Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support localhost integration in ssl_bind #2711

Closed
wants to merge 4 commits into from
Closed

Support localhost integration in ssl_bind #2711

wants to merge 4 commits into from

Conversation

rodzyn
Copy link
Contributor

@rodzyn rodzyn commented Sep 23, 2021
edited
Loading

Description

Hello, here is my attempt to fix #2708

Closes #2708

Your checklist for this pull request

  • I have reviewed the guidelines for contributing to this repository.
  • I have added (or updated) appropriate tests if this PR fixes a bug or adds a feature.
  • My pull request is 100 lines added/removed or less so that it can be easily reviewed.
  • If this PR doesn't need tests (docs change), I added [ci skip] to the title of the PR.
  • If this closes any issues, I have added "Closes #issue" to the PR description or my commit messages.
  • I have updated the documentation accordingly.
  • All new and existing tests passed, including Rubocop.

dentarg
dentarg reviewed Sep 25, 2021
View reviewed changes
Copy link
Member

@dentarg dentarg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is it possible to add a test for this?

lib/puma/dsl.rb Outdated Show resolved Hide resolved
nateberkopec
nateberkopec requested changes Sep 25, 2021
View reviewed changes
Copy link
Member

@nateberkopec nateberkopec left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for your contribution! Agreed with all @dentarg's points and added a few of my own.

lib/puma/dsl.rb Outdated Show resolved Hide resolved
lib/puma/dsl.rb Outdated Show resolved Hide resolved
lib/puma/dsl.rb Outdated Show resolved Hide resolved
lib/puma/dsl.rb Outdated Show resolved Hide resolved
@rodzyn
Copy link
Contributor Author

rodzyn commented Oct 1, 2021

@nateberkopec @dentarg
I made some more bold changes in this approach. It's more of a draft for now so the code is messy but I just wanted to double-check if that might be a good direction to follow.

It still needs some additional tests to be added (I only tested it on my local example-apps)

nateberkopec
nateberkopec reviewed Oct 1, 2021
View reviewed changes
lib/puma/binder.rb
@ios[ios_len..-1].each do |i|
addr = loc_addr_str i
logger.log "* #{log_msg} on ssl://#{addr}?#{uri.query}"
logger.log "* #{log_msg} on ssl://#{addr}?#{uri_query}"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why change this? Looks to me like uri.query is still available?

Copy link
Contributor Author

@rodzyn rodzyn Oct 2, 2021
edited by dentarg
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So uri.query as uri comes from

puma/lib/puma/dsl.rb

Lines 66 to 67 in 20dc923

"ssl://#{host}:#{port}?cert=#{opts[:cert]}&key=#{opts[:key]}" \
"#{ssl_cipher_filter}&verify_mode=#{verify}#{tls_str}#{ca_additions}#{v_flags}"
(where there is no possibility to detect localhost gem, that was in my try in the first attempt) so it gets the URI with empty key and cert values (&key=&cert=).
These empty values are transformed to Hash and stored in params variable here

puma/lib/puma/binder.rb

Line 230 in 20dc923

params = Util.parse_query uri.query
, and then the current implementation is transforming them (default localhost gem paths). In the end only params is "enriched" by new values, thus I'm transforming it back from Hash to String

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In the end only params is "enriched" by new values

I think we should have a comment about this somewhere, to help future readers understand that directly (I didn't know either), maybe where uri_query is defined or where params is passed to MiniSSL::ContextBuilder.new. WDYT?

Just mentioning this, not sure what we can do right now about it: there's another PR (#2728) changing code related to this, see https://github.com/puma/puma/pull/2728/files#diff-b771cc8da488f9700644eadd48510a23b1c2d5a7776dbc983eae1d2338536fd7. If I understand things correctly, with both these changes as-is, we would be logging cert_pem and cert_key if you are using the functionality added in #2728. I guess it would be up to the PR that's merged last to deal with that :) cc @dalibor

Copy link
Contributor Author

@rodzyn rodzyn Oct 29, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank @dentarg for bringing up #2728, it looks like really nice work, so I'll probably wait for that to be merged, and rebase that PR on these changes. I'm not sure if that will fix this workaround here, I'll need to dive again into this ;)

@nateberkopec
Copy link
Member

LGTM, tests is the only thing it really needs 👍

@rodzyn rodzyn force-pushed the fix_ssl_bind_compatibility branch from 1215cdf to 1d3f775 Compare October 4, 2021 21:19
@rodzyn rodzyn requested review from dentarg and nateberkopec October 4, 2021 21:22
@nateberkopec nateberkopec added bug waiting-for-review Waiting on review from anyone labels Oct 7, 2021
@rodzyn rodzyn requested a review from dentarg October 27, 2021 20:55
@dentarg dentarg changed the title Support localhost integratin in ssl_bind Support localhost integration in ssl_bind Oct 28, 2021
dentarg added a commit to dentarg/puma that referenced this pull request Dec 11, 2021
@dentarg
Support localhost integration in ssl_bind
6fba34a 
Close puma#2708
Close puma#2711

Co-authored-by: Marcin Olichwirowicz <marcin.olichwirowicz@nedap.com>
@dentarg dentarg mentioned this pull request Dec 11, 2021
Merged
7 tasks
@dentarg
Copy link
Member

dentarg commented Dec 11, 2021

@rodzyn After #2728 this only needed a small change so I made it in #2764 and added you as co-author

dentarg added a commit to dentarg/puma that referenced this pull request Dec 12, 2021
@dentarg
Support localhost integration in ssl_bind
3f0ba58 
Close puma#2708
Close puma#2711

Co-authored-by: Marcin Olichwirowicz <marcin.olichwirowicz@nedap.com>
dentarg added a commit to dentarg/puma that referenced this pull request Dec 12, 2021
@dentarg
Support localhost integration in ssl_bind
f2b573c 
Close puma#2708
Close puma#2711

Co-authored-by: Marcin Olichwirowicz <marcin.olichwirowicz@nedap.com>
dentarg added a commit to dentarg/puma that referenced this pull request Dec 13, 2021
@dentarg
Support localhost integration in ssl_bind
2b75c64 
Close puma#2708
Close puma#2711

Co-authored-by: Marcin Olichwirowicz <marcin.olichwirowicz@nedap.com>
nateberkopec pushed a commit that referenced this pull request Jan 18, 2022
@dentarg
Support localhost integration in ssl_bind (#2764)
03be0aa 
Close #2708
Close #2711

Co-authored-by: Marcin Olichwirowicz <marcin.olichwirowicz@nedap.com>

Co-authored-by: Marcin Olichwirowicz <marcin.olichwirowicz@nedap.com>
JuanitoFatas pushed a commit to JuanitoFatas/puma that referenced this pull request Sep 9, 2022
@dentarg @JuanitoFatas
Support localhost integration in ssl_bind (puma#2764)
1a8bd06 
Close puma#2708
Close puma#2711

Co-authored-by: Marcin Olichwirowicz <marcin.olichwirowicz@nedap.com>

Co-authored-by: Marcin Olichwirowicz <marcin.olichwirowicz@nedap.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nateberkopec nateberkopec nateberkopec approved these changes

@dentarg dentarg Awaiting requested review from dentarg

Assignees
No one assigned
Labels
bug waiting-for-review Waiting on review from anyone
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

ssl_bind not compatible with localhost integration
3 participants
@rodzyn @nateberkopec @dentarg