always_verify_ssl_certificates 0.1.0 → 0.2.0

data/README.rdoc

@@ -2,18 +2,11 @@
 
 Ruby's net/http is setup to never verify SSL certificates by default. Most ruby libraries do the same. That means that you're not verifying the identity of the server you're communicating with and are therefore exposed to man in the middle attacks. This gem monkey-patches net/http to force certificate verification and make turning it off impossible.
 
-All you need to do is require this gem, and set a path to your certificate authority bundle or directory:
+All you need to do is require this gem and you'll get good security by default.
 
   $ gem install always_verify_ssl_certificates
 
   require "always_verify_ssl_certificates"
-  AlwaysVerifySSLCertificates.ca_file = "/etc/pki/tls/certs/ca-bundle.crt" # the centos location
-
-You can find that bundle at the following locations on various operating systems
-  
-* CentOS / RHEL (I assume): AlwaysVerifySSLCertificates.ca_file = /etc/pki/tls/certs/ca-bundle.crt
-* Debian: AlwaysVerifySSLCertificates.ca_path = /etc/ssl/certs
-* OS X: ????
 
 == Copyright
 

data/VERSION

@@ -1 +1 @@
-0.1.0
+0.2.0

data/always_verify_ssl_certificates.gemspec

@@ -5,11 +5,11 @@
 
 Gem::Specification.new do |s|
   s.name = %q{always_verify_ssl_certificates}
-  s.version = "0.1.0"
+  s.version = "0.2.0"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = ["James Golick"]
-  s.date = %q{2010-12-07}
+  s.date = %q{2010-12-09}
   s.description = %q{Ruby’s net/http is setup to never verify SSL certificates by default. Most ruby libraries do the same. That means that you’re not verifying the identity of the server you’re communicating with and are therefore exposed to man in the middle attacks. This gem monkey-patches net/http to force certificate verification and make turning it off impossible.}
   s.email = %q{jamesgolick@gmail.com}
   s.extra_rdoc_files = [

data/lib/always_verify_ssl_certificates.rb

@@ -1,12 +1,6 @@
 require "net/http"
 require "net/https"
 
-class AlwaysVerifySSLCertificates
-  class << self
-    attr_accessor :ca_file, :ca_path
-  end
-end
-
 module Net
   class HTTP
     private
@@ -15,13 +9,7 @@ module Net
         s = timeout(@open_timeout) { TCPSocket.open(conn_address(), conn_port()) }
         D "opened"
         if use_ssl?
-          if !AlwaysVerifySSLCertificates.ca_file && !AlwaysVerifySSLCertificates.ca_path
-            raise "You must set AlwaysVerifySSLCertificates.ca_file or AlwaysVerifySSLCertificates.ca_path to use SSL."
-          end
-
-          @ssl_context.verify_mode = OpenSSL::SSL::VERIFY_PEER
-          @ssl_context.ca_file     = AlwaysVerifySSLCertificates.ca_file if AlwaysVerifySSLCertificates.ca_file
-          @ssl_context.ca_path     = AlwaysVerifySSLCertificates.ca_path if AlwaysVerifySSLCertificates.ca_path
+          self.verify_mode = OpenSSL::SSL::VERIFY_PEER
           s = OpenSSL::SSL::SSLSocket.new(s, @ssl_context)
           s.sync_close = true
         end

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: always_verify_ssl_certificates
 version: !ruby/object:Gem::Version 
-  hash: 27
+  hash: 23
   prerelease: false
   segments: 
   - 0
-  - 1
+  - 2
   - 0
-  version: 0.1.0
+  version: 0.2.0
 platform: ruby
 authors: 
 - James Golick
@@ -15,7 +15,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2010-12-07 00:00:00 -08:00
+date: 2010-12-09 00:00:00 -08:00
 default_executable: 
 dependencies: []