em-http-request 1.1.5 → 1.1.7

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 028b29e92d03433bc4550ef3b8a5372de4f02221
-  data.tar.gz: 65ebbad4d0b0dcde83a9147b0f2682341fb36e3f
+SHA256:
+  metadata.gz: c7562e4d20c35c54a9319250e665a883c810546cb657d8f897591e113999ed3a
+  data.tar.gz: 643bf26ea7bfa2a85d6e4257a475295c16eca044ff0d04341537793f07d5bd04
 SHA512:
-  metadata.gz: 33d8a20eff08d9a80173de52e46df0cb6507b6f9a275fd5bfe276a6ea58630b0f47591cb56fdd19967c3081cf65908fcf33b26bdc5e230b62c98cfdbb5f61675
-  data.tar.gz: 2ec7763bcc9ef1e9594838f7a24657c7c6ffe933e898654fc4da6b72e12a9c1b78058d21a11dc8462a002f8649ca7dbdc732295681f041721ede2312547cfac7
+  metadata.gz: 9d9d1f441081a034f29447cb99b26c73ef7767a989c31df007e1ecfc6ea8db1f4cbe00fb26c0f81b59108f53b54dfbccd51ea9140fd5286efaca6095b45943ad
+  data.tar.gz: 690dc944373085313c41c484edd25366036a3da46855b6a153aab65c19aed961d94d202de07cb3f5f8406585bb5c3a66998913debcba4d02796fb1c8f04be7c1

data/README.md

@@ -1,6 +1,6 @@
 # EM-HTTP-Request 
 
-[![Gem Version](https://badge.fury.io/rb/em-http-request.png)](http://rubygems.org/gems/em-http-request) [![Build Status](https://travis-ci.org/igrigorik/em-http-request.svg)](https://travis-ci.org/igrigorik/em-http-request)
+[![Gem Version](https://badge.fury.io/rb/em-http-request.svg)](http://rubygems.org/gems/em-http-request) [![Build Status](https://travis-ci.org/igrigorik/em-http-request.svg)](https://travis-ci.org/igrigorik/em-http-request)
 
 Async (EventMachine) HTTP client, with support for:
 

data/em-http-request.gemspec

@@ -23,7 +23,7 @@ Gem::Specification.new do |s|
 
   s.add_development_dependency 'mongrel', '~> 1.2.0.pre2'
   s.add_development_dependency 'multi_json'
-  s.add_development_dependency 'rack'
+  s.add_development_dependency 'rack', '< 2.0'
   s.add_development_dependency 'rake'
   s.add_development_dependency 'rspec'
 

data/lib/em/io_streamer.rb

@@ -0,0 +1,49 @@
+require 'em/streamer'
+
+# similar to EventMachine::FileStreamer, but for any IO object
+module EventMachine
+  class IOStreamer
+    include Deferrable
+    CHUNK_SIZE = 16384
+
+    # @param [EventMachine::Connection] connection
+    # @param [IO] io Data source
+    # @param [Integer] Data size
+    #
+    # @option opts [Boolean] :http_chunks (false) Use HTTP 1.1 style chunked-encoding semantics.
+    def initialize(connection, io, opts = {})
+      @connection = connection
+      @io = io
+      @http_chunks = opts[:http_chunks]
+
+      @buff = String.new
+      @io.binmode if @io.respond_to?(:binmode)
+      stream_one_chunk
+    end
+
+  private
+
+    # Used internally to stream one chunk at a time over multiple reactor ticks
+    # @private
+    def stream_one_chunk
+      loop do
+        if @io.eof?
+          @connection.send_data "0\r\n\r\n" if @http_chunks
+          succeed
+          break
+        end
+
+        if @connection.respond_to?(:get_outbound_data_size) && (@connection.get_outbound_data_size > FileStreamer::BackpressureLevel)
+          EventMachine::next_tick { stream_one_chunk }
+          break
+        end
+
+        if @io.read(CHUNK_SIZE, @buff)
+          @connection.send_data("#{@buff.length.to_s(16)}\r\n") if @http_chunks
+          @connection.send_data(@buff)
+          @connection.send_data("\r\n") if @http_chunks
+        end
+      end
+    end
+  end
+end

data/lib/em-http/client.rb

@@ -182,7 +182,7 @@ module EventMachine
       # Set the Content-Length if body is given,
       # or we're doing an empty post or put
       if body
-        head['content-length'] = body.bytesize
+        head['content-length'] ||= body.respond_to?(:bytesize) ? body.bytesize : body.size
       elsif @req.method == 'POST' or @req.method == 'PUT'
         # wont happen if body is set and we already set content-length above
         head['content-length'] ||= 0
@@ -198,11 +198,8 @@ module EventMachine
       request_header << CRLF
       @conn.send_data request_header
 
