always_verify_ssl_certificates 0.1.0

Sign up to get free protection for your applications and to get access to all the features.
data/.document ADDED
@@ -0,0 +1,5 @@
1
+ README.rdoc
2
+ lib/**/*.rb
3
+ bin/*
4
+ features/**/*.feature
5
+ LICENSE
data/.gitignore ADDED
@@ -0,0 +1,21 @@
1
+ ## MAC OS
2
+ .DS_Store
3
+
4
+ ## TEXTMATE
5
+ *.tmproj
6
+ tmtags
7
+
8
+ ## EMACS
9
+ *~
10
+ \#*
11
+ .\#*
12
+
13
+ ## VIM
14
+ *.swp
15
+
16
+ ## PROJECT::GENERAL
17
+ coverage
18
+ rdoc
19
+ pkg
20
+
21
+ ## PROJECT::SPECIFIC
data/LICENSE ADDED
@@ -0,0 +1,20 @@
1
+ Copyright (c) 2009 James Golick
2
+
3
+ Permission is hereby granted, free of charge, to any person obtaining
4
+ a copy of this software and associated documentation files (the
5
+ "Software"), to deal in the Software without restriction, including
6
+ without limitation the rights to use, copy, modify, merge, publish,
7
+ distribute, sublicense, and/or sell copies of the Software, and to
8
+ permit persons to whom the Software is furnished to do so, subject to
9
+ the following conditions:
10
+
11
+ The above copyright notice and this permission notice shall be
12
+ included in all copies or substantial portions of the Software.
13
+
14
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
15
+ EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
16
+ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
17
+ NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
18
+ LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
19
+ OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
20
+ WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
data/README.rdoc ADDED
@@ -0,0 +1,20 @@
1
+ = always_verify_ssl_certificates
2
+
3
+ Ruby's net/http is setup to never verify SSL certificates by default. Most ruby libraries do the same. That means that you're not verifying the identity of the server you're communicating with and are therefore exposed to man in the middle attacks. This gem monkey-patches net/http to force certificate verification and make turning it off impossible.
4
+
5
+ All you need to do is require this gem, and set a path to your certificate authority bundle or directory:
6
+
7
+ $ gem install always_verify_ssl_certificates
8
+
9
+ require "always_verify_ssl_certificates"
10
+ AlwaysVerifySSLCertificates.ca_file = "/etc/pki/tls/certs/ca-bundle.crt" # the centos location
11
+
12
+ You can find that bundle at the following locations on various operating systems
13
+
14
+ * CentOS / RHEL (I assume): AlwaysVerifySSLCertificates.ca_file = /etc/pki/tls/certs/ca-bundle.crt
15
+ * Debian: AlwaysVerifySSLCertificates.ca_path = /etc/ssl/certs
16
+ * OS X: ????
17
+
18
+ == Copyright
19
+
20
+ Copyright (c) 2010 James Golick. See LICENSE for details.
data/Rakefile ADDED
@@ -0,0 +1,51 @@
1
+ require 'rubygems'
2
+ require 'rake'
3
+
4
+ begin
5
+ require 'jeweler'
6
+ Jeweler::Tasks.new do |gem|
7
+ gem.name = "always_verify_ssl_certificates"
8
+ gem.summary = %Q{Force net/http to always verify SSL certificates.}
9
+ gem.description = %Q{Ruby’s net/http is setup to never verify SSL certificates by default. Most ruby libraries do the same. That means that you’re not verifying the identity of the server you’re communicating with and are therefore exposed to man in the middle attacks. This gem monkey-patches net/http to force certificate verification and make turning it off impossible.}
10
+ gem.email = "jamesgolick@gmail.com"
11
+ gem.homepage = "http://github.com/jamesgolick/always_verify_ssl_certificates"
12
+ gem.authors = ["James Golick"]
13
+ end
14
+ Jeweler::GemcutterTasks.new
15
+ rescue LoadError
16
+ puts "Jeweler (or a dependency) not available. Install it with: gem install jeweler"
17
+ end
18
+
19
+ require 'rake/testtask'
20
+ Rake::TestTask.new(:test) do |test|
21
+ test.libs << 'lib' << 'test'
