bunny 2.10.0 → 2.11.0.pre1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/ChangeLog.md +10 -1
- data/README.md +1 -1
- data/lib/bunny/transport.rb +3 -22
- data/lib/bunny/version.rb +1 -1
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: c3f36588bd0953c3c43b8828d00aef4ccbf750aa
|
|
4
|
+
data.tar.gz: 219a436f9ef331a65dc64b7099636448f5742f92
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 49de63ff6da6733575a771e9a3c9eb1aa42770c9441cdcd5d4e86a11075c838dc6d4c5d096a24e28f660f82c278c23df7e31590799a1ed4619efe2555813106f
|
|
7
|
+
data.tar.gz: 359d102f28f9adab1f2f855872613ef8d9b0b8f486db0dd62db8d742520490c72cd151c341834f68aa86dee4e7c4efbb923683f67eaeb5ed94020ceebabb0260
|
data/ChangeLog.md
CHANGED
|
@@ -1,6 +1,15 @@
|
|
|
1
1
|
## Changes between Bunny 2.10.0 and 2.11.0 (unreleased)
|
|
2
2
|
|
|
3
|
-
|
|
3
|
+
### More Reliable System-wide Trusted Certificate Directory Detection
|
|
4
|
+
|
|
5
|
+
Bunny no longer tries to compile a list of trusted CA certificates on its own.
|
|
6
|
+
Instead it uses an OpenSSL API method that makes OpenSSL set the path(s),
|
|
7
|
+
which should cover more platforms and be forward- and backward-compatible.
|
|
8
|
+
|
|
9
|
+
GitHub issue: [#555](https://github.com/ruby-amqp/bunny/issues/555).
|
|
10
|
+
|
|
11
|
+
Contributed by Ana María Martínez Gómez.
|
|
12
|
+
|
|
4
13
|
|
|
5
14
|
|
|
6
15
|
## Changes between Bunny 2.9.0 and 2.10.0 (Jun 5th, 2018)
|
data/README.md
CHANGED
data/lib/bunny/transport.rb
CHANGED
|
@@ -357,8 +357,6 @@ module Bunny
|
|
|
357
357
|
@tls_key = tls_key_from(opts)
|
|
358
358
|
@tls_certificate_store = opts[:tls_certificate_store]
|
|
359
359
|
|
|
360
|
-
@tls_ca_certificates = tls_ca_certificates_paths_from(opts)
|
|
361
|
-
@tls_ca_certificates = default_tls_certificates if @tls_ca_certificates.empty?
|
|
362
360
|
@verify_peer = as_boolean(opts[:verify_ssl] || opts[:verify_peer] || opts[:verify])
|
|
363
361
|
|
|
364
362
|
@tls_context = initialize_tls_context(OpenSSL::SSL::SSLContext.new, opts)
|
|
@@ -417,6 +415,8 @@ module Bunny
|
|
|
417
415
|
ctx.cert_store = if @tls_certificate_store
|
|
418
416
|
@tls_certificate_store
|
|
419
417
|
else
|
|
418
|
+
# this ivar exists so that this value can be exposed in the API
|
|
419
|
+
@tls_ca_certificates = tls_ca_certificates_paths_from(opts)
|
|
420
420
|
initialize_tls_certificate_store(@tls_ca_certificates)
|
|
421
421
|
end
|
|
422
422
|
|
|
@@ -450,23 +450,6 @@ but prone to man-in-the-middle attacks. Please set verify_peer: true in producti
|
|
|
450
450
|
ctx
|
|
451
451
|
end
|
|
452
452
|
|
|
453
|
-
def default_tls_certificates
|
|
454
|
-
if defined?(JRUBY_VERSION)
|
|
455
|
-
# see https://github.com/jruby/jruby/issues/1055. MK.
|
|
456
|
-
[]
|
|
457
|
-
else
|
|
458
|
-
default_ca_file = ENV[OpenSSL::X509::DEFAULT_CERT_FILE_ENV] || OpenSSL::X509::DEFAULT_CERT_FILE
|
|
459
|
-
default_ca_path = ENV[OpenSSL::X509::DEFAULT_CERT_DIR_ENV] || OpenSSL::X509::DEFAULT_CERT_DIR
|
|
460
|
-
|
|
461
|
-
[
|
|
462
|
-
default_ca_file,
|
|
463
|
-
File.join(default_ca_path, 'ca-certificates.crt'), # Ubuntu/Debian
|
|
464
|
-
File.join(default_ca_path, 'ca-bundle.crt'), # Amazon Linux & Fedora/RHEL
|
|
465
|
-
File.join(default_ca_path, 'ca-bundle.pem') # OpenSUSE
|
|
466
|
-
].uniq
|
|
467
|
-
end
|
|
468
|
-
end
|
|
469
|
-
|
|
470
453
|
def initialize_tls_certificate_store(certs)
|
|
471
454
|
cert_files = []
|
|
472
455
|
cert_inlines = []
|
|
@@ -481,10 +464,8 @@ but prone to man-in-the-middle attacks. Please set verify_peer: true in producti
|
|
|
481
464
|
end
|
|
482
465
|
@logger.debug { "Using CA certificates at #{cert_files.join(', ')}" }
|
|
483
466
|
@logger.debug { "Using #{cert_inlines.count} inline CA certificates" }
|
|
484
|
-
if certs.empty?
|
|
485
|
-
@logger.error "No CA certificates found, add one with :tls_ca_certificates"
|
|
486
|
-
end
|
|
487
467
|
OpenSSL::X509::Store.new.tap do |store|
|
|
468
|
+
store.set_default_paths
|
|
488
469
|
cert_files.select { |path| File.readable?(path) }.
|
|
489
470
|
each { |path| store.add_file(path) }
|
|
490
471
|
cert_inlines.
|
data/lib/bunny/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: bunny
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.
|
|
4
|
+
version: 2.11.0.pre1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Chris Duncan
|
|
@@ -12,7 +12,7 @@ authors:
|
|
|
12
12
|
autorequire:
|
|
13
13
|
bindir: bin
|
|
14
14
|
cert_chain: []
|
|
15
|
-
date: 2018-06-
|
|
15
|
+
date: 2018-06-06 00:00:00.000000000 Z
|
|
16
16
|
dependencies:
|
|
17
17
|
- !ruby/object:Gem::Dependency
|
|
18
18
|
name: amq-protocol
|
|
@@ -227,9 +227,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
227
227
|
version: '2.2'
|
|
228
228
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
229
229
|
requirements:
|
|
230
|
-
- - "
|
|
230
|
+
- - ">"
|
|
231
231
|
- !ruby/object:Gem::Version
|
|
232
|
-
version:
|
|
232
|
+
version: 1.3.1
|
|
233
233
|
requirements: []
|
|
234
234
|
rubyforge_project:
|
|
235
235
|
rubygems_version: 2.6.11
|