Skip to content

Allow mutual TLS CA to be set using ssl_bind DSL #1689

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
evanphx merged 1 commit into from
Mar 11, 2019
Merged

Allow mutual TLS CA to be set using ssl_bind DSL #1689

evanphx merged 1 commit into from
Mar 11, 2019

Conversation

@michaelherold
Copy link
Contributor

@michaelherold michaelherold commented Dec 19, 2018

When using mutual TLS, you must specify the CA certificate chain to use
for verifying the peer. Using Puma's ssl_bind DSL did not give you the
option of doing so, which lead to confusing errors when attempting to
use it.

Now, when specifying the verify_mode as either peer or force_peer,
you can use the DSL to set the ca value as needed within the Binder.
This allows you to use the DSL instead of falling back to the default
bind syntax via the URI-style configuration pattern.

@evanphx
Copy link
Member

evanphx commented Feb 20, 2019

Could you rebase this on master? There have been a few fixes around this code merged lately.

@michaelherold
Allow mutual TLS CA to be set using ssl_bind DSL
5a92683 
When using mutual TLS, you must specify the CA certificate chain to use
for verifying the peer. Using Puma's `ssl_bind` DSL did not give you the
option of doing so, which lead to confusing errors when attempting to
use it.

Now, when specifying the `verify_mode` as either `peer` or `force_peer`,
you can use the DSL to set the `ca` value as needed within the `Binder`.
This allows you to use the DSL instead of falling back to the default
`bind` syntax via the URI-style configuration pattern.
@michaelherold michaelherold force-pushed the allow-ca-to-be-set-in-bind-dsl branch from 489eef4 to 5a92683 Compare February 20, 2019 20:27
@michaelherold
Copy link
Contributor Author

michaelherold commented Feb 20, 2019

Done!

@evanphx evanphx merged commit 6568aae into puma:master Mar 11, 2019
@michaelherold michaelherold deleted the allow-ca-to-be-set-in-bind-dsl branch December 10, 2019 16:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@michaelherold @evanphx