-      if body
-        @conn.send_data body
-      elsif @req.file
-        @conn.stream_file_data @req.file, :http_chunks => false
-      end
+      @req_body = body || (@req.file && Pathname.new(@req.file))
+      send_request_body unless @req.headers['expect'] == '100-continue'
     end
 
     def on_body_data(data)
@@ -226,6 +223,28 @@ module EventMachine
       end
     end
 
+    def request_body_pending?
+      !!@req_body
+    end
+
+    def send_request_body
+      return  if @req_body.nil?
+
+      if @req_body.is_a?(String)
+        @conn.send_data @req_body
+
+      elsif @req_body.is_a?(Pathname)
+        @conn.stream_file_data @req_body.to_path, http_chunks: false
+
+      elsif @req_body.respond_to?(:read) && @req_body.respond_to?(:eof?)   # IO or IO-like object
+        @conn.stream_data @req_body
+
+      else
+        raise "Don't know how to send request body: #{@req_body.inspect}"
+      end
+      @req_body = nil
+    end
+
     def parse_response_header(header, version, status)
       @response_header.raw = header
       header.each do |key, val|

data/lib/em-http/http_client_options.rb

@@ -34,7 +34,7 @@ class HttpClientOptions
 
     @uri = uri
     @path = uri.path
-    @host = uri.host
+    @host = uri.hostname
     @port = uri.port
     @query = query
 

data/lib/em-http/http_connection.rb

@@ -1,3 +1,5 @@
+require 'em/io_streamer'
+
 module EventMachine
 
   module HTTPMethods
@@ -20,7 +22,11 @@ module EventMachine
     end
 
     def receive_data(data)
-      @parent.receive_data data
+      begin
+        @parent.receive_data data
+      rescue EventMachine::Connectify::CONNECTError => e
+        @parent.close(e.message)
+      end
     end
 
     def connection_completed
@@ -30,6 +36,62 @@ module EventMachine
     def unbind(reason=nil)
       @parent.unbind(reason)
     end
+
+    # TLS verification support, original implementation by Mislav Marohnić
+    # https://github.com/lostisland/faraday/blob/63cf47c95b573539f047c729bd9ad67560bc83ff/lib/faraday/adapter/em_http_ssl_patch.rb
+    def ssl_verify_peer(cert_string)
+      cert = nil
+      begin
+        cert = OpenSSL::X509::Certificate.new(cert_string)
+      rescue OpenSSL::X509::CertificateError
+        return false
+      end
+
+      @last_seen_cert = cert
+
+      if certificate_store.verify(@last_seen_cert)
+        begin
+          certificate_store.add_cert(@last_seen_cert)
+        rescue OpenSSL::X509::StoreError => e
+          raise e unless e.message == 'cert already in hash table'
+        end
+        true
+      else
+        raise OpenSSL::SSL::SSLError.new(%(unable to verify the server certificate for "#{host}"))
+      end
+    end
+
+    def ssl_handshake_completed
+      unless verify_peer?
+        warn "[WARNING; em-http-request] TLS hostname validation is disabled (use 'tls: {verify_peer: true}'), see" +
+             " CVE-2020-13482 and https://github.com/igrigorik/em-http-request/issues/339 for details" unless parent.connopts.tls.has_key?(:verify_peer)
+        return true
+      end
+
+      unless OpenSSL::SSL.verify_certificate_identity(@last_seen_cert, host)
+        raise OpenSSL::SSL::SSLError.new(%(host "#{host}" does not match the server certificate))
+      else
+        true
+      end
+    end
+
+    def verify_peer?
+      parent.connopts.tls[:verify_peer]
+    end
+
+    def host
+      parent.connopts.host
+    end
+
+    def certificate_store
+      @certificate_store ||= begin
+        store = OpenSSL::X509::Store.new
+        store.set_default_paths
+        ca_file = parent.connopts.tls[:cert_chain_file]
+        store.add_file(ca_file) if ca_file
+        store
+      end
+    end
   end
 
