bunny 1.6.0.rc1 → 1.6.0.rc2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/ChangeLog.md +9 -1
- data/lib/bunny/transport.rb +5 -11
- data/lib/bunny/version.rb +1 -1
- data/spec/higher_level_api/integration/tls_connection_spec.rb +47 -0
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 5c3c473208978a3dfe055a6b3bbd6f608c83147c
|
|
4
|
+
data.tar.gz: fef3903586e288f52c93f710dec8a1b49bf22a3c
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 57955f447276055d73c27516d0cb0631b71bc4c8bb385ec04ea7b817fe6527a49648e034826210085c88d4fc0bcfcb8232a85a20ada7e8e2a236c4d7a70fff37
|
|
7
|
+
data.tar.gz: 100c33260e0b0af3cf3802e8d4fcb70330e78054c1ef40bff51a1403458522a365d45f5ab2d7128b697de1785b3213e9a19a13368ff03073e05d4979386c7bb2
|
data/ChangeLog.md
CHANGED
|
@@ -2,9 +2,17 @@
|
|
|
2
2
|
|
|
3
3
|
### TLSv1 by Default
|
|
4
4
|
|
|
5
|
-
|
|
5
|
+
TLS connections now prefer TLSv1 (or later, if available) due to the recently discovered
|
|
6
6
|
[POODLE attack](https://www.openssl.org/~bodo/ssl-poodle.pdf) on SSLv3.
|
|
7
7
|
|
|
8
|
+
Contributed by Michael Klishin (Pivotal) and Justin Powers (Desk.com).
|
|
9
|
+
|
|
10
|
+
GH issues:
|
|
11
|
+
|
|
12
|
+
* [#259](https://github.com/ruby-amqp/bunny/pull/259)
|
|
13
|
+
* [#260](https://github.com/ruby-amqp/bunny/pull/260)
|
|
14
|
+
* [#261](https://github.com/ruby-amqp/bunny/pull/261)
|
|
15
|
+
|
|
8
16
|
|
|
9
17
|
### Socket Read and Write Timeout Improvements
|
|
10
18
|
|
data/lib/bunny/transport.rb
CHANGED
|
@@ -25,10 +25,6 @@ module Bunny
|
|
|
25
25
|
DEFAULT_READ_TIMEOUT = 5.0
|
|
26
26
|
DEFAULT_WRITE_TIMEOUT = 5.0
|
|
27
27
|
|
|
28
|
-
# Default TLS protocol version to use.
|
|
29
|
-
# Currently TLSv1, same as in RabbitMQ Java client
|
|
30
|
-
DEFAULT_TLS_PROTOCOL = "TLSv1"
|
|
31
|
-
|
|
32
28
|
attr_reader :session, :host, :port, :socket, :connect_timeout, :read_timeout, :write_timeout, :disconnect_timeout
|
|
33
29
|
attr_reader :tls_context
|
|
34
30
|
|
|
@@ -331,7 +327,7 @@ module Bunny
|
|
|
331
327
|
@tls_ca_certificates = opts.fetch(:tls_ca_certificates, default_tls_certificates)
|
|
332
328
|
@verify_peer = opts[:verify_ssl] || opts[:verify_peer]
|
|
333
329
|
|
|
334
|
-
@tls_context = initialize_tls_context(OpenSSL::SSL::SSLContext.new)
|
|
330
|
+
@tls_context = initialize_tls_context(OpenSSL::SSL::SSLContext.new, opts)
|
|
335
331
|
end
|
|
336
332
|
|
|
337
333
|
def wrap_in_tls_socket(socket)
|
|
@@ -365,7 +361,7 @@ module Bunny
|
|
|
365
361
|
end
|
|
366
362
|
end
|
|
367
363
|
|
|
368
|
-
def initialize_tls_context(ctx)
|
|
364
|
+
def initialize_tls_context(ctx, opts={})
|
|
369
365
|
ctx.cert = OpenSSL::X509::Certificate.new(@tls_certificate) if @tls_certificate
|
|
370
366
|
ctx.key = OpenSSL::PKey::RSA.new(@tls_key) if @tls_key
|
|
371
367
|
ctx.cert_store = if @tls_certificate_store
|
|
@@ -384,17 +380,15 @@ module Bunny
|
|
|
384
380
|
@logger.warn "Using TLS but no client private key is provided!"
