostnames] = sni_hostnames - end - ctx = Flipper.ssl_context(ssl_opts) - # FIXME: make configurable - ctx.session_cache_mode = OpenSSL::SSL::SSLContext::SESSION_CACHE_OFF - ctx - end - end - Unicorn::HttpServer::LISTENERS.each do |listener| - ctx = listener_ctx[sock_name(listener)] or next - listener.extend(Kgio::SSLServer) - listener.ssl_ctx = ctx - listener.kgio_ssl_class = Unicorn::SSLClient - end - end - - # ugh, this depends on Rack internals... - def rack_sni_hostnames(rack_app) # :nodoc: - hostnames = {} - if Rack::URLMap === rack_app - mapping = rack_app.instance_variable_get(:@mapping) - mapping.each { |hostname,_,_,_| hostnames[hostname] = true } - end - hostnames.keys - end -end |