22
+ test.pattern = 'test/**/test_*.rb'
23
+ test.verbose = true
24
+ end
25
+
26
+ begin
27
+ require 'rcov/rcovtask'
28
+ Rcov::RcovTask.new do |test|
29
+ test.libs << 'test'
30
+ test.pattern = 'test/**/test_*.rb'
31
+ test.verbose = true
32
+ end
33
+ rescue LoadError
34
+ task :rcov do
35
+ abort "RCov is not available. In order to run rcov, you must: sudo gem install spicycode-rcov"
36
+ end
37
+ end
38
+
39
+ task :test => :check_dependencies
40
+
41
+ task :default => :test
42
+
43
+ require 'rake/rdoctask'
44
+ Rake::RDocTask.new do |rdoc|
45
+ version = File.exist?('VERSION') ? File.read('VERSION') : ""
46
+
47
+ rdoc.rdoc_dir = 'rdoc'
48
+ rdoc.title = "always_verify_ssl_certificates #{version}"
49
+ rdoc.rdoc_files.include('README*')
50
+ rdoc.rdoc_files.include('lib/**/*.rb')
51
+ end
data/VERSION ADDED
@@ -0,0 +1 @@
1
+ 0.1.0
@@ -0,0 +1,51 @@
1
+ # Generated by jeweler
2
+ # DO NOT EDIT THIS FILE DIRECTLY
3
+ # Instead, edit Jeweler::Tasks in Rakefile, and run the gemspec command
4
+ # -*- encoding: utf-8 -*-
5
+
6
+ Gem::Specification.new do |s|
7
+ s.name = %q{always_verify_ssl_certificates}
8
+ s.version = "0.1.0"
9
+
10
+ s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
11
+ s.authors = ["James Golick"]
12
+ s.date = %q{2010-12-07}
13
+ s.description = %q{Ruby’s net/http is setup to never verify SSL certificates by default. Most ruby libraries do the same. That means that you’re not verifying the identity of the server you’re communicating with and are therefore exposed to man in the middle attacks. This gem monkey-patches net/http to force certificate verification and make turning it off impossible.}
14
+ s.email = %q{jamesgolick@gmail.com}
15
+ s.extra_rdoc_files = [
16
+ "LICENSE",
17
+ "README.rdoc"
18
+ ]
19
+ s.files = [
20
+ ".document",
21
+ ".gitignore",
22
+ "LICENSE",
23
+ "README.rdoc",
24
+ "Rakefile",
25
+ "VERSION",
26
+ "always_verify_ssl_certificates.gemspec",
27
+ "lib/always_verify_ssl_certificates.rb",
28
+ "test/helper.rb",
29
+ "test/test_always_verify_ssl_certificates.rb"
30
+ ]
31
+ s.homepage = %q{http://github.com/jamesgolick/always_verify_ssl_certificates}
32
+ s.rdoc_options = ["--charset=UTF-8"]
33
+ s.require_paths = ["lib"]
34
+ s.rubygems_version = %q{1.3.7}
35
+ s.summary = %q{Force net/http to always verify SSL certificates.}
36
+ s.test_files = [
37
+ "test/helper.rb",
38
+ "test/test_always_verify_ssl_certificates.rb"
39
+ ]
40
+
41
+ if s.respond_to? :specification_version then
42
+ current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
43
+ s.specification_version = 3
44
+
45
+ if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
46
+ else
47
+ end
48
+ else
49
+ end
50
+ end
51
+
@@ -0,0 +1,52 @@
1
+ require "net/http"
2
+ require "net/https"
3
+
4
+ class AlwaysVerifySSLCertificates
5
+ class << self
6
+ attr_accessor :ca_file, :ca_path
7
+ end
8
+ end
9
+
10
+ module Net
11
+ class HTTP
12
+ private
13
+ def connect
14
+ D "opening connection to #{conn_address()}..."
15
+ s = timeout(@open_timeout) { TCPSocket.open(conn_address(), conn_port()) }
16
+ D "opened"
17
+ if use_ssl?
18
+ if !AlwaysVerifySSLCertificates.ca_file && !AlwaysVerifySSLCertificates.ca_path
19
+ raise "You must set AlwaysVerifySSLCertificates.ca_file or AlwaysVerifySSLCertificates.ca_path to use SSL."
20
+ end
21
+
22
+ @ssl_context.verify_mode = OpenSSL::SSL::VERIFY_PEER
23
+ @ssl_context.ca_file = AlwaysVerifySSLCertificates.ca_file if AlwaysVerifySSLCertificates.ca_file
24
+ @ssl_context.ca_path = AlwaysVerifySSLCertificates.ca_path if AlwaysVerifySSLCertificates.ca_path
25
+ s = OpenSSL::SSL::SSLSocket.new(s, @ssl_context)
26
+ s.sync_close = true
27
+ end
28
+ @socket = BufferedIO.new(s)
29
+ @socket.read_timeout = @read_timeout
30
+ @socket.debug_output = @debug_output
31
+ if use_ssl?
