RubyGems - bunny - Versions diffs - 1.6.0.pre1 → 1.6.0.rc1 - Mend

bunny 1.6.0.pre1 → 1.6.0.rc1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: de1627dd44089041db13ab6a5ea76ba2ead5086d
-  data.tar.gz: 41ae99e1499f57a77636392e2a5d870c6c698ef7
+  metadata.gz: 5c49b9aa7f6e95cc32086a6e552754ea104514fa
+  data.tar.gz: 08a712ed80f0fe13f97fbf1a0ddf5a0cfaf52bc2
 SHA512:
-  metadata.gz: 1e24bb89154db20fe6badb7427bab93de1d9a2e4c880b972340b5d76f4d465aa6410c75c55f5a51a091526deec93d30ced4cd815080d7dc0a7dbce06eb89d95b
-  data.tar.gz: 4d210c02531f031fdfc5ab021d02b32abdc2d4019440bf76650743e950f310cf2ec27e09193feee987cfc97f65c6d026a1cd0451a4367f35f84c8ce003fe7318
+  metadata.gz: 87154ce0c1e4c81691a4ce3237dd2a8dfa3e9f96a61381f65c2efe5febe2d4e7f7675e49a369e93f3e1afa75c516d99f7fd9fa55528462fb5aaf1d59e3a088e6
+  data.tar.gz: 033e0352ac1c9aaa0b8408a7093c4c4cf2009945a4dce365e115edba21d45764d69b921c1481f2548c94c5cf575a2787a9e58d3a5068e935bc44101d1836ae36

data/ChangeLog.md CHANGED

@@ -1,5 +1,11 @@
 ## Changes between Bunny 1.5.0 and 1.6.0
+### TLSv1 by Default
+Bunny now uses TLSv1 by default due to the recently discovered
+[POODLE attack](https://www.openssl.org/~bodo/ssl-poodle.pdf) on SSLv3.
 ### Socket Read and Write Timeout Improvements
 Bunny now sets a read timeout on the sockets it opens, and uses

data/lib/bunny/transport.rb CHANGED

@@ -26,8 +26,8 @@ module Bunny
     DEFAULT_WRITE_TIMEOUT = 5.0
     # Default TLS protocol version to use.
-    # Currently SSLv3, same as in RabbitMQ Java client
-    DEFAULT_TLS_PROTOCOL       = "SSLv3"
+    # Currently TLSv1, same as in RabbitMQ Java client
+    DEFAULT_TLS_PROTOCOL       = "TLSv1"
     attr_reader :session, :host, :port, :socket, :connect_timeout, :read_timeout, :write_timeout, :disconnect_timeout
     attr_reader :tls_context
@@ -420,20 +420,24 @@ module Bunny
       cert_files = []
       cert_inlines = []
       certs.each do |cert|
-        if File.readable? cert
+        # if it starts with / then it's a file path that may or may not
+        # exists (e.g. a default OpenSSL path). MK.
+        if File.readable?(cert) || cert =~ /^\//
           cert_files.push(cert)
         else
           cert_inlines.push(cert)
         end
       end
       @logger.debug "Using CA certificates at #{cert_files.join(', ')}"
-      @logger.debug "Using #{cert_inlines.count} inline ca_certificates"
+      @logger.debug "Using #{cert_inlines.count} inline CA certificates"
       if certs.empty?
         @logger.error "No CA certificates found, add one with :tls_ca_certificates"
       end
       OpenSSL::X509::Store.new.tap do |store|
-        cert_files.each { |path| store.add_file(path) }
-        cert_inlines.each { |cert| store.add_cert(OpenSSL::X509::Certificate.new(cert)) }
+        cert_files.select { |path| File.readable?(path) }.
+          each { |path| store.add_file(path) }
+        cert_inlines.
+          each { |cert| store.add_cert(OpenSSL::X509::Certificate.new(cert)) }
       end
     end

data/lib/bunny/version.rb CHANGED

@@ -2,5 +2,5 @@
 module Bunny
   # @return [String] Version of the library
-  VERSION = "1.6.0.pre1"
+  VERSION = "1.6.0.rc1"
 end

metadata CHANGED

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: bunny
 version: !ruby/object:Gem::Version
-  version: 1.6.0.pre1
+  version: 1.6.0.rc1
 platform: ruby
 authors:
 - Chris Duncan