   class HttpConnection
@@ -115,8 +177,13 @@ module EventMachine
       @p.header_value_type = :mixed
       @p.on_headers_complete = proc do |h|
         if client
-          client.parse_response_header(h, @p.http_version, @p.status_code)
-          :reset if client.req.no_body?
+          if @p.status_code == 100
+            client.send_request_body
+            @p.reset!
+          else
+            client.parse_response_header(h, @p.http_version, @p.status_code)
+            :reset if client.req.no_body?
+          end
         else
           # if we receive unexpected data without a pending client request
           # reset the parser to avoid firing any further callbacks and close
@@ -160,9 +227,9 @@ module EventMachine
       @peer = @conn.get_peername
 
       if @connopts.socks_proxy?
-        socksify(client.req.uri.host, client.req.uri.inferred_port, *@connopts.proxy[:authorization]) { start }
+        socksify(client.req.uri.hostname, client.req.uri.inferred_port, *@connopts.proxy[:authorization]) { start }
       elsif @connopts.connect_proxy?
-        connectify(client.req.uri.host, client.req.uri.inferred_port, *@connopts.proxy[:authorization]) { start }
+        connectify(client.req.uri.hostname, client.req.uri.inferred_port, *@connopts.proxy[:authorization]) { start }
       else
         start
       end
@@ -185,6 +252,7 @@ module EventMachine
           conn = HttpConnection.new
           client.conn = conn
           conn.connopts = @connopts
+          conn.connopts.https = new_location.scheme == "https"
           conn.uri = client.req.uri
           conn.activate_connection(client)
 
@@ -240,6 +308,10 @@ module EventMachine
       @conn.stream_file_data filename, args
     end
 
+    def stream_data(io, opts = {})
+      EventMachine::IOStreamer.new(self, io, opts)
+    end
+
     private
 
       def client

data/lib/em-http/http_connection_options.rb

@@ -1,13 +1,13 @@
 class HttpConnectionOptions
   attr_reader :host, :port, :tls, :proxy, :bind, :bind_port
   attr_reader :connect_timeout, :inactivity_timeout
+  attr_writer :https
 
   def initialize(uri, options)
     @connect_timeout     = options[:connect_timeout] || 5        # default connection setup timeout
     @inactivity_timeout  = options[:inactivity_timeout] ||= 10   # default connection inactivity (post-setup) timeout
 
     @tls   = options[:tls] || options[:ssl] || {}
-    @proxy = options[:proxy]
 
     if bind = options[:bind]
       @bind = bind[:host] || '0.0.0.0'
@@ -20,13 +20,15 @@ class HttpConnectionOptions
     uri = uri.kind_of?(Addressable::URI) ? uri : Addressable::URI::parse(uri.to_s)
     @https = uri.scheme == "https"
     uri.port ||= (@https ? 443 : 80)
-    @tls[:sni_hostname] = uri.host
+    @tls[:sni_hostname] = uri.hostname
 
-    if proxy = options[:proxy]
+    @proxy = options[:proxy] || proxy_from_env
+
+    if proxy
       @host = proxy[:host]
       @port = proxy[:port]
     else
-      @host = uri.host
+      @host = uri.hostname
       @port = uri.port
     end
   end
@@ -42,4 +44,27 @@ class HttpConnectionOptions
   def socks_proxy?
     @proxy && (@proxy[:type] == :socks5)
   end
+
+  def proxy_from_env
+    # TODO: Add support for $http_no_proxy or $no_proxy ?
+    proxy_str = if @https
+                  ENV['HTTPS_PROXY'] || ENV['https_proxy']
+                else
+                  ENV['HTTP_PROXY'] || ENV['http_proxy']
+
+                # Fall-back to $ALL_PROXY if none of the above env-vars have values
+                end || ENV['ALL_PROXY']
+
+    # Addressable::URI::parse will return `nil` if given `nil` and an empty URL for an empty string
+    # so, let's short-circuit that:
+    return if !proxy_str || proxy_str.empty?
+
+    proxy_env_uri = Addressable::URI::parse(proxy_str)
+    { :host => proxy_env_uri.host, :port => proxy_env_uri.port, :type => :http }
+
+  rescue Addressable::URI::InvalidURIError
+    # An invalid env-var shouldn't crash the config step, IMHO.
+    # We should somehow log / warn about this, perhaps...
+    return
+  end
 end

