Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ssl: support IO-like object as the underlying transport #736

Open
wants to merge 6 commits into
base: master
Choose a base branch
from
Open

ssl: support IO-like object as the underlying transport #736

wants to merge 6 commits into from

Commits on Sep 5, 2024

  1. ssl: remove redundant ossl_ssl_ex_vcb_idx 

    The SSL ex_data index is used for storing the verify_callback Proc. The
only user of it, ossl_ssl_verify_callback(), can find the callback by
looking at the SSLContext object which is always known.
    @rhenium
    rhenium committed Sep 5, 2024
    Configuration menu
    Copy the full SHA
    3a3d6e2 View commit details
    Browse the repository at this point in the history

  2. ssl: remove unnecessary GetOpenFile() check in SSLSocket#syswrite* 

    This is no longer necessary as of commit 22e601a (Remove usage of
IO internals. (ruby#627), 2023-05-29).
    @rhenium
    rhenium committed Sep 5, 2024
    Configuration menu
    Copy the full SHA
    67587df View commit details
    Browse the repository at this point in the history

  3. ssl: allow underlying socket to not implement #remote_address 

    The result value is used for generating an informative error message.
Let's just say "unsupported" if it's not available.
    @rhenium
    rhenium committed Sep 5, 2024
    Configuration menu
    Copy the full SHA
    c19ff32 View commit details
    Browse the repository at this point in the history

  4. ssl: allow underlying socket to not implement #sync 

    The value is used to determine whether SSLSocket should skip buffering
in OpenSSL::Buffering or not. Defaulting to true (no buffering) should
be a safe option.
    @rhenium
    rhenium committed Sep 5, 2024
    Configuration menu
    Copy the full SHA
    a5ed9e6 View commit details
    Browse the repository at this point in the history

  5. bio: add a BIO method that wraps IO-like object 

    Implement a minimal BIO_METHOD required for SSL/TLS. The underlying
IO-like object must implement the following methods:

 - #read_nonblock(len, exception: false)
 - #write_nonblock(str, exception: false)
 - #flush

This will be used in a later commit with OpenSSL::SSL::SSLSocket.
    @rhenium
    rhenium committed Sep 5, 2024
    Configuration menu
    Copy the full SHA
    0ff6d21 View commit details
    Browse the repository at this point in the history

  6. ssl: support IO-like object as the underlying transport 

    OpenSSL::SSL::SSLSocket currently requires a real IO (socket) object
because it passes the file descriptor to OpenSSL.

OpenSSL internally uses an I/O abstraction layer called BIO to interact
with the underlying socket. BIO is pluggable; the implementation can be
supplied by a user application as long as it implements the necessary
BIO functions. We can make our own BIO implementation ("BIO method")
that wraps any Ruby IO-like object using normal Ruby method calls.

Support for such an IO-like object is useful for establishing TLS
connections on top of non-OS sockets, such as another TLS connection or
an HTTP/2 tunnel.

For performance reason, this patch continues to use the original socket
BIO if the user passes a real IO object.
    @rhenium
    rhenium committed Sep 5, 2024
    Configuration menu
    Copy the full SHA
    84ead32 View commit details
    Browse the repository at this point in the history