bunny 2.10.0 → 2.11.0.pre1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/ChangeLog.md +10 -1
- data/README.md +1 -1
- data/lib/bunny/transport.rb +3 -22
- data/lib/bunny/version.rb +1 -1
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: c3f36588bd0953c3c43b8828d00aef4ccbf750aa
|
|
4
|
+
data.tar.gz: 219a436f9ef331a65dc64b7099636448f5742f92
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 49de63ff6da6733575a771e9a3c9eb1aa42770c9441cdcd5d4e86a11075c838dc6d4c5d096a24e28f660f82c278c23df7e31590799a1ed4619efe2555813106f
|
|
7
|
+
data.tar.gz: 359d102f28f9adab1f2f855872613ef8d9b0b8f486db0dd62db8d742520490c72cd151c341834f68aa86dee4e7c4efbb923683f67eaeb5ed94020ceebabb0260
|
data/ChangeLog.md
CHANGED
|
@@ -1,6 +1,15 @@
|
|
|
1
1
|
## Changes between Bunny 2.10.0 and 2.11.0 (unreleased)
|
|
2
2
|
|
|
3
|
-
|
|
3
|
+
### More Reliable System-wide Trusted Certificate Directory Detection
|
|
4
|
+
|
|
5
|
+
Bunny no longer tries to compile a list of trusted CA certificates on its own.
|
|
6
|
+
Instead it uses an OpenSSL API method that makes OpenSSL set the path(s),
|
|
7
|
+
which should cover more platforms and be forward- and backward-compatible.
|
|
8
|
+
|
|
9
|
+
GitHub issue: [#555](https://github.com/ruby-amqp/bunny/issues/555).
|
|
10
|
+
|
|
11
|
+
Contributed by Ana María Martínez Gómez.
|
|
12
|
+
|
|
4
13
|
|
|
5
14
|
|
|
6
15
|
## Changes between Bunny 2.9.0 and 2.10.0 (Jun 5th, 2018)
|
data/README.md
CHANGED
data/lib/bunny/transport.rb
CHANGED
|
@@ -357,8 +357,6 @@ module Bunny
|
|
|
357
357
|
@tls_key = tls_key_from(opts)
|
|
358
358
|
@tls_certificate_store = opts[:tls_certificate_store]
|
|
359
359
|
|
|
360
|
-
@tls_ca_certificates = tls_ca_certificates_paths_from(opts)
|
|
361
|
-
@tls_ca_certificates = default_tls_certificates if @tls_ca_certificates.empty?
|
|
362
360
|
@verify_peer = as_boolean(opts[:verify_ssl] || opts[:verify_peer] || opts[:verify])
|
|
363
361
|
|
|
364
362
|
@tls_context = initialize_tls_context(OpenSSL::SSL::SSLContext.new, opts)
|
|
@@ -417,6 +415,8 @@ module Bunny
|
|
|
417
415
|
ctx.cert_store = if @tls_certificate_store
|
|
418
416
|
@tls_certificate_store
|
|
419
417
|
else
|
|
418
|
+
# this ivar exists so that this value can be exposed in the API
|
|
419
|
+
@tls_ca_certificates = tls_ca_certificates_paths_from(opts)
|
|
420
420
|
initialize_tls_certificate_store(@tls_ca_certificates)
|
|
421
421
|
end
|
|
422
422
|
|
|
@@ -450,23 +450,6 @@ but prone to man-in-the-middle attacks. Please set verify_peer: true in producti
|
|
|
450
450
|
ctx
|
|
451
451
|
end
|
|
452
452
|
|
|
453
|
-
def default_tls_certificates
|
|
454
|
-
if defined?(JRUBY_VERSION)
|
|
455
|
-
# see https://github.com/jruby/jruby/issues/1055. MK.
|
|
456
|
-
[]
|
|
457
|
-
else
|
|
458
|
-
default_ca_file = ENV[OpenSSL::X509::DEFAULT_CERT_FILE_ENV] || OpenSSL::X509::DEFAULT_CERT_FILE
|
|
459
|
-
default_ca_path = ENV[OpenSSL::X509::DEFAULT_CERT_DIR_ENV] || OpenSSL::X509::DEFAULT_CERT_DIR
|
|
460
|
-
|
|
461
|
-
[
|
|
462
|
-
default_ca_file,
|
|
463
|
-
File.join(default_ca_path, 'ca-certificates.crt'), # Ubuntu/Debian
|
|
464
|
-
File.join(default_ca_path, 'ca-bundle.crt'), # Amazon Linux & Fedora/RHEL
|
|
465
|
-
File.join(default_ca_path, 'ca-bundle.pem') # OpenSUSE
|
|
466
|
-
].uniq
|
|
467
|
-
end
|
|
468
|
-
end
|
|
469
|
-
|
|
470
453
|
def initialize_tls_certificate_store(certs)
|
|
471
454
|
cert_files = []
|
|
472
455
|
cert_inlines = []
|
|
@@ -481,10 +464,8 @@ but prone to man-in-the-middle attacks. Please set verify_peer: true in producti
|
|
|
481
464
|
end
|
|
482
465
|
@logger.debug { "Using CA certificates at #{cert_files.join(', ')}" }
|
|
483
466
|
@logger.debug { "Using #{cert_inlines.count} inline CA certificates" }
|
|
484
|
-
if certs.empty?
|
|
485
|
-
@logger.error "No CA certificates found, add one with :tls_ca_certificates"
|
|
486
|
-
end
|
|
487
467
|
OpenSSL::X509::Store.new.tap do |store|
|
|
468
|
+
store.set_default_paths
|
|
488
469
|
cert_files.select { |path| File.readable?(path) }.
|
|
489
470
|
each { |path| store.add_file(path) }
|
|
490
471
|
cert_inlines.
|
data/lib/bunny/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: bunny
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.
|
|
4
|
+
version: 2.11.0.pre1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Chris Duncan
|
|
@@ -12,7 +12,7 @@ authors:
|
|
|
12
12
|
autorequire:
|
|
13
13
|
bindir: bin
|
|
14
14
|
cert_chain: []
|
|
15
|
-
date: 2018-06-
|
|
15
|
+
date: 2018-06-06 00:00:00.000000000 Z
|
|
16
16
|
dependencies:
|
|
17
17
|
- !ruby/object:Gem::Dependency
|
|
18
18
|
name: amq-protocol
|
|
@@ -227,9 +227,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
227
227
|
version: '2.2'
|
|
228
228
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
229
229
|
requirements:
|
|
230
|
-
- - "
|
|
230
|
+
- - ">"
|
|
231
231
|
- !ruby/object:Gem::Version
|
|
232
|
-
version:
|
|
232
|
+
version: 1.3.1
|
|
233
233
|
requirements: []
|
|
234
234
|
rubyforge_project:
|
|
235
235
|
rubygems_version: 2.6.11
|