em-http-request 1.1.6 → 1.1.7
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/em-http/http_connection.rb +1 -1
- data/lib/em-http/version.rb +1 -1
- data/spec/ssl_spec.rb +52 -1
- metadata +6 -6
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: c7562e4d20c35c54a9319250e665a883c810546cb657d8f897591e113999ed3a
|
|
4
|
+
data.tar.gz: 643bf26ea7bfa2a85d6e4257a475295c16eca044ff0d04341537793f07d5bd04
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 9d9d1f441081a034f29447cb99b26c73ef7767a989c31df007e1ecfc6ea8db1f4cbe00fb26c0f81b59108f53b54dfbccd51ea9140fd5286efaca6095b45943ad
|
|
7
|
+
data.tar.gz: 690dc944373085313c41c484edd25366036a3da46855b6a153aab65c19aed961d94d202de07cb3f5f8406585bb5c3a66998913debcba4d02796fb1c8f04be7c1
|
|
@@ -64,7 +64,7 @@ module EventMachine
|
|
|
64
64
|
def ssl_handshake_completed
|
|
65
65
|
unless verify_peer?
|
|
66
66
|
warn "[WARNING; em-http-request] TLS hostname validation is disabled (use 'tls: {verify_peer: true}'), see" +
|
|
67
|
-
" CVE-2020-13482 and https://github.com/igrigorik/em-http-request/issues/339 for details"
|
|
67
|
+
" CVE-2020-13482 and https://github.com/igrigorik/em-http-request/issues/339 for details" unless parent.connopts.tls.has_key?(:verify_peer)
|
|
68
68
|
return true
|
|
69
69
|
end
|
|
70
70
|
|
data/lib/em-http/version.rb
CHANGED
data/spec/ssl_spec.rb
CHANGED
|
@@ -3,7 +3,6 @@ require 'helper'
|
|
|
3
3
|
requires_connection do
|
|
4
4
|
|
|
5
5
|
describe EventMachine::HttpRequest do
|
|
6
|
-
|
|
7
6
|
it "should initiate SSL/TLS on HTTPS connections" do
|
|
8
7
|
EventMachine.run {
|
|
9
8
|
http = EventMachine::HttpRequest.new('https://mail.google.com:443/mail/').get
|
|
@@ -15,6 +14,58 @@ requires_connection do
|
|
|
15
14
|
}
|
|
16
15
|
}
|
|
17
16
|
end
|
|
17
|
+
|
|
18
|
+
describe "TLS hostname verification" do
|
|
19
|
+
before do
|
|
20
|
+
@cve_warning = "[WARNING; em-http-request] TLS hostname validation is disabled (use 'tls: {verify_peer: true}'), see" +
|
|
21
|
+
" CVE-2020-13482 and https://github.com/igrigorik/em-http-request/issues/339 for details"
|
|
22
|
+
@orig_stderr = $stderr
|
|
23
|
+
$stderr = StringIO.new
|
|
24
|
+
end
|
|
25
|
+
|
|
26
|
+
after do
|
|
27
|
+
$stderr = @orig_stderr
|
|
28
|
+
end
|
|
29
|
+
|
|
30
|
+
it "should not warn if verify_peer is specified" do
|
|
31
|
+
EventMachine.run {
|
|
32
|
+
http = EventMachine::HttpRequest.new('https://mail.google.com:443/mail', {tls: {verify_peer: false}}).get
|
|
33
|
+
|
|
34
|
+
http.callback {
|
|
35
|
+
$stderr.rewind
|
|
36
|
+
$stderr.string.chomp.should_not eq(@cve_warning)
|
|
37
|
+
|
|
38
|
+
EventMachine.stop
|
|
39
|
+
}
|
|
40
|
+
}
|
|
41
|
+
end
|
|
42
|
+
|
|
43
|
+
it "should not warn if verify_peer is true" do
|
|
44
|
+
EventMachine.run {
|
|
45
|
+
http = EventMachine::HttpRequest.new('https://mail.google.com:443/mail', {tls: {verify_peer: true}}).get
|
|
46
|
+
|
|
47
|
+
http.callback {
|
|
48
|
+
$stderr.rewind
|
|
49
|
+
$stderr.string.chomp.should_not eq(@cve_warning)
|
|
50
|
+
|
|
51
|
+
EventMachine.stop
|
|
52
|
+
}
|
|
53
|
+
}
|
|
54
|
+
end
|
|
55
|
+
|
|
56
|
+
it "should warn if verify_peer is unspecified" do
|
|
57
|
+
EventMachine.run {
|
|
58
|
+
http = EventMachine::HttpRequest.new('https://mail.google.com:443/mail').get
|
|
59
|
+
|
|
60
|
+
http.callback {
|
|
61
|
+
$stderr.rewind
|
|
62
|
+
$stderr.string.chomp.should eq(@cve_warning)
|
|
63
|
+
|
|
64
|
+
EventMachine.stop
|
|
65
|
+
}
|
|
66
|
+
}
|
|
67
|
+
end
|
|
68
|
+
end
|
|
18
69
|
end
|
|
19
70
|
|
|
20
71
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: em-http-request
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.1.
|
|
4
|
+
version: 1.1.7
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Ilya Grigorik
|
|
8
|
-
autorequire:
|
|
8
|
+
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2020-
|
|
11
|
+
date: 2020-08-31 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: addressable
|
|
@@ -223,7 +223,7 @@ homepage: http://github.com/igrigorik/em-http-request
|
|
|
223
223
|
licenses:
|
|
224
224
|
- MIT
|
|
225
225
|
metadata: {}
|
|
226
|
-
post_install_message:
|
|
226
|
+
post_install_message:
|
|
227
227
|
rdoc_options: []
|
|
228
228
|
require_paths:
|
|
229
229
|
- lib
|
|
@@ -238,8 +238,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
238
238
|
- !ruby/object:Gem::Version
|
|
239
239
|
version: '0'
|
|
240
240
|
requirements: []
|
|
241
|
-
rubygems_version: 3.
|
|
242
|
-
signing_key:
|
|
241
|
+
rubygems_version: 3.0.3
|
|
242
|
+
signing_key:
|
|
243
243
|
specification_version: 4
|
|
244
244
|
summary: EventMachine based, async HTTP Request client
|
|
245
245
|
test_files:
|