- Accept new connections with #accept instead of #accept_nonblock
- Remove SSLExtensions module as this is no longer required
- Pass a class to UNIXSocket.recv_io to have the C-code instantiate our socket server. If we don't, they have a habit of getting garbage collected resulting in Errno:EBADF exceptions
- Fix bug where new restart code didn't work with TLS servers
- Add echo server tests for UNIX and TLS servers
- Rewrite restart code to avoid potentially nasty hangs.
- Handle an error raised (
Errno::EINVAL) when a client would connect and immediately disconnect before any processing occurs.
- When restarting a server, the socket is passed to the new server via a UNIX socket instead of inheriting open file descriptors from the parent.
- Incoming connections can be restricted to certain networks by setting
allowed_networksin the configuration.
- Allow multiple certificates to be used in one build file
- Verify client TLS certificates
- Allow trusted client CA to be set
- Prevent bad SSL handshakes from crashing server
- Add TLS support for TCP connections
- Use an internal pipe for delivering signals to the main thread.
accept_connectionsretired in favour of a select loop andaccept_client_connectionbeing called for each waiting connection- Logging when shutting down or restarting