always_verify_ssl_certificates 0.1.0 → 0.2.0

Sign up to get free protection for your applications and to get access to all the features.
@@ -2,18 +2,11 @@
2
2
 
3
3
  Ruby's net/http is setup to never verify SSL certificates by default. Most ruby libraries do the same. That means that you're not verifying the identity of the server you're communicating with and are therefore exposed to man in the middle attacks. This gem monkey-patches net/http to force certificate verification and make turning it off impossible.
4
4
 
5
- All you need to do is require this gem, and set a path to your certificate authority bundle or directory:
5
+ All you need to do is require this gem and you'll get good security by default.
6
6
 
7
7
  $ gem install always_verify_ssl_certificates
8
8
 
9
9
  require "always_verify_ssl_certificates"
10
- AlwaysVerifySSLCertificates.ca_file = "/etc/pki/tls/certs/ca-bundle.crt" # the centos location
11
-
12
- You can find that bundle at the following locations on various operating systems
13
-
14
- * CentOS / RHEL (I assume): AlwaysVerifySSLCertificates.ca_file = /etc/pki/tls/certs/ca-bundle.crt
15
- * Debian: AlwaysVerifySSLCertificates.ca_path = /etc/ssl/certs
16
- * OS X: ????
17
10
 
18
11
  == Copyright
19
12
 
data/VERSION CHANGED
@@ -1 +1 @@
1
- 0.1.0
1
+ 0.2.0
@@ -5,11 +5,11 @@
5
5
 
6
6
  Gem::Specification.new do |s|
7
7
  s.name = %q{always_verify_ssl_certificates}
8
- s.version = "0.1.0"
8
+ s.version = "0.2.0"
9
9
 
10
10
  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
11
11
  s.authors = ["James Golick"]
12
- s.date = %q{2010-12-07}
12
+ s.date = %q{2010-12-09}
13
13
  s.description = %q{Ruby’s net/http is setup to never verify SSL certificates by default. Most ruby libraries do the same. That means that you’re not verifying the identity of the server you’re communicating with and are therefore exposed to man in the middle attacks. This gem monkey-patches net/http to force certificate verification and make turning it off impossible.}
14
14
  s.email = %q{jamesgolick@gmail.com}
15
15
  s.extra_rdoc_files = [
@@ -1,12 +1,6 @@
1
1
  require "net/http"
2
2
  require "net/https"
3
3
 
4
- class AlwaysVerifySSLCertificates
5
- class << self
6
- attr_accessor :ca_file, :ca_path
7
- end
8
- end
9
-
10
4
  module Net
11
5
  class HTTP
12
6
  private
@@ -15,13 +9,7 @@ module Net
15
9
  s = timeout(@open_timeout) { TCPSocket.open(conn_address(), conn_port()) }
16
10
  D "opened"
17
11
  if use_ssl?
18
- if !AlwaysVerifySSLCertificates.ca_file && !AlwaysVerifySSLCertificates.ca_path
19
- raise "You must set AlwaysVerifySSLCertificates.ca_file or AlwaysVerifySSLCertificates.ca_path to use SSL."
20
- end
21
-
22
- @ssl_context.verify_mode = OpenSSL::SSL::VERIFY_PEER
23
- @ssl_context.ca_file = AlwaysVerifySSLCertificates.ca_file if AlwaysVerifySSLCertificates.ca_file
24
- @ssl_context.ca_path = AlwaysVerifySSLCertificates.ca_path if AlwaysVerifySSLCertificates.ca_path
12
+ self.verify_mode = OpenSSL::SSL::VERIFY_PEER
25
13
  s = OpenSSL::SSL::SSLSocket.new(s, @ssl_context)
26
14
  s.sync_close = true
27
15
  end
metadata CHANGED
@@ -1,13 +1,13 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: always_verify_ssl_certificates
3
3
  version: !ruby/object:Gem::Version
4
- hash: 27
4
+ hash: 23
5
5
  prerelease: false
6
6
  segments:
7
7
  - 0
8
- - 1
8
+ - 2
9
9
  - 0
10
- version: 0.1.0
10
+ version: 0.2.0
11
11
  platform: ruby
12
12
  authors:
13
13
  - James Golick
@@ -15,7 +15,7 @@ autorequire:
15
15
  bindir: bin
16
16
  cert_chain: []
17
17
 
18
- date: 2010-12-07 00:00:00 -08:00
18
+ date: 2010-12-09 00:00:00 -08:00
19
19
  default_executable:
20
20
  dependencies: []
21
21