|
|
385
381
|
end
|
|
386
382
|
|
|
387
|
-
# setting TLS/SSL version only works correctly when done
|
|
388
|
-
# vis set_params. MK.
|
|
389
|
-
ctx.set_params(:ssl_version => @opts.fetch(:tls_protocol, DEFAULT_TLS_PROTOCOL))
|
|
390
|
-
|
|
391
383
|
verify_mode = if @verify_peer
|
|
392
384
|
OpenSSL::SSL::VERIFY_PEER|OpenSSL::SSL::VERIFY_FAIL_IF_NO_PEER_CERT
|
|
393
385
|
else
|
|
394
386
|
OpenSSL::SSL::VERIFY_NONE
|
|
395
387
|
end
|
|
388
|
+
ctx.verify_mode = verify_mode
|
|
396
389
|
|
|
397
|
-
|
|
390
|
+
ssl_version = opts[:tls_protocol] || opts[:ssl_version]
|
|
391
|
+
ctx.ssl_version = ssl_version if ssl_version
|
|
398
392
|
|
|
399
393
|
ctx
|
|
400
394
|
end
|
data/lib/bunny/version.rb
CHANGED
|
@@ -124,4 +124,51 @@ unless ENV["CI"]
|
|
|
124
124
|
|
|
125
125
|
include_examples "successful TLS connection"
|
|
126
126
|
end
|
|
127
|
+
|
|
128
|
+
|
|
129
|
+
describe "TLS connection to RabbitMQ with ssl_version SSLv3 specified" do
|
|
130
|
+
let(:connection) do
|
|
131
|
+
c = Bunny.new(:user => "bunny_gem",
|
|
132
|
+
:password => "bunny_password",
|
|
133
|
+
:vhost => "bunny_testbed",
|
|
134
|
+
:tls => true,
|
|
135
|
+
:ssl_version => :SSLv3,
|
|
136
|
+
:tls_ca_certificates => ["./spec/tls/cacert.pem"])
|
|
137
|
+
c.start
|
|
138
|
+
c
|
|
139
|
+
end
|
|
140
|
+
|
|
141
|
+
after :each do
|
|
142
|
+
connection.close
|
|
143
|
+
end
|
|
144
|
+
|
|
145
|
+
include_examples "successful TLS connection"
|
|
146
|
+
|
|
147
|
+
it "connects using SSLv3" do
|
|
148
|
+
connection.transport.socket.ssl_version.should == "SSLv3"
|
|
149
|
+
end
|
|
150
|
+
end
|
|
151
|
+
|
|
152
|
+
describe "TLS connection to RabbitMQ with tls_version TLSv1 specified" do
|
|
153
|
+
let(:connection) do
|
|
154
|
+
c = Bunny.new(:user => "bunny_gem",
|
|
155
|
+
:password => "bunny_password",
|
|
156
|
+
:vhost => "bunny_testbed",
|
|
157
|
+
:tls => true,
|
|
158
|
+
:tls_protocol => :TLSv1,
|
|
159
|
+
:tls_ca_certificates => ["./spec/tls/cacert.pem"])
|
|
160
|
+
c.start
|
|
161
|
+
c
|
|
162
|
+
end
|
|
163
|
+
|
|
164
|
+
after :each do
|
|
165
|
+
connection.close
|
|
166
|
+
end
|
|
167
|
+
|
|
168
|
+
include_examples "successful TLS connection"
|
|
169
|
+
|
|
170
|
+
it "connects using TLSv1" do
|
|
171
|
+
connection.transport.socket.ssl_version.should == "TLSv1"
|
|
172
|
+
end
|
|
173
|
+
end
|
|
127
174
|
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: bunny
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.6.0.
|
|
4
|
+
version: 1.6.0.rc2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Chris Duncan
|
|
@@ -12,7 +12,7 @@ authors:
|
|
|
12
12
|
autorequire:
|
|
13
13
|
bindir: bin
|
|
14
14
|
cert_chain: []
|
|
15
|
-
date: 2014-10-
|
|
15
|
+
date: 2014-10-22 00:00:00.000000000 Z
|
|
16
16
|
dependencies:
|
|
17
17
|
- !ruby/object:Gem::Dependency
|
|
18
18
|
name: amq-protocol
|