1 files changed, 97 insertions, 5 deletions

diff --git a/lib/webrick/https.rb b/lib/webrick/https.rb
index 0d8ebd2ba3..4826654d3a 100644
--- a/lib/webrick/https.rb
+++ b/lib/webrick/https.rb
@@ -1,3 +1,4 @@
+# frozen_string_literal: false
 #
 # https.rb -- SSL/TLS enhancement for HTTPServer
 #
@@ -9,20 +10,41 @@
 # $IPR: https.rb,v 1.15 2003/07/22 19:20:42 gotoyuzo Exp $
 
 require 'webrick/ssl'
+require 'webrick/httpserver'
 
 module WEBrick
   module Config
     HTTP.update(SSL)
   end
 
+  ##
+  #--
+  # Adds SSL functionality to WEBrick::HTTPRequest
+
   class HTTPRequest
-    attr_reader :cipher, :server_cert, :client_cert
+
+    ##
+    # HTTP request SSL cipher
+
+    attr_reader :cipher
+
+    ##
+    # HTTP request server certificate
+
+    attr_reader :server_cert
+
+    ##
+    # HTTP request client certificate
+
+    attr_reader :client_cert
+
+    # :stopdoc:
 
     alias orig_parse parse
 
     def parse(socket=nil)
-      if socket && socket.is_a?(OpenSSL::SSL::SSLSocket)
-        @server_cert = @config[:SSLCertificate]
+      if socket.respond_to?(:cert)
+        @server_cert = socket.cert || @config[:SSLCertificate]
         @client_cert = socket.peer_cert
         @client_cert_chain = socket.peer_cert_chain
         @cipher      = socket.cipher
@@ -33,17 +55,18 @@ module WEBrick
     alias orig_parse_uri parse_uri
 
     def parse_uri(str, scheme="https")
-      if @server_cert
+      if server_cert
         return orig_parse_uri(str, scheme)
       end
       return orig_parse_uri(str)
     end
+    private :parse_uri
 
     alias orig_meta_vars meta_vars
 
     def meta_vars
       meta = orig_meta_vars
-      if @server_cert
+      if server_cert
         meta["HTTPS"] = "on"
         meta["SSL_SERVER_CERT"] = @server_cert.to_pem
         meta["SSL_CLIENT_CERT"] = @client_cert ? @client_cert.to_pem : ""
@@ -53,8 +76,77 @@ module WEBrick
           }
         end
         meta["SSL_CIPHER"] = @cipher[0]
+        meta["SSL_PROTOCOL"] = @cipher[1]
+        meta["SSL_CIPHER_USEKEYSIZE"] = @cipher[2].to_s
+        meta["SSL_CIPHER_ALGKEYSIZE"] = @cipher[3].to_s
       end
       meta
     end
+
+    # :startdoc:
+  end
+
+  ##
+  #--
+  # Fake WEBrick::HTTPRequest for lookup_server
+
+  class SNIRequest
+
+    ##
+    # The SNI hostname
+
+    attr_reader :host
+
+    ##
+    # The socket address of the server
+
+    attr_reader :addr
+
+    ##
+    # The port this request is for
+
+    attr_reader :port
+
+    ##
+    # Creates a new SNIRequest.
+
+    def initialize(sslsocket, hostname)
+      @host = hostname
+      @addr = sslsocket.addr
+      @port = @addr[1]
+    end
+  end
+
+
+  ##
+  #--
+  # Adds SSL functionality to WEBrick::HTTPServer
+
+  class HTTPServer < ::WEBrick::GenericServer
+    ##
+    # ServerNameIndication callback
+
+    def ssl_servername_callback(sslsocket, hostname = nil)
+      req = SNIRequest.new(sslsocket, hostname)
+      server = lookup_server(req)
+      server ? server.ssl_context : nil
+    end
+
+    # :stopdoc:
+
+    ##
+    # Check whether +server+ is also SSL server.
+    # Also +server+'s SSL context will be created.
+
+    alias orig_virtual_host virtual_host
+
+    def virtual_host(server)
+      if @config[:SSLEnable] && !server.ssl_context
+        raise ArgumentError, "virtual host must set SSLEnable to true"
+      end
+      orig_virtual_host(server)
+    end
+
+    # :startdoc:
   end
 end