data/lib/em-http/version.rb

@@ -1,5 +1,5 @@
 module EventMachine
   class HttpRequest
-    VERSION = "1.1.5"
+    VERSION = "1.1.7"
   end
 end

data/lib/em-http.rb

@@ -5,6 +5,7 @@ require 'http/parser'
 
 require 'base64'
 require 'socket'
+require 'openssl'
 
 require 'em-http/core_ext/bytesize'
 require 'em-http/http_connection'

data/spec/client_spec.rb

@@ -256,6 +256,19 @@ describe EventMachine::HttpRequest do
     }
   end
 
+  xit "should support expect-continue header" do
+    EventMachine.run {
+      http = EventMachine::HttpRequest.new('http://127.0.0.1:8090').post :body => "data", :head => { 'expect' => '100-continue' }
+
+      http.errback { failed(http) }
+      http.callback {
+        http.response_header.status.should == 200
+        http.response.should == "data"
+        EventMachine.stop
+      }
+    }
+  end
+
   it "should perform successful GET with custom header" do
     EventMachine.run {
       http = EventMachine::HttpRequest.new('http://127.0.0.1:8090/').get :head => {'if-none-match' => 'evar!'}
@@ -789,6 +802,28 @@ describe EventMachine::HttpRequest do
     }
   end
 
+  it "streams POST request from disk via Pathname" do
+    EventMachine.run {
+      http = EventMachine::HttpRequest.new('http://127.0.0.1:8090/').post :body => Pathname.new('spec/fixtures/google.ca')
+      http.errback { failed(http) }
+      http.callback {
+        http.response.should match('google')
+        EventMachine.stop
+      }
+    }
+  end
+
+  it "streams POST request from IO object" do
+    EventMachine.run {
+      http = EventMachine::HttpRequest.new('http://127.0.0.1:8090/').post :body => StringIO.new(File.read('spec/fixtures/google.ca'))
+      http.errback { failed(http) }
+      http.callback {
+        http.response.should match('google')
+        EventMachine.stop
+      }
+    }
+  end
+
   it "should reconnect if connection was closed between requests" do
     EventMachine.run {
       conn = EM::HttpRequest.new('http://127.0.0.1:8090/')
@@ -942,4 +977,24 @@ describe EventMachine::HttpRequest do
       }
     end
   end
+
+  context "IPv6" do
+    it "should perform successful GET" do
+      EventMachine.run {
+        @s = StubServer.new({
+          response: "HTTP/1.1 200 OK\r\n\r\nHello IPv6",
+          port: 8091,
+          host: '::1',
+        })
+        http = EventMachine::HttpRequest.new('http://[::1]:8091/').get
+
+        http.errback { failed(http) }
+        http.callback {
+          http.response_header.status.should == 200
+          http.response.should match(/Hello IPv6/)
+          EventMachine.stop
+        }
+      }
+    end
+  end
 end

data/spec/dns_spec.rb

@@ -7,7 +7,7 @@ describe EventMachine::HttpRequest do
       http = EventMachine::HttpRequest.new('http://127.0.0.1:8090/redirect/badhost', :connect_timeout => 0.1).get :redirects => 1
       http.callback { failed(http) }
       http.errback {
-        http.error.should match('unable to resolve server address')
+        http.error.should match(/unable to resolve (server |)address/)
         EventMachine.stop
       }
     }
@@ -31,7 +31,7 @@ describe EventMachine::HttpRequest do
       http = EventMachine::HttpRequest.new('http://somethinglocal/', :connect_timeout => 0.1).get
       http.callback { failed(http) }
       http.errback {
-        http.error.should match(/unable to resolve server address/)
+        http.error.should match(/unable to resolve (server |)address/)
         http.response_header.status.should == 0
         EventMachine.stop
       }

data/spec/http_proxy_spec.rb

@@ -1,107 +1,268 @@
 require 'helper'
 
