em-http-request 1.1.6 → 1.1.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/lib/em-http/http_connection.rb +1 -1
  3. data/lib/em-http/version.rb +1 -1
  4. data/spec/ssl_spec.rb +52 -1
  5. metadata +6 -6
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 2f4f8a6c2da0b0c94da02566ece7c1d21b8eb0215a8c9cda13fe9c83ac8ee9b3
4
- data.tar.gz: 674236e422a3e242e3e3ac32383b048fe12932392ceb21134a990a4f7c8302ff
3
+ metadata.gz: c7562e4d20c35c54a9319250e665a883c810546cb657d8f897591e113999ed3a
4
+ data.tar.gz: 643bf26ea7bfa2a85d6e4257a475295c16eca044ff0d04341537793f07d5bd04
5
5
  SHA512:
6
- metadata.gz: da7d9c33b2275b7974b8fbe0aa8dabda4a675b72e589764afc4af0b19831d566066884368b61c0a18f72509b8b8f98bec87681568deaaa5791a692d323f3c5ac
7
- data.tar.gz: c2ebbf1c4ddfc08b9d7fc708b604cf1a95c342f09433959ab4ea5018e0704c0f68bc81004244b24f233993161e6453607d655e88634cd42eea0ce37cc9e9f554
6
+ metadata.gz: 9d9d1f441081a034f29447cb99b26c73ef7767a989c31df007e1ecfc6ea8db1f4cbe00fb26c0f81b59108f53b54dfbccd51ea9140fd5286efaca6095b45943ad
7
+ data.tar.gz: 690dc944373085313c41c484edd25366036a3da46855b6a153aab65c19aed961d94d202de07cb3f5f8406585bb5c3a66998913debcba4d02796fb1c8f04be7c1
data/lib/em-http/http_connection.rb CHANGED
@@ -64,7 +64,7 @@ module EventMachine
64
64
  def ssl_handshake_completed
65
65
  unless verify_peer?
66
66
  warn "[WARNING; em-http-request] TLS hostname validation is disabled (use 'tls: {verify_peer: true}'), see" +
67
- " CVE-2020-13482 and https://github.com/igrigorik/em-http-request/issues/339 for details"
67
+ " CVE-2020-13482 and https://github.com/igrigorik/em-http-request/issues/339 for details" unless parent.connopts.tls.has_key?(:verify_peer)
68
68
  return true
69
69
  end
70
70
 
data/lib/em-http/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module EventMachine
2
2
  class HttpRequest
3
- VERSION = "1.1.6"
3
+ VERSION = "1.1.7"
4
4
  end
5
5
  end
data/spec/ssl_spec.rb CHANGED
@@ -3,7 +3,6 @@ require 'helper'
3
3
  requires_connection do
4
4
 
5
5
  describe EventMachine::HttpRequest do
6
-
7
6
  it "should initiate SSL/TLS on HTTPS connections" do
8
7
  EventMachine.run {
9
8
  http = EventMachine::HttpRequest.new('https://mail.google.com:443/mail/').get
@@ -15,6 +14,58 @@ requires_connection do
15
14
  }
16
15
  }
17
16
  end
17
+
18
+ describe "TLS hostname verification" do
19
+ before do
20
+ @cve_warning = "[WARNING; em-http-request] TLS hostname validation is disabled (use 'tls: {verify_peer: true}'), see" +
21
+ " CVE-2020-13482 and https://github.com/igrigorik/em-http-request/issues/339 for details"
22
+ @orig_stderr = $stderr
23
+ $stderr = StringIO.new
24
+ end
25
+
26
+ after do
27
+ $stderr = @orig_stderr
28
+ end
29
+
30
+ it "should not warn if verify_peer is specified" do
31
+ EventMachine.run {
32
+ http = EventMachine::HttpRequest.new('https://mail.google.com:443/mail', {tls: {verify_peer: false}}).get
33
+
34
+ http.callback {
35
+ $stderr.rewind
36
+ $stderr.string.chomp.should_not eq(@cve_warning)
37
+
38
+ EventMachine.stop
39
+ }
40
+ }
41
+ end
42
+
43
+ it "should not warn if verify_peer is true" do
44
+ EventMachine.run {
45
+ http = EventMachine::HttpRequest.new('https://mail.google.com:443/mail', {tls: {verify_peer: true}}).get
46
+
47
+ http.callback {
48
+ $stderr.rewind
49
+ $stderr.string.chomp.should_not eq(@cve_warning)
50
+
51
+ EventMachine.stop
52
+ }
53
+ }
54
+ end
55
+
56
+ it "should warn if verify_peer is unspecified" do
57
+ EventMachine.run {
58
+ http = EventMachine::HttpRequest.new('https://mail.google.com:443/mail').get
59
+
60
+ http.callback {
61
+ $stderr.rewind
62
+ $stderr.string.chomp.should eq(@cve_warning)
63
+
64
+ EventMachine.stop
65
+ }
66
+ }
67
+ end
68
+ end
18
69
  end
19
70
 
20
71
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: em-http-request
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.1.6
4
+ version: 1.1.7
5
5
  platform: ruby
6
6
  authors:
7
7
  - Ilya Grigorik
8
- autorequire:
8
+ autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-06-01 00:00:00.000000000 Z
11
+ date: 2020-08-31 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: addressable
@@ -223,7 +223,7 @@ homepage: http://github.com/igrigorik/em-http-request
223
223
  licenses:
224
224
  - MIT
225
225
  metadata: {}
226
- post_install_message:
226
+ post_install_message:
227
227
  rdoc_options: []
228
228
  require_paths:
229
229
  - lib
@@ -238,8 +238,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
238
238
  - !ruby/object:Gem::Version
239
239
  version: '0'
240
240
  requirements: []
241
- rubygems_version: 3.1.3
242
- signing_key:
241
+ rubygems_version: 3.0.3
242
+ signing_key:
243
243
  specification_version: 4
244
244
  summary: EventMachine based, async HTTP Request client
245
245
  test_files: