RubyGems - bunny - Versions diffs - 1.6.3 → 1.7.0 - Mend

bunny 1.6.3 → 1.7.0

Files changed (15) hide show

checksums.yaml +4 -4
data/.travis.yml +1 -1
data/ChangeLog.md +27 -6
data/README.md +3 -3
data/lib/bunny.rb +1 -1
data/lib/bunny/channel.rb +1 -0
data/lib/bunny/session.rb +4 -0
data/lib/bunny/transport.rb +18 -5
data/lib/bunny/version.rb +1 -1
data/spec/higher_level_api/integration/dead_lettering_spec.rb +24 -1
data/spec/higher_level_api/integration/tls_connection_spec.rb +23 -17
data/spec/stress/channel_close_stress_spec.rb +1 -1
data/spec/tls/client_certificate.pem +18 -0
data/spec/tls/server_certificate.pem +18 -0
metadata +16 -12

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 14d586f46e53649e9c27b63b5607675dc839cc9e
-  data.tar.gz: fa41d53c74c60948e416ba3587e9b79e1facf2ba
+  metadata.gz: ea321437a2d9950b2f2805e707dda557eef218e7
+  data.tar.gz: fdffb1a797acfa57566398ca2fdc9c142fbfc675
 SHA512:
-  metadata.gz: fa29c50cc14e1876594b664574a3948a4fec74643add577116a950f64da2ec079d4ca84347b59b16844f4f4a966b8b2ba9eb78d84b952977391ce6cefa0132f9
-  data.tar.gz: 9b7d163bd2ec192bb92c4e1e0700ecc0d72a14c57f0a05e4e425066f3132871dba0ebe8c746f50ff058f412888e673dd4bd0efd5e88ba86d02fe2da80db82e15
+  metadata.gz: 56cf2d1d7c7eabe6b694760e0bec181969aa33168ccf7f963aa8d6083a3476bcd35595319a4416a3e24f739358395c85fac567dc8a34bb13cdc35bf5c5ec3406
+  data.tar.gz: 3746761d4ba98aa2eedcd6ba4f4a7d22473349b4b8a84232069dcbbde45e1fddb71906b645a73f87f5b16e0b485822694a076f15ef46ce6d0f7d7750575a306f

data/.travis.yml CHANGED

@@ -1,6 +1,6 @@
 language: ruby
 bundler_args: --without development
-before_script: "./bin/ci/before_build.sh"
+before_script: "./bin/ci/before_build"
 script: "bundle exec rspec -cfs spec"
 rvm:
   - "2.1.0"

data/ChangeLog.md CHANGED

@@ -1,12 +1,35 @@
-## Changes between Bunny 1.6.2 and 1.6.3
+## Changes between Bunny 1.6.0 and 1.7.0
+### TLS Peer Verification Enabled by Default
+When using TLS, peer verification is now enabled by default.
+It is still possible to [disable verification](http://rubybunny.info/articles/tls.html), e.g. for convenient
+development locally.
+Peer verification is a means of protection against man-in-the-middle attacks
+and is highly recommended in production settings. However, it can be an inconvenience
+during local development. We believe it's time to have the default to be
+more secure.
+Contributed by Michael Klishin (Pivotal) and Andre Foeken (Nedap).
+### Higher Default Connection Timeout
+Default connection timeout has been increased to 25 seconds. The older
+default of 5 seconds wasn't sufficient in some edge cases with DNS
+resolution (e.g. when primary DNS server is down).
+The value can be overriden at connection time.
+Contributed by Yury Batenko.
 ### Socket Read Timeout No Longer Set to 0 With Disabled Heartbeats
 GH issue: [#267](https://github.com/ruby-amqp/bunny/pull/267).
-## Changes between Bunny 1.6.1 and 1.6.2
 ### JRuby Writes Fixes
 On JRuby, Bunny reverts back to using plain old `write(2)` for writes. The CRuby implementation
@@ -16,15 +39,13 @@ Bunny users who run on JRuby are highly recommended to switch to [March Hare](ht
 which has nearly identical API and is significantly more efficient.
-## Changes between Bunny 1.6.0 and 1.6.1
 ### Bunny::Session#with_channel Synchornisation Improvements
 `Bunny::Session#with_channel` is now fully synchronised and won't run into `COMMAND_INVALID` errors
 when used from multiple threads that share a connection.
 ## Changes between Bunny 1.5.0 and 1.6.0
 ### TLSv1 by Default

