diff options
author | Kazuki Yamaguchi <k@rhe.jp> | 2016-05-08 16:24:46 +0900 |
---|---|---|
committer | Kazuki Yamaguchi <k@rhe.jp> | 2016-05-08 16:24:46 +0900 |
commit | bf51162affc1b21c5fc6db5a88f206403a0fae9e (patch) | |
tree | f680bb5c459a3ce3f2008c07787cc0dc84804719 | |
parent | 71d6dd10857a3d3ea3e58d5debff98d2426775ee (diff) | |
parent | 622e71b515e34393dc8be072f464bbe75cea9566 (diff) | |
download | plum-bf51162affc1b21c5fc6db5a88f206403a0fae9e.tar.gz |
Merge branch 'topic/openssl-1.1.0'
* topic/openssl-1.1.0:
examples/static_server: call ctx.tmp_ecdh_callback only when needed
rack/listener: tls: call tmp_ecdh_callback only when needed
-rw-r--r-- | examples/static_server.rb | 8 | ||||
-rw-r--r-- | lib/plum/rack/listener.rb | 4 |
2 files changed, 8 insertions, 4 deletions
diff --git a/examples/static_server.rb b/examples/static_server.rb index d26b91c..6f7e00a 100644 --- a/examples/static_server.rb +++ b/examples/static_server.rb @@ -26,9 +26,11 @@ ctx.alpn_select_cb = -> protocols { raise "Client does not support HTTP/2: #{protocols}" unless protocols.include?("h2") "h2" } -ctx.tmp_ecdh_callback = -> (sock, ise, keyl) { - OpenSSL::PKey::EC.new("prime256v1") -} +if ctx.respond_to?(:tmp_ecdh_callback) && !ctx.respond_to?(:set_ecdh_curves) + ctx.tmp_ecdh_callback = -> (sock, ise, keyl) { + OpenSSL::PKey::EC.new("prime256v1") + } +end ctx.cert = OpenSSL::X509::Certificate.new File.read(".crt.local") ctx.key = OpenSSL::PKey::RSA.new File.read(".key.local") tcp_server = TCPServer.new("0.0.0.0", 40443) diff --git a/lib/plum/rack/listener.rb b/lib/plum/rack/listener.rb index 901642e..1628ec7 100644 --- a/lib/plum/rack/listener.rb +++ b/lib/plum/rack/listener.rb @@ -63,7 +63,9 @@ module Plum ctx = OpenSSL::SSL::SSLContext.new ctx.ssl_version = :TLSv1_2 ctx.alpn_select_cb = -> (protocols) { protocols.include?("h2") ? "h2" : protocols.first } - ctx.tmp_ecdh_callback = -> (sock, ise, keyl) { OpenSSL::PKey::EC.new("prime256v1") } + if ctx.respond_to?(:tmp_ecdh_callback) && !ctx.respond_to?(:set_ecdh_curves) + ctx.tmp_ecdh_callback = -> (sock, ise, keyl) { OpenSSL::PKey::EC.new("prime256v1") } + end *ctx.extra_chain_cert, ctx.cert = parse_chained_cert(cert) ctx.key = OpenSSL::PKey::RSA.new(key) ctx.servername_cb = proc { |sock, hostname| |