+shared_examples "*_PROXY var (through proxy)" do
+  it "should use HTTP proxy" do
+    EventMachine.run {
+      http = EventMachine::HttpRequest.new("#{proxy_test_scheme}://127.0.0.1:8090/?q=test").get
+
+      http.errback { failed(http) }
+      http.callback {
+        http.response_header.status.should == 200
+        http.response_header.should_not include("X_PROXY_AUTH")
+        http.response.should match('test')
+        EventMachine.stop
+      }
+    }
+  end
+end
+
+shared_examples "*_PROXY var (testing var)" do
+  subject { HttpConnectionOptions.new("#{proxy_test_scheme}://example.com", {}) }
+  it { expect(subject.proxy_from_env).to eq({ :host => "127.0.0.1", :port => 8083, :type => :http }) }
+  it { expect(subject.host).to eq "127.0.0.1" }
+  it { expect(subject.port).to be 8083 }
+  it do
+    case proxy_test_scheme.to_sym
+    when :http
+      expect(subject.http_proxy?).to be_truthy
+    when :https
+      expect(subject.connect_proxy?).to be_truthy
+    end
+  end
+end
+
 describe EventMachine::HttpRequest do
 
   context "connections via" do
-    let(:proxy) { {:proxy => { :host => '127.0.0.1', :port => 8083 }} }
-    let(:authenticated_proxy) { {:proxy => { :host => '127.0.0.1', :port => 8083, :authorization => ["user", "name"] } } }
-
-    it "should use HTTP proxy" do
-      EventMachine.run {
-        http = EventMachine::HttpRequest.new('http://127.0.0.1:8090/?q=test', proxy).get
-
-        http.errback { failed(http) }
-        http.callback {
-          http.response_header.status.should == 200
-          http.response_header.should_not include("X_PROXY_AUTH")
-          http.response.should match('test')
-          EventMachine.stop
+    context "without *_PROXY env" do
+      let(:proxy) { {:proxy => { :host => '127.0.0.1', :port => 8083 }} }
+      let(:authenticated_proxy) { {:proxy => { :host => '127.0.0.1', :port => 8083, :authorization => ["user", "name"] } } }
+
+      it "should use HTTP proxy" do
+        EventMachine.run {
+          http = EventMachine::HttpRequest.new('http://127.0.0.1:8090/?q=test', proxy).get
+
+          http.errback { failed(http) }
+          http.callback {
+            http.response_header.status.should == 200
+            http.response_header.should_not include("X_PROXY_AUTH")
+            http.response.should match('test')
+            EventMachine.stop
+          }
         }
-      }
-    end
+      end
 
-    it "should use HTTP proxy with authentication" do
-      EventMachine.run {
-        http = EventMachine::HttpRequest.new('http://127.0.0.1:8090/proxyauth?q=test', authenticated_proxy).get
+      it "should use HTTP proxy with authentication" do
+        EventMachine.run {
+          http = EventMachine::HttpRequest.new('http://127.0.0.1:8090/proxyauth?q=test', authenticated_proxy).get
 
-        http.errback { failed(http) }
-        http.callback {
-          http.response_header.status.should == 200
-          http.response_header['X_PROXY_AUTH'].should == "Proxy-Authorization: Basic dXNlcjpuYW1l"
-          http.response.should match('test')
-          EventMachine.stop
+          http.errback { failed(http) }
+          http.callback {
+            http.response_header.status.should == 200
+            http.response_header['X_PROXY_AUTH'].should == "Proxy-Authorization: Basic dXNlcjpuYW1l"
+            http.response.should match('test')
+            EventMachine.stop
+          }
         }
-      }
-    end
+      end
 
-    it "should send absolute URIs to the proxy server" do
-      EventMachine.run {
+      it "should send absolute URIs to the proxy server" do
+        EventMachine.run {
 
-        http = EventMachine::HttpRequest.new('http://127.0.0.1:8090/?q=test', proxy).get
+          http = EventMachine::HttpRequest.new('http://127.0.0.1:8090/?q=test', proxy).get
 
-        http.errback { failed(http) }
-        http.callback {
-          http.response_header.status.should == 200
+          http.errback { failed(http) }
+          http.callback {
+            http.response_header.status.should == 200
 
-          # The test proxy server gives the requested uri back in this header
-          http.response_header['X_THE_REQUESTED_URI'].should == 'http://127.0.0.1:8090/?q=test'
-          http.response_header['X_THE_REQUESTED_URI'].should_not == '/?q=test'
-          http.response.should match('test')
-          EventMachine.stop
+            # The test proxy server gives the requested uri back in this header
+            http.response_header['X_THE_REQUESTED_URI'].should == 'http://127.0.0.1:8090/?q=test'
+            http.response_header['X_THE_REQUESTED_URI'].should_not == '/?q=test'
+            http.response.should match('test')
+            EventMachine.stop
+          }
         }
-      }
-    end
+      end
 
