aws-sdk 1.0.0 → 1.0.1

data/lib/aws/base_client.rb

@@ -382,6 +382,8 @@ module AWS
           http_request = new_request
           http_request.host = endpoint
           http_request.use_ssl = config.use_ssl?
+          http_request.ssl_verify_peer = config.ssl_verify_peer?
+          http_request.ssl_ca_file = config.ssl_ca_file
           send("configure_#{name}_request", http_request, opts, &block)
           http_request.headers["user-agent"] = user_agent_string
           http_request.add_authorization!(signer)

data/lib/aws/common.rb

@@ -92,6 +92,18 @@ module AWS
     #   values. This is primarily used for writing tests.
     # @option options [Boolean] :use_ssl (true) When true, all requests are
     #   sent over SSL.
+    # @option options [Boolean] :ssl_verify_peer (true) True if the HTTPS
+    #   client should validate the server certificate.  *Note:* This
+    #   option should only be used for diagnostic purposes; leaving
+    #   this option set to +false+ exposes your application to
+    #   man-in-the-middle attacks and can pose a serious security
+    #   risk.
+    # @option options [String] :ssl_ca_file The path to a CA cert
+    #   bundle in PEM format.  If +:ssl_verify_peer+ is true (the
+    #   default) this bundle will be used to validate the server
+    #   certificate in each HTTPS request.  The AWS SDK for Ruby ships
+    #   with a CA cert bundle, which is the default value for this
+    #   option.
     # @option options [String] :user_agent_prefix (nil) A string prefix to 
     #   append to all requets against AWS services.  This should be set
     #   for clients and applications built ontop of the aws-sdk gem.

data/lib/aws/configuration.rb

@@ -83,6 +83,9 @@ module AWS
         :stub_requests => false,
         :use_ssl => true,
         :user_agent_prefix => nil,
+        :ssl_verify_peer => true,
+        :ssl_ca_file => File.expand_path(File.dirname(__FILE__)+
+                                         "/../../ca-bundle.crt")
       }
 
       {
@@ -235,6 +238,27 @@ module AWS
       @options[:s3_multipart_max_parts]
     end
 
+    # @return [Boolean] True if the HTTPS client should validate the
+    #   server certificate.
+    #
+    # @note This option should only be used for diagnostic purposes;
+    #   leaving this option set to +false+ exposes your application to
+    #   man-in-the-middle attacks and can pose a serious security
+    #   risk.
+    def ssl_verify_peer?
+      @options[:ssl_verify_peer]
+    end
+
+    # @return [String] The path to a CA cert bundle in PEM format.
+    #
+    # If {#ssl_verify_peer?} is true (the default) this bundle will be
+    # used to validate the server certificate in each HTTPS request.
+    # The AWS SDK for Ruby ships with a CA cert bundle, which is the
+    # default value for this option.
+    def ssl_ca_file
+      @options[:ssl_ca_file]
+    end
+
     # @private
     def inspect
       "<#{self.class}>"

data/lib/aws/http/httparty_handler.rb

@@ -27,9 +27,18 @@ module AWS
 
       def handle(request, response)
 
-        url = request.use_ssl? ?
-          "https://#{request.host}:443#{request.uri}" :
-          "http://#{request.host}#{request.uri}"
+        opts = {
+          :body => request.body,
+          :parser => NoOpParser
+        }
+
+        if request.use_ssl?
+          url = "https://#{request.host}:443#{request.uri}"
+          opts[:ssl_ca_file] = request.ssl_ca_file if
+            request.ssl_verify_peer?
+        else
+          url = "http://#{request.host}#{request.uri}"
+        end
 
         # get, post, put, delete, head
         method = request.http_method.downcase
@@ -43,11 +52,10 @@ module AWS
           headers[key] = value.to_s
         end
 
+        opts[:headers] = headers
+
         begin
-          http_response = self.class.send(method, url,
-                                          :headers => headers,
-                                          :body => request.body,
-                                          :parser => NoOpParser)
+          http_response = self.class.send(method, url, opts)
         rescue Timeout::Error => e
           response.timeout = true
         else

data/lib/aws/http/request.rb

@@ -61,6 +61,32 @@ module AWS
         @use_ssl
       end
 
+      # @param [Boolean] verify_peer If the client should verify the
+      #   peer certificate or not.
+      def ssl_verify_peer=(verify_peer)
+        @ssl_verify_peer = verify_peer
+      end
+
+      # @return [Boolean] If the client should verify the peer
+      #   certificate or not.
+      def ssl_verify_peer?
+        @ssl_verify_peer
+      end
+
+      # @param [String] ca_file Path to a bundle of CA certs in PEM
+      #   format; the HTTP handler should use this to verify all HTTPS
+      #   requests if {#ssl_verify_peer?} is true.
+      def ssl_ca_file=(ca_file)
+        @ssl_ca_file = ca_file
+      end
+
+      # @return [String] Path to a bundle of CA certs in PEM format;
+      #   the HTTP handler should use this to verify all HTTPS
+      #   requests if {#ssl_verify_peer?} is true.
+      def ssl_ca_file
+        @ssl_ca_file
+      end
+
       # Adds a request param.
       #
       # @overload add_param(param_name, param_value = nil)

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk
 version: !ruby/object:Gem::Version
-  version: 1.0.0
+  version: 1.0.1
   prerelease: 
 platform: ruby
 authors:
@@ -9,12 +9,12 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2011-07-14 00:00:00.000000000 -07:00
+date: 2011-07-15 00:00:00.000000000 -07:00
 default_executable: 
 dependencies:
 - !ruby/object:Gem::Dependency
   name: uuidtools
-  requirement: &2158409860 !ruby/object:Gem::Requirement
+  requirement: &2158760920 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
@@ -22,10 +22,10 @@ dependencies:
         version: '2.1'
   type: :runtime
   prerelease: false
-  version_requirements: *2158409860
+  version_requirements: *2158760920
 - !ruby/object:Gem::Dependency
   name: httparty
-  requirement: &2158408340 !ruby/object:Gem::Requirement
+  requirement: &2158760460 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
@@ -33,10 +33,10 @@ dependencies:
         version: '0.7'
   type: :runtime
   prerelease: false
-  version_requirements: *2158408340
+  version_requirements: *2158760460
 - !ruby/object:Gem::Dependency
   name: nokogiri
-  requirement: &2158406240 !ruby/object:Gem::Requirement
+  requirement: &2158759980 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
@@ -44,10 +44,10 @@ dependencies:
         version: 1.4.4
   type: :runtime
   prerelease: false
-  version_requirements: *2158406240
+  version_requirements: *2158759980
 - !ruby/object:Gem::Dependency
   name: json
-  requirement: &2158404140 !ruby/object:Gem::Requirement
+  requirement: &2158759520 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
@@ -55,13 +55,14 @@ dependencies:
         version: '1.4'
   type: :runtime
   prerelease: false
-  version_requirements: *2158404140
+  version_requirements: *2158759520
 description: AWS SDK for Ruby
 email: 
 executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- ca-bundle.crt
 - rails/init.rb
 - lib/aws/api_config.rb
 - lib/aws/api_config_transform.rb
@@ -282,7 +283,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: 1693721329692997155
+      hash: -3178253575301581896
 required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
   requirements: