class Puma::MiniSSL::Context
def ca=(ca)
def ca=(ca) check_file ca, 'ca' @ca = ca end
def cert=(cert)
def cert=(cert) check_file cert, 'Cert' @cert = cert end
def cert_pem=(cert_pem)
def cert_pem=(cert_pem) raise ArgumentError, "'cert_pem' is not a String" unless cert_pem.is_a? String @cert_pem = cert_pem end
def check
def check raise "Keystore not configured" unless @keystore # @truststore defaults to @keystore due backwards compatibility end
def check
def check raise "Key not configured" if @key.nil? && @key_pem.nil? raise "Cert not configured" if @cert.nil? && @cert_pem.nil? end
def check_file(file, desc)
def check_file(file, desc) raise ArgumentError, "#{desc} file '#{file}' does not exist" unless File.exist? file raise ArgumentError, "#{desc} file '#{file}' is not readable" unless File.readable? file end
def cipher_suites=(list)
def cipher_suites=(list) list = list.split(',').map(&:strip) if list.is_a?(String) @cipher_suites = list end
def initialize
def initialize @no_tlsv1 = false @no_tlsv1_1 = false @key = nil @cert = nil @key_pem = nil @cert_pem = nil @reuse = nil @reuse_cache_size = nil @reuse_timeout = nil end
def key=(key)
def key=(key) check_file key, 'Key' @key = key end
def key_password
def key_password raise "Key password command not configured" if @key_password_command.nil? stdout_str, stderr_str, status = Open3.capture3(@key_password_command) return stdout_str.chomp if status.success? raise "Key password failed with code #{status.exitstatus}: #{stderr_str}" end
def key_password_command=(key_password_command)
def key_password_command=(key_password_command) @key_password_command = key_password_command end
def key_pem=(key_pem)
def key_pem=(key_pem) raise ArgumentError, "'key_pem' is not a String" unless key_pem.is_a? String @key_pem = key_pem end
def keystore=(keystore)
def keystore=(keystore) check_file keystore, 'Keystore' @keystore = keystore end
def keystore_type=(type)
def keystore_type=(type) raise ArgumentError, "Invalid keystore type: #{type.inspect}" unless ['pkcs12', 'jks', nil].include?(type) @keystore_type = type end
def no_tlsv1=(tlsv1)
disables TLSv1
def no_tlsv1=(tlsv1) raise ArgumentError, "Invalid value of no_tlsv1=" unless ['true', 'false', true, false].include?(tlsv1) @no_tlsv1 = tlsv1 end
def no_tlsv1_1=(tlsv1_1)
disables TLSv1 and TLSv1.1. Overrides `#no_tlsv1=`
def no_tlsv1_1=(tlsv1_1) raise ArgumentError, "Invalid value of no_tlsv1_1=" unless ['true', 'false', true, false].include?(tlsv1_1) @no_tlsv1_1 = tlsv1_1 end
def protocols=(list)
def protocols=(list) list = list.split(',').map(&:strip) if list.is_a?(String) @protocols = list end
def reuse=(reuse_str)
* ',t' - where t is an integer strings for timeout.
* 's' - where s is an integer strings for size.
* 's,t' - where s and t are integer strings, for size and timeout.
20k and default timeout of 300 seconds.
* 'dflt' - sets session reuse on, with OpenSSL default cache size of
in case reuse 'on' is made the default in future Puma versions.
* 'off' - matches the behavior of Puma 5.6 and earlier. This is included
Controls session reuse. Allowed values are as follows:
def reuse=(reuse_str) case reuse_str when 'off' @reuse = nil when 'dflt' @reuse = true when /\A\d+\z/ @reuse = true @reuse_cache_size = reuse_str.to_i when /\A\d+,\d+\z/ @reuse = true size, time = reuse_str.split ',' @reuse_cache_size = size.to_i @reuse_timeout = time.to_i when /\A,\d+\z/ @reuse = true @reuse_timeout = reuse_str.delete(',').to_i end end
def truststore=(truststore)
def truststore=(truststore) # NOTE: historically truststore was assumed the same as keystore, this is kept for backwards # compatibility, to rely on JVM's trust defaults we allow setting `truststore = :default` unless truststore.eql?(:default) raise ArgumentError, "No such truststore file '#{truststore}'" unless File.exist?(truststore) end @truststore = truststore end
def truststore_type=(type)
def truststore_type=(type) raise ArgumentError, "Invalid truststore type: #{type.inspect}" unless ['pkcs12', 'jks', nil].include?(type) @truststore_type = type end