-    it "should strip basic auth from before the host in URI sent to proxy" do
-      EventMachine.run {
+      it "should strip basic auth from before the host in URI sent to proxy" do
+        EventMachine.run {
 
-        http = EventMachine::HttpRequest.new('http://user:pass@127.0.0.1:8090/echo_authorization_header', proxy).get
+          http = EventMachine::HttpRequest.new('http://user:pass@127.0.0.1:8090/echo_authorization_header', proxy).get
 
-        http.errback { failed(http) }
-        http.callback {
-          http.response_header.status.should == 200
-          # The test proxy server gives the requested uri back in this header
-          http.response_header['X_THE_REQUESTED_URI'].should == 'http://127.0.0.1:8090/echo_authorization_header'
-          # Ensure the basic auth was converted to a header correctly
-          http.response.should match('authorization:Basic dXNlcjpwYXNz')
-          EventMachine.stop
+          http.errback { failed(http) }
+          http.callback {
+            http.response_header.status.should == 200
+            # The test proxy server gives the requested uri back in this header
+            http.response_header['X_THE_REQUESTED_URI'].should == 'http://127.0.0.1:8090/echo_authorization_header'
+            # Ensure the basic auth was converted to a header correctly
+            http.response.should match('authorization:Basic dXNlcjpwYXNz')
+            EventMachine.stop
+          }
         }
-      }
-    end
+      end
 
-    it "should include query parameters specified in the options" do
-      EventMachine.run {
-        http = EventMachine::HttpRequest.new('http://127.0.0.1:8090/', proxy).get :query => { 'q' => 'test' }
+      it "should include query parameters specified in the options" do
+        EventMachine.run {
+          http = EventMachine::HttpRequest.new('http://127.0.0.1:8090/', proxy).get :query => { 'q' => 'test' }
 
-        http.errback { failed(http) }
-        http.callback {
-          http.response_header.status.should == 200
-          http.response.should match('test')
-          EventMachine.stop
+          http.errback { failed(http) }
+          http.callback {
+            http.response_header.status.should == 200
+            http.response.should match('test')
+            EventMachine.stop
+          }
         }
-      }
-    end
+      end
 
-    it "should use HTTP proxy while redirecting" do
-      EventMachine.run {
-        http = EventMachine::HttpRequest.new('http://127.0.0.1:8090/redirect', proxy).get :redirects => 1
+      it "should use HTTP proxy while redirecting" do
+        EventMachine.run {
+          http = EventMachine::HttpRequest.new('http://127.0.0.1:8090/redirect', proxy).get :redirects => 1
 
-        http.errback { failed(http) }
-        http.callback {
-          http.response_header.status.should == 200
+          http.errback { failed(http) }
+          http.callback {
+            http.response_header.status.should == 200
 
-          http.response_header['X_THE_REQUESTED_URI'].should == 'http://127.0.0.1:8090/gzip'
-          http.response_header['X_THE_REQUESTED_URI'].should_not == '/redirect'
+            http.response_header['X_THE_REQUESTED_URI'].should == 'http://127.0.0.1:8090/gzip'
+            http.response_header['X_THE_REQUESTED_URI'].should_not == '/redirect'
 
-          http.response_header["CONTENT_ENCODING"].should == "gzip"
-          http.response.should == "compressed"
-          http.last_effective_url.to_s.should == 'http://127.0.0.1:8090/gzip'
-          http.redirects.should == 1
+            http.response_header["CONTENT_ENCODING"].should == "gzip"
+            http.response.should == "compressed"
+            http.last_effective_url.to_s.should == 'http://127.0.0.1:8090/gzip'
+            http.redirects.should == 1
 
