bunny 1.6.0.pre1 → 1.6.0.rc1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/ChangeLog.md +6 -0
- data/lib/bunny/transport.rb +10 -6
- data/lib/bunny/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 5c49b9aa7f6e95cc32086a6e552754ea104514fa
|
|
4
|
+
data.tar.gz: 08a712ed80f0fe13f97fbf1a0ddf5a0cfaf52bc2
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 87154ce0c1e4c81691a4ce3237dd2a8dfa3e9f96a61381f65c2efe5febe2d4e7f7675e49a369e93f3e1afa75c516d99f7fd9fa55528462fb5aaf1d59e3a088e6
|
|
7
|
+
data.tar.gz: 033e0352ac1c9aaa0b8408a7093c4c4cf2009945a4dce365e115edba21d45764d69b921c1481f2548c94c5cf575a2787a9e58d3a5068e935bc44101d1836ae36
|
data/ChangeLog.md
CHANGED
|
@@ -1,5 +1,11 @@
|
|
|
1
1
|
## Changes between Bunny 1.5.0 and 1.6.0
|
|
2
2
|
|
|
3
|
+
### TLSv1 by Default
|
|
4
|
+
|
|
5
|
+
Bunny now uses TLSv1 by default due to the recently discovered
|
|
6
|
+
[POODLE attack](https://www.openssl.org/~bodo/ssl-poodle.pdf) on SSLv3.
|
|
7
|
+
|
|
8
|
+
|
|
3
9
|
### Socket Read and Write Timeout Improvements
|
|
4
10
|
|
|
5
11
|
Bunny now sets a read timeout on the sockets it opens, and uses
|
data/lib/bunny/transport.rb
CHANGED
|
@@ -26,8 +26,8 @@ module Bunny
|
|
|
26
26
|
DEFAULT_WRITE_TIMEOUT = 5.0
|
|
27
27
|
|
|
28
28
|
# Default TLS protocol version to use.
|
|
29
|
-
# Currently
|
|
30
|
-
DEFAULT_TLS_PROTOCOL = "
|
|
29
|
+
# Currently TLSv1, same as in RabbitMQ Java client
|
|
30
|
+
DEFAULT_TLS_PROTOCOL = "TLSv1"
|
|
31
31
|
|
|
32
32
|
attr_reader :session, :host, :port, :socket, :connect_timeout, :read_timeout, :write_timeout, :disconnect_timeout
|
|
33
33
|
attr_reader :tls_context
|
|
@@ -420,20 +420,24 @@ module Bunny
|
|
|
420
420
|
cert_files = []
|
|
421
421
|
cert_inlines = []
|
|
422
422
|
certs.each do |cert|
|
|
423
|
-
if
|
|
423
|
+
# if it starts with / then it's a file path that may or may not
|
|
424
|
+
# exists (e.g. a default OpenSSL path). MK.
|
|
425
|
+
if File.readable?(cert) || cert =~ /^\//
|
|
424
426
|
cert_files.push(cert)
|
|
425
427
|
else
|
|
426
428
|
cert_inlines.push(cert)
|
|
427
429
|
end
|
|
428
430
|
end
|
|
429
431
|
@logger.debug "Using CA certificates at #{cert_files.join(', ')}"
|
|
430
|
-
@logger.debug "Using #{cert_inlines.count} inline
|
|
432
|
+
@logger.debug "Using #{cert_inlines.count} inline CA certificates"
|
|
431
433
|
if certs.empty?
|
|
432
434
|
@logger.error "No CA certificates found, add one with :tls_ca_certificates"
|
|
433
435
|
end
|
|
434
436
|
OpenSSL::X509::Store.new.tap do |store|
|
|
435
|
-
cert_files.
|
|
436
|
-
|
|
437
|
+
cert_files.select { |path| File.readable?(path) }.
|
|
438
|
+
each { |path| store.add_file(path) }
|
|
439
|
+
cert_inlines.
|
|
440
|
+
each { |cert| store.add_cert(OpenSSL::X509::Certificate.new(cert)) }
|
|
437
441
|
end
|
|
438
442
|
end
|
|
439
443
|
|
data/lib/bunny/version.rb
CHANGED