RubyGems - bunny - Versions diffs - 1.6.0.pre1 → 1.6.0.rc1 - Mend

bunny 1.6.0.pre1 → 1.6.0.rc1

Files changed (5) hide show

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: de1627dd44089041db13ab6a5ea76ba2ead5086d
-  data.tar.gz: 41ae99e1499f57a77636392e2a5d870c6c698ef7
+  metadata.gz: 5c49b9aa7f6e95cc32086a6e552754ea104514fa
+  data.tar.gz: 08a712ed80f0fe13f97fbf1a0ddf5a0cfaf52bc2
 SHA512:
-  metadata.gz: 1e24bb89154db20fe6badb7427bab93de1d9a2e4c880b972340b5d76f4d465aa6410c75c55f5a51a091526deec93d30ced4cd815080d7dc0a7dbce06eb89d95b
-  data.tar.gz: 4d210c02531f031fdfc5ab021d02b32abdc2d4019440bf76650743e950f310cf2ec27e09193feee987cfc97f65c6d026a1cd0451a4367f35f84c8ce003fe7318
+  metadata.gz: 87154ce0c1e4c81691a4ce3237dd2a8dfa3e9f96a61381f65c2efe5febe2d4e7f7675e49a369e93f3e1afa75c516d99f7fd9fa55528462fb5aaf1d59e3a088e6
+  data.tar.gz: 033e0352ac1c9aaa0b8408a7093c4c4cf2009945a4dce365e115edba21d45764d69b921c1481f2548c94c5cf575a2787a9e58d3a5068e935bc44101d1836ae36

data/ChangeLog.md CHANGED

@@ -1,5 +1,11 @@
 ## Changes between Bunny 1.5.0 and 1.6.0
+### TLSv1 by Default
+Bunny now uses TLSv1 by default due to the recently discovered
+[POODLE attack](https://www.openssl.org/~bodo/ssl-poodle.pdf) on SSLv3.
 ### Socket Read and Write Timeout Improvements
 Bunny now sets a read timeout on the sockets it opens, and uses

data/lib/bunny/transport.rb CHANGED

@@ -26,8 +26,8 @@ module Bunny
     DEFAULT_WRITE_TIMEOUT = 5.0
     # Default TLS protocol version to use.
-    # Currently SSLv3, same as in RabbitMQ Java client
-    DEFAULT_TLS_PROTOCOL       = "SSLv3"
+    # Currently TLSv1, same as in RabbitMQ Java client
+    DEFAULT_TLS_PROTOCOL       = "TLSv1"
     attr_reader :session, :host, :port, :socket, :connect_timeout, :read_timeout, :write_timeout, :disconnect_timeout
     attr_reader :tls_context
@@ -420,20 +420,24 @@ module Bunny
       cert_files = []
       cert_inlines = []
       certs.each do |cert|
-        if File.readable? cert
+        # if it starts with / then it's a file path that may or may not
+        # exists (e.g. a default OpenSSL path). MK.
+        if File.readable?(cert) || cert =~ /^\//
           cert_files.push(cert)
         else
           cert_inlines.push(cert)
         end
       end
       @logger.debug "Using CA certificates at #{cert_files.join(', ')}"
-      @logger.debug "Using #{cert_inlines.count} inline ca_certificates"
+      @logger.debug "Using #{cert_inlines.count} inline CA certificates"
       if certs.empty?
         @logger.error "No CA certificates found, add one with :tls_ca_certificates"
       end
       OpenSSL::X509::Store.new.tap do |store|
-        cert_files.each { |path| store.add_file(path) }
-        cert_inlines.each { |cert| store.add_cert(OpenSSL::X509::Certificate.new(cert)) }
+        cert_files.select { |path| File.readable?(path) }.
+          each { |path| store.add_file(path) }
+        cert_inlines.
+          each { |cert| store.add_cert(OpenSSL::X509::Certificate.new(cert)) }
       end
     end

data/lib/bunny/version.rb CHANGED

@@ -2,5 +2,5 @@
 module Bunny
   # @return [String] Version of the library
-  VERSION = "1.6.0.pre1"
+  VERSION = "1.6.0.rc1"
 end

metadata CHANGED

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: bunny
 version: !ruby/object:Gem::Version
-  version: 1.6.0.pre1
+  version: 1.6.0.rc1
 platform: ruby
 authors:
 - Chris Duncan