-          EventMachine.stop
+            EventMachine.stop
+          }
         }
-      }
+      end
+    end
+
+    context "when parsing *_PROXY var (through proxy)s" do
+      context "with $HTTP_PROXY env" do
+        let(:proxy_test_scheme) { :http }
+
+        before(:all) do
+          PROXY_ENV_VARS.each {|k| ENV.delete k }
+          ENV['HTTP_PROXY'] = 'http://127.0.0.1:8083'
+        end
+
+        include_examples "*_PROXY var (through proxy)"
+      end
+
+      context "with $http_proxy env" do
+        let(:proxy_test_scheme) { :http }
+
+        before(:all) do
+          PROXY_ENV_VARS.each {|k| ENV.delete k }
+          ENV['http_proxy'] = 'http://127.0.0.1:8083'
+        end
+
+        include_examples "*_PROXY var (through proxy)"
+      end
+
+      ## TODO: Use a Mongrel HTTP server that can handle SSL:
+      context "with $HTTPS_PROXY env", skip: "Mongrel isn't configured to handle HTTPS, currently" do
+        let(:proxy_test_scheme) { :https }
+
+        before(:all) do
+          PROXY_ENV_VARS.each {|k| ENV.delete k }
+          ENV['HTTPS_PROXY'] = 'http://127.0.0.1:8083'
+        end
+
+        include_examples "*_PROXY var (through proxy)"
+      end
+
+      ## TODO: Use a Mongrel HTTP server that can handle SSL:
+      context "with $https_proxy env", skip: "Mongrel isn't configured to handle HTTPS, currently" do
+        let(:proxy_test_scheme) { :https }
+
+        before(:all) do
+          PROXY_ENV_VARS.each {|k| ENV.delete k }
+          ENV['https_proxy'] = 'http://127.0.0.1:8083'
+        end
+
+        include_examples "*_PROXY var (through proxy)"
+      end
+
+      context "with $ALL_PROXY env" do
+        let(:proxy_test_scheme) { :http }
+
+        before(:all) do
+          PROXY_ENV_VARS.each {|k| ENV.delete k }
+          ENV['ALL_PROXY'] = 'http://127.0.0.1:8083'
+        end
+
+        include_examples "*_PROXY var (through proxy)"
+      end
     end
   end
 
+  context "when parsing *_PROXY vars" do
+    context "without a *_PROXY var" do
+      before(:all) do
+        PROXY_ENV_VARS.each {|k| ENV.delete k }
+      end
+
+      subject { HttpConnectionOptions.new("http://example.com", {}) }
+      it { expect(subject.proxy_from_env).to be_nil }
+      it { expect(subject.host).to eq "example.com" }
+      it { expect(subject.port).to be 80 }
+      it { expect(subject.http_proxy?).to be_falsey }
+      it { expect(subject.connect_proxy?).to be_falsey }
+    end
+
+    context "with $HTTP_PROXY env" do
+      let(:proxy_test_scheme) { :http }
+
+      before(:each) do
+        PROXY_ENV_VARS.each {|k| ENV.delete k }
+        ENV['HTTP_PROXY'] = 'http://127.0.0.1:8083'
+      end
+
+      include_examples "*_PROXY var (testing var)"
+    end
+
+    context "with $http_proxy env" do
+      let(:proxy_test_scheme) { :http }
+
+      before(:each) do
+        PROXY_ENV_VARS.each {|k| ENV.delete k }
+        ENV['http_proxy'] = 'http://127.0.0.1:8083'
+      end
+
+      include_examples "*_PROXY var (testing var)"
+    end
+
+    context "with $HTTPS_PROXY env" do
+      let(:proxy_test_scheme) { :https }
+
+      before(:each) do
+        PROXY_ENV_VARS.each {|k| ENV.delete k }
+        ENV['HTTPS_PROXY'] = 'http://127.0.0.1:8083'
+      end
+
+      include_examples "*_PROXY var (testing var)"
+    end
+
+    context "with $https_proxy env" do
+      let(:proxy_test_scheme) { :https }
+
+      before(:each) do
+        PROXY_ENV_VARS.each {|k| ENV.delete k }
+        ENV['https_proxy'] = 'http://127.0.0.1:8083'
+      end
+
+      include_examples "*_PROXY var (testing var)"
+    end
+
+    context "with $ALL_PROXY env" do
+      let(:proxy_test_scheme) { :https }
+
+      before(:each) do
+        PROXY_ENV_VARS.each {|k| ENV.delete k }
+        ENV['ALL_PROXY'] = 'http://127.0.0.1:8083'
+      end
+
+      include_examples "*_PROXY var (testing var)"
+    end
+  end
 end

