Sha256: 452235395949688fe11984ec848d8f8f73c380b3c6c8b5249cc5553c15624837
Contents?: true
Size: 1.88 KB
Versions: 5
Compression:
Stored size: 1.88 KB
Contents
module Reel
class Server
class HTTPS < Server
# Create a new Reel HTTPS server
#
# @param [String] host address to bind to
# @param [Fixnum] port to bind to
# @option options [Fixnum] backlog of requests to accept
# @option options [String] :cert the server's TLS certificate
# @option options [String] :key the server's TLS key
# @option options [Array] :extra_cert_chain TLS certificate chain
#
# @return [Reel::Server::HTTPS] Reel HTTPS server actor
def initialize(host, port, options={}, &callback)
# Ideally we can encapsulate this rather than making Ruby OpenSSL a
# mandatory part of the Reel API. It would be nice to support
# alternatives (e.g. Puma's MiniSSL)
ssl_context = OpenSSL::SSL::SSLContext.new
ssl_context.cert = OpenSSL::X509::Certificate.new options.fetch(:cert)
ssl_context.key = OpenSSL::PKey::RSA.new options.fetch(:key)
ssl_context.ca_file = options[:ca_file]
ssl_context.ca_path = options[:ca_path]
ssl_context.extra_chain_cert = options[:extra_chain_cert]
# if verify_mode isn't explicitly set, verify peers if we've
# been provided CA information that would enable us to do so
ssl_context.verify_mode = if options.include?(:verify_mode)
options[:verify_mode]
elsif options.include?(:ca_file)
OpenSSL::SSL::VERIFY_PEER
elsif options.include?(:ca_path)
OpenSSL::SSL::VERIFY_PEER
else
OpenSSL::SSL::VERIFY_NONE
end
@tcpserver = Celluloid::IO::TCPServer.new(host, port)
server = Celluloid::IO::SSLServer.new(@tcpserver, ssl_context)
options.merge!(host: host, port: port)
options[:rescue] = [ OpenSSL::SSL::SSLError ]
super(server, options, &callback)
end
end
end
end
Version data entries
5 entries across 5 versions & 1 rubygems