data/README.md CHANGED

@@ -1,7 +1,7 @@
 # Bunny, a Ruby RabbitMQ Client
-Bunny is a synchronous RabbitMQ client that focuses on ease of use. It
-is feature complete, supports all RabbitMQ 3.0 features and does not
+Bunny is a RabbitMQ client that focuses on ease of use. It
+is feature complete, supports all recent RabbitMQ features and does not
 have any heavyweight dependencies.
@@ -58,7 +58,7 @@ use [March Hare](http://rubymarchhare.info).
 ## Supported RabbitMQ Versions
-Bunny `1.5.0` (including previews) and later versions only support RabbitMQ `3.2+`.
+Bunny `1.5.0` (including previews) and later versions only support RabbitMQ `3.3+`.
 Bunny `1.4.x` and supports RabbitMQ 2.x and 3.x.

data/lib/bunny.rb CHANGED

@@ -50,7 +50,7 @@ module Bunny
     AMQ::Protocol::PROTOCOL_VERSION
   end
-  # Instantiates a new connection. The actual connection network
+  # Instantiates a new connection. The actual network
   # connection is started with {Bunny::Session#start}
   #
   # @return [Bunny::Session]

data/lib/bunny/channel.rb CHANGED

@@ -1117,6 +1117,7 @@ module Bunny
     # Declares a echange using echange.declare AMQP 0.9.1 method.
     #
     # @param [String] name Exchange name
+    # @param [String,Symbol] type Exchange type, e.g. :fanout or :topic
     # @param [Hash] opts Exchange properties
     #
     # @option opts [Boolean] durable (false)     Should information about this echange be persisted to disk so that it

data/lib/bunny/session.rb CHANGED

@@ -113,6 +113,10 @@ module Bunny
     # @option connection_string_or_opts [Integer] :continuation_timeout (4000) Timeout for client operations that expect a response (e.g. {Bunny::Queue#get}), in milliseconds.
     # @option connection_string_or_opts [Integer] :connection_timeout (5) Timeout in seconds for connecting to the server.
     # @option connection_string_or_opts [Proc] :hosts_shuffle_strategy A Proc that reorders a list of host strings, defaults to Array#shuffle
+    # @option connection_string_or_opts [Logger] :logger The logger.  If missing, one is created using :log_file and :log_level.
+    # @option connection_string_or_opts [IO, String] :log_file The file or path to use when creating a logger.  Defaults to STDOUT.
+    # @option connection_string_or_opts [IO, String] :logfile DEPRECATED: use :log_file instead.  The file or path to use when creating a logger.  Defaults to STDOUT.
+    # @option connection_string_or_opts [Integer] :log_level The log level to use when creating a logger.  Defaults to LOGGER::WARN
     #
     # @option optz [String] :auth_mechanism ("PLAIN") Authentication mechanism, PLAIN or EXTERNAL
     # @option optz [String] :locale ("PLAIN") Locale RabbitMQ should use

data/lib/bunny/transport.rb CHANGED

@@ -20,7 +20,7 @@ module Bunny
     #
     # Default TCP connection timeout
-    DEFAULT_CONNECTION_TIMEOUT = 5.0
+    DEFAULT_CONNECTION_TIMEOUT = 25.0
     DEFAULT_READ_TIMEOUT  = 5.0
     DEFAULT_WRITE_TIMEOUT = 5.0
@@ -79,7 +79,9 @@ module Bunny
     def connect
       if uses_ssl?
         @socket.connect
-        @socket.post_connection_check(host) if uses_tls? && @verify_peer
+        if uses_tls? && @verify_peer
+          @socket.post_connection_check(host)
+        end
         @status = :connected
@@ -339,6 +341,10 @@ module Bunny
     end
     def prepare_tls_context(opts)
+      if (opts[:verify_ssl] || opts[:verify_peer]).nil?
+        opts[:verify_peer] = true
+      end
       # client cert/key paths
       @tls_certificate_path  = tls_certificate_path_from(opts)
       @tls_key_path          = tls_key_path_from(opts)
@@ -348,7 +354,7 @@ module Bunny
       @tls_certificate_store = opts[:tls_certificate_store]
       @tls_ca_certificates   = opts.fetch(:tls_ca_certificates, default_tls_certificates)
-      @verify_peer           = opts[:verify_ssl] || opts[:verify_peer]
+      @verify_peer           = (opts[:verify_ssl] || opts[:verify_peer])
       @tls_context = initialize_tls_context(OpenSSL::SSL::SSLContext.new, opts)
     end
@@ -395,8 +401,8 @@ module Bunny
       if !@tls_certificate
         @logger.warn <<-MSG
-        Using TLS but no client certificate is provided! If RabbitMQ is configured to verify peer
-        certificate, connection upgrade will fail!
+Using TLS but no client certificate is provided! If RabbitMQ is configured to verify peer
+certificate, connection upgrade will fail!
         MSG
       end
       if @tls_certificate && !@tls_key
@@ -410,6 +416,13 @@ module Bunny
       end
       ctx.verify_mode = verify_mode
+      if !@verify_peer
+        @logger.warn <<-MSG
+Using TLS but peer hostname verification is disabled. This is convenient for local development
+but prone man-in-the-middle attacks. Please set :verify_peer => true in production!
+        MSG
+      end
       ssl_version = opts[:tls_protocol] || opts[:ssl_version]
       ctx.ssl_version = ssl_version if ssl_version

