RubyGems - bunny - Versions diffs - 1.6.0.rc1 → 1.6.0.rc2 - Mend

bunny 1.6.0.rc1 → 1.6.0.rc2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

checksums.yaml +4 -4
data/ChangeLog.md +9 -1
data/lib/bunny/transport.rb +5 -11
data/lib/bunny/version.rb +1 -1
data/spec/higher_level_api/integration/tls_connection_spec.rb +47 -0
metadata +2 -2

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 5c49b9aa7f6e95cc32086a6e552754ea104514fa
-  data.tar.gz: 08a712ed80f0fe13f97fbf1a0ddf5a0cfaf52bc2
+  metadata.gz: 5c3c473208978a3dfe055a6b3bbd6f608c83147c
+  data.tar.gz: fef3903586e288f52c93f710dec8a1b49bf22a3c
 SHA512:
-  metadata.gz: 87154ce0c1e4c81691a4ce3237dd2a8dfa3e9f96a61381f65c2efe5febe2d4e7f7675e49a369e93f3e1afa75c516d99f7fd9fa55528462fb5aaf1d59e3a088e6
-  data.tar.gz: 033e0352ac1c9aaa0b8408a7093c4c4cf2009945a4dce365e115edba21d45764d69b921c1481f2548c94c5cf575a2787a9e58d3a5068e935bc44101d1836ae36
+  metadata.gz: 57955f447276055d73c27516d0cb0631b71bc4c8bb385ec04ea7b817fe6527a49648e034826210085c88d4fc0bcfcb8232a85a20ada7e8e2a236c4d7a70fff37
+  data.tar.gz: 100c33260e0b0af3cf3802e8d4fcb70330e78054c1ef40bff51a1403458522a365d45f5ab2d7128b697de1785b3213e9a19a13368ff03073e05d4979386c7bb2

data/ChangeLog.md CHANGED

@@ -2,9 +2,17 @@
 ### TLSv1 by Default
-Bunny now uses TLSv1 by default due to the recently discovered
+TLS connections now prefer TLSv1 (or later, if available) due to the recently discovered
 [POODLE attack](https://www.openssl.org/~bodo/ssl-poodle.pdf) on SSLv3.
+Contributed by Michael Klishin (Pivotal) and Justin Powers (Desk.com).
+GH issues:
+ * [#259](https://github.com/ruby-amqp/bunny/pull/259)
+ * [#260](https://github.com/ruby-amqp/bunny/pull/260)
+ * [#261](https://github.com/ruby-amqp/bunny/pull/261)
 ### Socket Read and Write Timeout Improvements

data/lib/bunny/transport.rb CHANGED

@@ -25,10 +25,6 @@ module Bunny
     DEFAULT_READ_TIMEOUT  = 5.0
     DEFAULT_WRITE_TIMEOUT = 5.0
-    # Default TLS protocol version to use.
-    # Currently TLSv1, same as in RabbitMQ Java client
-    DEFAULT_TLS_PROTOCOL       = "TLSv1"
     attr_reader :session, :host, :port, :socket, :connect_timeout, :read_timeout, :write_timeout, :disconnect_timeout
     attr_reader :tls_context
@@ -331,7 +327,7 @@ module Bunny
       @tls_ca_certificates   = opts.fetch(:tls_ca_certificates, default_tls_certificates)
       @verify_peer           = opts[:verify_ssl] || opts[:verify_peer]
-      @tls_context = initialize_tls_context(OpenSSL::SSL::SSLContext.new)
+      @tls_context = initialize_tls_context(OpenSSL::SSL::SSLContext.new, opts)
     end
     def wrap_in_tls_socket(socket)
@@ -365,7 +361,7 @@ module Bunny
       end
     end
-    def initialize_tls_context(ctx)
+    def initialize_tls_context(ctx, opts={})
       ctx.cert       = OpenSSL::X509::Certificate.new(@tls_certificate) if @tls_certificate
       ctx.key        = OpenSSL::PKey::RSA.new(@tls_key) if @tls_key
       ctx.cert_store = if @tls_certificate_store
@@ -384,17 +380,15 @@ module Bunny
         @logger.warn "Using TLS but no client private key is provided!"
       end
-      # setting TLS/SSL version only works correctly when done
-      # vis set_params. MK.
-      ctx.set_params(:ssl_version => @opts.fetch(:tls_protocol, DEFAULT_TLS_PROTOCOL))
       verify_mode = if @verify_peer
         OpenSSL::SSL::VERIFY_PEER|OpenSSL::SSL::VERIFY_FAIL_IF_NO_PEER_CERT
       else
         OpenSSL::SSL::VERIFY_NONE
       end
+      ctx.verify_mode = verify_mode
-      ctx.set_params(:verify_mode => verify_mode)
+      ssl_version = opts[:tls_protocol] || opts[:ssl_version]
+      ctx.ssl_version = ssl_version if ssl_version
       ctx
     end

data/lib/bunny/version.rb CHANGED

@@ -2,5 +2,5 @@
 module Bunny
   # @return [String] Version of the library
-  VERSION = "1.6.0.rc1"
+  VERSION = "1.6.0.rc2"
 end

data/spec/higher_level_api/integration/tls_connection_spec.rb CHANGED

@@ -124,4 +124,51 @@ unless ENV["CI"]
     include_examples "successful TLS connection"
   end
+  describe "TLS connection to RabbitMQ with ssl_version SSLv3 specified" do
+    let(:connection) do
+      c = Bunny.new(:user     => "bunny_gem",
+        :password => "bunny_password",
+        :vhost    => "bunny_testbed",
+        :tls                   => true,
+        :ssl_version           => :SSLv3,
+        :tls_ca_certificates   => ["./spec/tls/cacert.pem"])
+      c.start
+      c
+    end
+    after :each do
+      connection.close
+    end
+    include_examples "successful TLS connection"
+    it "connects using SSLv3" do
+      connection.transport.socket.ssl_version.should == "SSLv3"
+    end
+  end
+  describe "TLS connection to RabbitMQ with tls_version TLSv1 specified" do
+    let(:connection) do
+      c = Bunny.new(:user     => "bunny_gem",
+        :password => "bunny_password",
+        :vhost    => "bunny_testbed",
+        :tls                   => true,
+        :tls_protocol           => :TLSv1,
+        :tls_ca_certificates   => ["./spec/tls/cacert.pem"])
+      c.start
+      c
+    end
+    after :each do
+      connection.close
+    end
+    include_examples "successful TLS connection"
+    it "connects using TLSv1" do
+      connection.transport.socket.ssl_version.should == "TLSv1"
+    end
+  end
 end

metadata CHANGED

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: bunny
 version: !ruby/object:Gem::Version
-  version: 1.6.0.rc1
+  version: 1.6.0.rc2
 platform: ruby
 authors:
 - Chris Duncan
@@ -12,7 +12,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2014-10-21 00:00:00.000000000 Z
+date: 2014-10-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: amq-protocol