unicorn.git  about / heads / tags
Rack HTTP server for Unix and fast clients
blob 34f09ec3fefc41c108f849819f55e93fef525dad 2542 bytes (raw)
$ git show 4.x-stable:lib/unicorn/ssl_configurator.rb	# shows this blob on the CLI

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
 
# -*- encoding: binary -*-
# :stopdoc:
# This module is included in Unicorn::Configurator
# :startdoc:
#
module Unicorn::SSLConfigurator
  def ssl(&block)
    ssl_require!
    before = @set[:listeners].dup
    opts = @set[:ssl_opts] = {}
    yield
    (@set[:listeners] - before).each do |address|
      (@set[:listener_opts][address] ||= {})[:ssl_opts] = opts
    end
    ensure
      @set.delete(:ssl_opts)
  end

  def ssl_certificate(file)
    ssl_set(:ssl_certificate, file)
  end

  def ssl_certificate_key(file)
    ssl_set(:ssl_certificate_key, file)
  end

  def ssl_client_certificate(file)
    ssl_set(:ssl_client_certificate, file)
  end

  def ssl_dhparam(file)
    ssl_set(:ssl_dhparam, file)
  end

  def ssl_ciphers(openssl_cipherlist_spec)
    ssl_set(:ssl_ciphers, openssl_cipherlist_spec)
  end

  def ssl_crl(file)
    ssl_set(:ssl_crl, file)
  end

  def ssl_prefer_server_ciphers(bool)
    ssl_set(:ssl_prefer_server_ciphers, check_bool(bool))
  end

  def ssl_protocols(list)
    ssl_set(:ssl_protocols, list)
  end

  def ssl_verify_client(on_off_optional)
    ssl_set(:ssl_verify_client, on_off_optional)
  end

  def ssl_session_timeout(seconds)
    ssl_set(:ssl_session_timeout, seconds)
  end

  def ssl_verify_depth(depth)
    ssl_set(:ssl_verify_depth, depth)
  end

  # Allows specifying an engine for OpenSSL to use.  We have not been
  # able to successfully test this feature due to a lack of hardware,
  # Reports of success or patches to unicorn-public@bogomips.org is
  # greatly appreciated.
  def ssl_engine(engine)
    ssl_warn_global(:ssl_engine)
    ssl_require!
    OpenSSL::Engine.load
    OpenSSL::Engine.by_id(engine)
    @set[:ssl_engine] = engine
  end

  def ssl_compression(bool)
    # OpenSSL uses the SSL_OP_NO_COMPRESSION flag, Flipper follows suit
    # with :ssl_no_compression, but we negate it to avoid exposing double
    # negatives to the user.
    ssl_set(:ssl_no_compression, check_bool(:ssl_compression, ! bool))
  end

private

  def ssl_warn_global(func) # :nodoc:
    Hash === @set[:ssl_opts] or return
    warn("`#{func}' affects all SSL contexts in this process, " \
         "not just this block")
  end

  def ssl_set(key, value) # :nodoc:
    cur = @set[:ssl_opts]
    Hash === cur or
             raise ArgumentError, "#{key} must be called inside an `ssl' block"
    cur[key] = value
  end

  def ssl_require! # :nodoc:
    require "flipper"
    require "unicorn/ssl_client"
    rescue LoadError
      warn "install 'kgio-monkey' for SSL support"
      raise
  end
end

git clone https://yhbt.net/unicorn.git