data/lib/bunny/version.rb CHANGED

@@ -2,5 +2,5 @@
 module Bunny
   # @return [String] Version of the library
-  VERSION = "1.6.3"
+  VERSION = "1.7.0"
 end

data/spec/higher_level_api/integration/dead_lettering_spec.rb CHANGED

@@ -28,7 +28,11 @@ describe "A message" do
     sleep 0.2
     q.message_count.should be_zero
-    dlq.message_count.should == 1
+    delivery, properties, body = dlq.pop
+    ds = properties.headers["x-death"]
+    ds.should_not be_empty
+    expect(ds.first["reason"]).to eq("rejected")
     dlx.delete
   end
@@ -49,4 +53,23 @@ describe "A message" do
     dlx.delete
   end
+  it "carries the x-death header" do
+    ch   = connection.create_channel
+    x    = ch.fanout("amq.fanout")
+    dlx  = ch.fanout("bunny.tests.dlx.exchange")
+    q    = ch.queue("", :exclusive => true, :arguments => {"x-dead-letter-exchange" => dlx.name, "x-message-ttl" => 100}).bind(x)
+    # dead letter queue
+    dlq  = ch.queue("", :exclusive => true).bind(dlx)
+    x.publish("")
+    sleep 0.2
+    delivery, properties, body = dlq.pop
+    ds = properties.headers["x-death"]
+    ds.should_not be_empty
+    expect(ds.first["reason"]).to eq("expired")
+    dlx.delete
+  end
 end

data/spec/higher_level_api/integration/tls_connection_spec.rb CHANGED

@@ -39,7 +39,8 @@ unless ENV["CI"]
         :tls                   => true,
         :tls_cert              => "spec/tls/client_cert.pem",
         :tls_key               => "spec/tls/client_key.pem",
-        :tls_ca_certificates   => ["./spec/tls/cacert.pem"])
+        :tls_ca_certificates   => ["./spec/tls/cacert.pem"],
+        :verify_peer           => false)
       c.start
       c
     end
@@ -58,7 +59,8 @@ unless ENV["CI"]
         :password => "bunny_password",
         :vhost    => "bunny_testbed",
         :tls                   => true,
-        :tls_ca_certificates   => ["./spec/tls/cacert.pem"])
+        :tls_ca_certificates   => ["./spec/tls/cacert.pem"],
+        :verify_peer           => false)
       c.start
       c
     end
@@ -76,7 +78,8 @@ unless ENV["CI"]
       c = Bunny.new("amqps://bunny_gem:bunny_password@127.0.0.1/bunny_testbed",
         :tls_cert              => "spec/tls/client_cert.pem",
         :tls_key               => "spec/tls/client_key.pem",
-        :tls_ca_certificates   => ["./spec/tls/cacert.pem"])
+        :tls_ca_certificates   => ["./spec/tls/cacert.pem"],
+        :verify_peer           => false)
       c.start
       c
     end
@@ -92,7 +95,8 @@ unless ENV["CI"]
   describe "TLS connection to RabbitMQ with a connection string and w/o client certificate and key" do
     let(:connection) do
       c = Bunny.new("amqps://bunny_gem:bunny_password@127.0.0.1/bunny_testbed",
-        :tls_ca_certificates   => ["./spec/tls/cacert.pem"])
+        :tls_ca_certificates   => ["./spec/tls/cacert.pem"],
+        :verify_peer           => false)
       c.start
       c
     end
@@ -107,13 +111,14 @@ unless ENV["CI"]
   describe "TLS connection to RabbitMQ with client certificates provided inline" do
     let(:connection) do
-      c = Bunny.new(:user     => "bunny_gem",
-        :password => "bunny_password",
-        :vhost    => "bunny_testbed",
-        :tls                   => true,
-        :tls_cert              => File.read("./spec/tls/client_cert.pem"),
-        :tls_key               => File.read("./spec/tls/client_key.pem"),
-        :tls_ca_certificates   => ["./spec/tls/cacert.pem"])
+      c = Bunny.new(:user    => "bunny_gem",
+        :password            => "bunny_password",
+        :vhost               => "bunny_testbed",
+        :tls                 => true,
+        :tls_cert            => File.read("./spec/tls/client_cert.pem"),
+        :tls_key             => File.read("./spec/tls/client_key.pem"),
+        :tls_ca_certificates => ["./spec/tls/cacert.pem"],
+        :verify_peer         => false)
       c.start
       c
     end
@@ -127,12 +132,13 @@ unless ENV["CI"]
   describe "TLS connection to RabbitMQ with tls_version TLSv1 specified" do
     let(:connection) do
-      c = Bunny.new(:user     => "bunny_gem",
-        :password => "bunny_password",
-        :vhost    => "bunny_testbed",
-        :tls                   => true,
-        :tls_protocol           => :TLSv1,
-        :tls_ca_certificates   => ["./spec/tls/cacert.pem"])
+      c = Bunny.new(:user    => "bunny_gem",
+        :password            => "bunny_password",
+        :vhost               => "bunny_testbed",
+        :tls                 => true,
+        :tls_protocol        => :TLSv1,
+        :tls_ca_certificates => ["./spec/tls/cacert.pem"],
+        :verify_peer         => false)
       c.start
       c
     end