32
+ if proxy?
33
+ @socket.writeline sprintf('CONNECT %s:%s HTTP/%s',
34
+ @address, @port, HTTPVersion)
35
+ @socket.writeline "Host: #{@address}:#{@port}"
36
+ if proxy_user
37
+ credential = ["#{proxy_user}:#{proxy_pass}"].pack('m')
38
+ credential.delete!("\r\n")
39
+ @socket.writeline "Proxy-Authorization: Basic #{credential}"
40
+ end
41
+ @socket.writeline ''
42
+ HTTPResponse.read_new(@socket).value
43
+ end
44
+ s.connect
45
+ if @ssl_context.verify_mode != OpenSSL::SSL::VERIFY_NONE
46
+ s.post_connection_check(@address)
47
+ end
48
+ end
49
+ on_connect
50
+ end
51
+ end
52
+ end
data/test/helper.rb ADDED
@@ -0,0 +1,10 @@
1
+ require 'rubygems'
2
+ require 'test/unit'
3
+ require 'shoulda'
4
+
5
+ $LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
6
+ $LOAD_PATH.unshift(File.dirname(__FILE__))
7
+ require 'always_verify_ssl_certificates'
8
+
9
+ class Test::Unit::TestCase
10
+ end
@@ -0,0 +1,7 @@
1
+ require 'helper'
2
+
3
+ class TestAlwaysVerifySslCertificates < Test::Unit::TestCase
4
+ should "probably rename this file and start testing for real" do
5
+ flunk "hey buddy, you should probably rename this file and start testing for real"
6
+ end
7
+ end
metadata ADDED
@@ -0,0 +1,78 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: always_verify_ssl_certificates
3
+ version: !ruby/object:Gem::Version
4
+ hash: 27
5
+ prerelease: false
6
+ segments:
7
+ - 0
8
+ - 1
9
+ - 0
10
+ version: 0.1.0
11
+ platform: ruby
12
+ authors:
13
+ - James Golick
14
+ autorequire:
15
+ bindir: bin
16
+ cert_chain: []
17
+
18
+ date: 2010-12-07 00:00:00 -08:00
19
+ default_executable:
20
+ dependencies: []
21
+
22
+ description: "Ruby\xE2\x80\x99s net/http is setup to never verify SSL certificates by default. Most ruby libraries do the same. That means that you\xE2\x80\x99re not verifying the identity of the server you\xE2\x80\x99re communicating with and are therefore exposed to man in the middle attacks. This gem monkey-patches net/http to force certificate verification and make turning it off impossible."
23
+ email: jamesgolick@gmail.com
24
+ executables: []
25
+
26
+ extensions: []
27
+
28
+ extra_rdoc_files:
29
+ - LICENSE
30
+ - README.rdoc
31
+ files:
32
+ - .document
33
+ - .gitignore
34
+ - LICENSE
35
+ - README.rdoc
36
+ - Rakefile
37
+ - VERSION
38
+ - always_verify_ssl_certificates.gemspec
39
+ - lib/always_verify_ssl_certificates.rb
40
+ - test/helper.rb
41
+ - test/test_always_verify_ssl_certificates.rb
42
+ has_rdoc: true
43
+ homepage: http://github.com/jamesgolick/always_verify_ssl_certificates
44
+ licenses: []
45
+
46
+ post_install_message:
47
+ rdoc_options:
48
+ - --charset=UTF-8
49
+ require_paths:
50
+ - lib
51
+ required_ruby_version: !ruby/object:Gem::Requirement
52
+ none: false
53
+ requirements:
54
+ - - ">="
55
+ - !ruby/object:Gem::Version
56
+ hash: 3
57
+ segments:
58
+ - 0
59
+ version: "0"
60
+ required_rubygems_version: !ruby/object:Gem::Requirement
61
+ none: false
62
+ requirements:
63
+ - - ">="
64
+ - !ruby/object:Gem::Version
65
+ hash: 3
66
+ segments:
67
+ - 0
68
+ version: "0"
69
+ requirements: []
70
+
71
+ rubyforge_project:
72
+ rubygems_version: 1.3.7
73
+ signing_key:
74
+ specification_version: 3
75
+ summary: Force net/http to always verify SSL certificates.
76
+ test_files:
77
+ - test/helper.rb
78
+ - test/test_always_verify_ssl_certificates.rb