data/spec/spec_helper.rb

@@ -1,8 +1,25 @@
+PROXY_ENV_VARS = %w[HTTP_PROXY http_proxy HTTPS_PROXY https_proxy ALL_PROXY]
+
 RSpec.configure do |config|
+  proxy_envs = {}
+
   config.mock_with :rspec do |c|
     c.syntax = [:should, :expect]
   end
   config.expect_with :rspec do |c|
     c.syntax = [:should, :expect]
   end
-end
+
+  config.before :all do
+    # Back-up ENV *_PROXY vars
+    orig_proxy_envs = Hash[
+      PROXY_ENV_VARS.select {|k| ENV.key? k }.map {|k| [k, ENV.delete(k)] }
+    ]
+    proxy_envs.replace(orig_proxy_envs)
+  end
+
+  config.after :all do
+    # Restore ENV *_PROXY vars
+    ENV.update(proxy_envs)
+  end
+end

data/spec/ssl_spec.rb

@@ -3,7 +3,6 @@ require 'helper'
 requires_connection do
 
   describe EventMachine::HttpRequest do
-
     it "should initiate SSL/TLS on HTTPS connections" do
       EventMachine.run {
         http = EventMachine::HttpRequest.new('https://mail.google.com:443/mail/').get
@@ -15,6 +14,58 @@ requires_connection do
         }
       }
     end
+
+    describe "TLS hostname verification" do
+      before do
+        @cve_warning = "[WARNING; em-http-request] TLS hostname validation is disabled (use 'tls: {verify_peer: true}'), see" +
+                       " CVE-2020-13482 and https://github.com/igrigorik/em-http-request/issues/339 for details"
+        @orig_stderr = $stderr
+        $stderr = StringIO.new
+      end
+
+      after do
+        $stderr = @orig_stderr
+      end
+
+      it "should not warn if verify_peer is specified" do
+        EventMachine.run {
+          http = EventMachine::HttpRequest.new('https://mail.google.com:443/mail', {tls: {verify_peer: false}}).get
+
+          http.callback {
+            $stderr.rewind
+            $stderr.string.chomp.should_not eq(@cve_warning)
+
+            EventMachine.stop
+          }
+        }
+      end
+
+      it "should not warn if verify_peer is true" do
+        EventMachine.run {
+          http = EventMachine::HttpRequest.new('https://mail.google.com:443/mail', {tls: {verify_peer: true}}).get
+
+          http.callback {
+            $stderr.rewind
+            $stderr.string.chomp.should_not eq(@cve_warning)
+
+            EventMachine.stop
+          }
+        }
+      end
+
+      it "should warn if verify_peer is unspecified" do
+        EventMachine.run {
+          http = EventMachine::HttpRequest.new('https://mail.google.com:443/mail').get
+
+          http.callback {
+            $stderr.rewind
+            $stderr.string.chomp.should eq(@cve_warning)
+
+            EventMachine.stop
+          }
+        }
+      end
+    end
   end
 
 end

data/spec/stallion.rb

@@ -1,6 +1,6 @@
 # #--
 # Includes portion originally Copyright (C)2008 Michael Fellinger
-# license See file LICENSE for details
+# MIT License
 # #--
 
 require 'rack'

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: em-http-request
 version: !ruby/object:Gem::Version
-  version: 1.1.5
+  version: 1.1.7
 platform: ruby
 authors:
 - Ilya Grigorik
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2016-07-01 00:00:00.000000000 Z
+date: 2020-08-31 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: addressable
@@ -112,16 +112,16 @@ dependencies:
   name: rack
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "<"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '2.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "<"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '2.0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -197,6 +197,7 @@ files:
 - lib/em-http/multi.rb
 - lib/em-http/request.rb
 - lib/em-http/version.rb
+- lib/em/io_streamer.rb
 - spec/client_fiber_spec.rb
 - spec/client_spec.rb
 - spec/digest_auth_spec.rb
@@ -222,7 +223,7 @@ homepage: http://github.com/igrigorik/em-http-request
 licenses:
 - MIT
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -237,9 +238,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: em-http-request
-rubygems_version: 2.5.1
-signing_key: 
+rubygems_version: 3.0.3
+signing_key:
 specification_version: 4
 summary: EventMachine based, async HTTP Request client
 test_files:
@@ -264,4 +264,3 @@ test_files:
 - spec/ssl_spec.rb
 - spec/stallion.rb
 - spec/stub_server.rb
-has_rdoc: