File 0003-Add-support-for-specifying-ssl-ciphers-via... of Package rubygem-puma.17574

Overview Repositories Revisions Requests Users Attributes Meta

File 0003-Add-support-for-specifying-ssl-ciphers-via-binds-par.patch of Package rubygem-puma.17574

From f51f6b4615a390f0c6bb86559b9a2c5f865e8136 Mon Sep 17 00:00:00 2001
From: dmaiocchi <dmaiocchi@suse.com>
Date: Sat, 1 Aug 2020 09:27:59 +0200
Subject: [PATCH] Add support for specifying ssl ciphers via :binds parameters

---
 ext/puma_http11/org/jruby/puma/MiniSSL.java | 6 ++++++
 lib/puma/binder.rb                          | 2 ++
 lib/puma/const.rb                           | 2 ++
 lib/puma/minissl.rb                         | 2 ++
 4 files changed, 12 insertions(+)

diff --git a/ext/puma_http11/org/jruby/puma/MiniSSL.java b/ext/puma_http11/org/jruby/puma/MiniSSL.java
index 82464255..111c79d9 100644
--- a/ext/puma_http11/org/jruby/puma/MiniSSL.java
+++ b/ext/puma_http11/org/jruby/puma/MiniSSL.java
@@ -180,6 +180,12 @@ public class MiniSSL extends RubyObject {
         engine.setNeedClientAuth(true);
     }
 
+    IRubyObject sslCipherListObject = miniSSLContext.callMethod(threadContext, "ssl_cipher_list");
+    if (!sslCipherListObject.isNil()) {
+      String[] sslCipherList = sslCipherListObject.convertToString().asJavaString().split(",");
+      engine.setEnabledCipherSuites(sslCipherList);
+    }
+
     SSLSession session = engine.getSession();
     inboundNetData = new MiniSSLBuffer(session.getPacketBufferSize());
     outboundAppData = new MiniSSLBuffer(session.getApplicationBufferSize());
diff --git a/lib/puma/binder.rb b/lib/puma/binder.rb
index b794446e..d53f0688 100644
--- a/lib/puma/binder.rb
+++ b/lib/puma/binder.rb
@@ -162,6 +162,7 @@ module Puma
             end
 
             ctx.keystore_pass = params['keystore-pass']
+            ctx.ssl_cipher_list = params['ssl_cipher_list'] if params['ssl_cipher_list']
           else
             unless params['key']
               @events.error "Please specify the SSL key via 'key='"
@@ -182,6 +183,7 @@ module Puma
             end
 
             ctx.ca = params['ca'] if params['ca']
+            ctx.ssl_cipher_filter = params['ssl_cipher_filter'] if params['ssl_cipher_filter']
           end
 
           ctx.no_tlsv1 = true if params['no_tlsv1'] == 'true'
diff --git a/lib/puma/const.rb b/lib/puma/const.rb
index 7166d8c5..3597bb03 100644
--- a/lib/puma/const.rb
+++ b/lib/puma/const.rb
@@ -225,5 +225,7 @@ module Puma
     HIJACK_IO = "rack.hijack_io".freeze
 
     EARLY_HINTS = "rack.early_hints".freeze
+    # Mininum interval to checks worker health
+    WORKER_CHECK_INTERVAL = 5
   end
 end
diff --git a/lib/puma/minissl.rb b/lib/puma/minissl.rb
index d48c5c13..c4dcad24 100644
--- a/lib/puma/minissl.rb
+++ b/lib/puma/minissl.rb
@@ -186,6 +186,7 @@ module Puma
         # jruby-specific Context properties: java uses a keystore and password pair rather than a cert/key pair
         attr_reader :keystore
         attr_accessor :keystore_pass
+        attr_accessor :ssl_cipher_list
 
         def keystore=(keystore)
           raise ArgumentError, "No such keystore file '#{keystore}'" unless File.exist? keystore
@@ -201,6 +202,7 @@ module Puma
         attr_reader :key
         attr_reader :cert
         attr_reader :ca
+        attr_accessor :ssl_cipher_filter
 
         def key=(key)
           raise ArgumentError, "No such key file '#{key}'" unless File.exist? key
-- 
2.26.2

Places

File 0003-Add-support-for-specifying-ssl-ciphers-via-binds-par.patch of Package rubygem-puma.17574

Places