data/spec/stress/channel_close_stress_spec.rb CHANGED

@@ -1,6 +1,6 @@
 require "spec_helper"
-describe "Rapidly opening and closing lots of channels" do
+describe "Rapidly closing lots of temporary channels" do
   before :all do
     @connection = Bunny.new(:automatic_recovery => false).tap do |c|
       c.start

data/spec/tls/client_certificate.pem ADDED

@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC+zCCAeOgAwIBAgIBATANBgkqhkiG9w0BAQUFADAnMRUwEwYDVQQDEwxNeVRl
+c3RSb290Q0ExDjAMBgNVBAcTBTgwNTQ3MB4XDTE0MDkxMjA4NDg0MVoXDTI0MDkw
+OTA4NDg0MVowKjEXMBUGA1UEAxMObWVyY3VyaW8ubG9jYWwxDzANBgNVBAoTBmNs
+aWVudDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJd+NA0M21Kj1CyH
+WmnLzUAQAi3GawvLnxwyrlW3nfl1BLEL2kLHrHYS7S0giL0T/Zziw9BqNB2Fba3l
+RbI8d0JppuMXRRHnFTY/fLYpQlcwB8hT17NBk8euoU1r2VopCwDKP8rxAxLLL9Im
+2Cg+ksvZe+6yJPzAQ5aw1zc+UMSwJ8p2gAI7BI8Oekk506iccwbHwqVHH3DwCCXp
+0dRtzMeRqZY9lC1wsLHVYLl/Pc/xWtqjuk0j5px6RtrBoW16MaK43zH1nFlEA8KH
+c0RVFaQsQMVYBbxsVq54rymGInmmSk+vy5ZoFC1ItBRPSSgI1beaL5/4B/dJGI74
+7u/+cpsCAwEAAaMvMC0wCQYDVR0TBAIwADALBgNVHQ8EBAMCB4AwEwYDVR0lBAww
+CgYIKwYBBQUHAwIwDQYJKoZIhvcNAQEFBQADggEBALPEuvS/1/0IBM/Kyi0MHa6m
+KjltIm2Cp8iaTkziy9r2UDckvSqv8GW0itE69126j4L1iVUYNIVemUvcAwaX3YLf
+nN80XMjNl8mpSKwCXvKKXUTAFUQN+SPMbEC7Uzip1WgJGyc2T9ka8iN+nd1T7btU
+482+zf5bGh+d0E7c4j0jfpf/1+VkfG/Vn5/EpG51DCvYtgg3F3PR39mDmnvKJu8p
+eYYvk3Jab0r/v3cLdt5GgZ4/WXZCdVpGgfDd60miXh7DUWilXBRuntVxZequF/ZI
+obei8teP2T/4oos3GWPOLxEA8EnQsdUoXxK/2DTq+9G6PQTQNm2/kvR6hPKimBk=
+-----END CERTIFICATE-----

