summaryrefslogtreecommitdiff
path: root/lib/webrick/https.rb
diff options
context:
space:
mode:
Diffstat (limited to 'lib/webrick/https.rb')
-rw-r--r--lib/webrick/https.rb97
1 files changed, 93 insertions, 4 deletions
diff --git a/lib/webrick/https.rb b/lib/webrick/https.rb
index 81b65ce803..b0a49bc40b 100644
--- a/lib/webrick/https.rb
+++ b/lib/webrick/https.rb
@@ -1,3 +1,4 @@
+# frozen_string_literal: false
#
# https.rb -- SSL/TLS enhancement for HTTPServer
#
@@ -8,15 +9,36 @@
#
# $IPR: https.rb,v 1.15 2003/07/22 19:20:42 gotoyuzo Exp $
-require 'webrick/ssl'
+require_relative 'ssl'
+require_relative 'httpserver'
module WEBrick
module Config
HTTP.update(SSL)
end
+ ##
+ #--
+ # Adds SSL functionality to WEBrick::HTTPRequest
+
class HTTPRequest
- attr_reader :cipher, :server_cert, :client_cert
+
+ ##
+ # HTTP request SSL cipher
+
+ attr_reader :cipher
+
+ ##
+ # HTTP request server certificate
+
+ attr_reader :server_cert
+
+ ##
+ # HTTP request client certificate
+
+ attr_reader :client_cert
+
+ # :stopdoc:
alias orig_parse parse
@@ -33,17 +55,18 @@ module WEBrick
alias orig_parse_uri parse_uri
def parse_uri(str, scheme="https")
- if @server_cert
+ if server_cert
return orig_parse_uri(str, scheme)
end
return orig_parse_uri(str)
end
+ private :parse_uri
alias orig_meta_vars meta_vars
def meta_vars
meta = orig_meta_vars
- if @server_cert
+ if server_cert
meta["HTTPS"] = "on"
meta["SSL_SERVER_CERT"] = @server_cert.to_pem
meta["SSL_CLIENT_CERT"] = @client_cert ? @client_cert.to_pem : ""
@@ -59,5 +82,71 @@ module WEBrick
end
meta
end
+
+ # :startdoc:
+ end
+
+ ##
+ #--
+ # Fake WEBrick::HTTPRequest for lookup_server
+
+ class SNIRequest
+
+ ##
+ # The SNI hostname
+
+ attr_reader :host
+
+ ##
+ # The socket address of the server
+
+ attr_reader :addr
+
+ ##
+ # The port this request is for
+
+ attr_reader :port
+
+ ##
+ # Creates a new SNIRequest.
+
+ def initialize(sslsocket, hostname)
+ @host = hostname
+ @addr = sslsocket.addr
+ @port = @addr[1]
+ end
+ end
+
+
+ ##
+ #--
+ # Adds SSL functionality to WEBrick::HTTPServer
+
+ class HTTPServer < ::WEBrick::GenericServer
+ ##
+ # ServerNameIndication callback
+
+ def ssl_servername_callback(sslsocket, hostname = nil)
+ req = SNIRequest.new(sslsocket, hostname)
+ server = lookup_server(req)
+ server ? server.ssl_context : nil
+ end
+
+ # :stopdoc:
+
+ ##
+ # Check whether +server+ is also SSL server.
+ # Also +server+'s SSL context will be created.
+
+ alias orig_virtual_host virtual_host
+
+ def virtual_host(server)
+ if @config[:SSLEnable] && !server.ssl_context
+ raise ArgumentError, "virtual host must set SSLEnable to true"
+ end
+ orig_virtual_host(server)
+ end
+
+ # :startdoc:
end
end
generated by cgit v1.2.3 (git 2.25.1) at 2026-05-29 18:38:53 +0000