data/spec/tls/server_certificate.pem ADDED

@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC+zCCAeOgAwIBAgIBAjANBgkqhkiG9w0BAQUFADAnMRUwEwYDVQQDEwxNeVRl
+c3RSb290Q0ExDjAMBgNVBAcTBTgwNTQ3MB4XDTE0MDkxMjA4NDg0MloXDTI0MDkw
+OTA4NDg0MlowKjEXMBUGA1UEAxMObWVyY3VyaW8ubG9jYWwxDzANBgNVBAoTBnNl
+cnZlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALvQX6P7Tz0sNKNg
+yiEb71gg84gyOaaTnIbgPKHTJ9kFMLZFQ3HN05dHLwqH1noefauV6HVPESVVf01m
+Ph28jre9tBorPAaiIzuf2kKlpZolN7Q9d/5rb2Vw3dUpoZJoD4aL+u8cghmkzodV
+vts1WRIRjH/yTUc266+h6m9lIi9L9BCYMTAWOF0KHoXA2VgLLkQNv+2GKHFP32ZH
+1vXa98fxErpJ//3jRwP5m4t0PDSPlAw++bOiwgZb8r+vEOCyZE15BoukSi8rtibc
+tSpYsbyvWaoe/JQfGPI3St84DhrUPPm2FUMyWMeTmldcfyLA25/vQPha4JC4f4Bc
+CYvzCVUCAwEAAaMvMC0wCQYDVR0TBAIwADALBgNVHQ8EBAMCBSAwEwYDVR0lBAww
+CgYIKwYBBQUHAwEwDQYJKoZIhvcNAQEFBQADggEBADWhd3ikOdCFNZfDy9If9txm
+WtiBJ8g3oWjj99zIvb0CNqp0Xv5jvWgw8DYXG5FZAA7g5sKrihkxKTtpYnKsTZ40
+HEcGRUqF/Z1LLeh7/OYMx597yBn86ZcqUyBIaIsEhHNa+yC1zHWa4rg1vpDwY/iI
+Mbewjy9KyB4n6w+3TpSHvhpEa5OJiDOMFePURsS3io9r7MGfFVTM0Cho1qIYT1vt
+tOoUXpKAJxu+6TwDXzMwoSmjMw5GtchqhpCHQcHBH9z1rGHh/VShGl/+rif4JZ98
+natbZ91esBaJKbWLUxH1U9Aol8wwYD4MzK3rvfImgjgig+htAqhCMxLu1z9VE+o=
+-----END CERTIFICATE-----

metadata CHANGED

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: bunny
 version: !ruby/object:Gem::Version
-  version: 1.6.3
+  version: 1.7.0
 platform: ruby
 authors:
 - Chris Duncan
@@ -12,20 +12,20 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2014-11-09 00:00:00.000000000 Z
+date: 2015-02-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: amq-protocol
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: 1.9.2
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: 1.9.2
 description: Easy to use, feature complete Ruby client for RabbitMQ 3.3 and later
@@ -41,10 +41,10 @@ extensions: []
 extra_rdoc_files:
 - README.md
 files:
-- .gitignore
-- .rspec
-- .travis.yml
-- .yardopts
+- ".gitignore"
+- ".rspec"
+- ".travis.yml"
+- ".yardopts"
 - ChangeLog.md
 - Gemfile
 - LICENSE
@@ -60,7 +60,7 @@ files:
 - benchmarks/queue_declare_bind_and_delete.rb
 - benchmarks/synchronized_sorted_set.rb
 - benchmarks/write_vs_write_nonblock.rb
-- bin/ci/before_build.sh
+- bin/ci/before_build
 - bunny.gemspec
 - examples/connection/authentication_failure.rb
 - examples/connection/automatic_recovery_with_basic_get.rb
@@ -201,8 +201,10 @@ files:
 - spec/tls/ca_key.pem
 - spec/tls/cacert.pem
 - spec/tls/client_cert.pem
+- spec/tls/client_certificate.pem
 - spec/tls/client_key.pem
 - spec/tls/server_cert.pem
+- spec/tls/server_certificate.pem
 - spec/tls/server_key.pem
 - spec/unit/bunny_spec.rb
 - spec/unit/concurrent/atomic_fixnum_spec.rb
@@ -221,17 +223,17 @@ require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 2.2.2
+rubygems_version: 2.4.5
 signing_key:
 specification_version: 4
 summary: Popular easy to use Ruby client for RabbitMQ
@@ -302,8 +304,10 @@ test_files:
 - spec/tls/ca_key.pem
 - spec/tls/cacert.pem
 - spec/tls/client_cert.pem
+- spec/tls/client_certificate.pem
 - spec/tls/client_key.pem
 - spec/tls/server_cert.pem
+- spec/tls/server_certificate.pem
 - spec/tls/server_key.pem
 - spec/unit/bunny_spec.rb
 - spec/unit/concurrent/atomic_fixnum_spec.rb