excon 0.44.4 → 0.45.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 03ddb771305f4a3c7b4300c1a335ee9393d94604
-  data.tar.gz: 1321c392222a025b61751ed39a9c0681e739e01f
+  metadata.gz: 3672a722de0403e6e2826a2db98fe28b97ba73f5
+  data.tar.gz: ef99f47f4735d41422cf58e2dc29f1d81186164a
 SHA512:
-  metadata.gz: b56c56888dd2b535a4c5746c37f132a8b4379a3a49b84e74db5f314828e4a231b38ab5881eab7568a2600bc8866d597969cdafe422c334468a3fbd606b9785f9
-  data.tar.gz: 1937daeb7f9206ad8b63514864e1424c02fa840e3be76d329eb02107d032c33dbdbdf85b16e3b58406c1aba5c7366ca28c9dbb75fed4b3040e5cf476470d8d01
+  metadata.gz: 7275582af99e3738d3bb43d54f639092772fd13878fcfcc1ab2403fe8df81d16616b3b8d89a51ea6e80153814604dc42fa79cf7571c95a4d2c5cdcd414d61534
+  data.tar.gz: b24381617571f4ae8a8369f01c7e0c1679a5be7eefb1604a122924636706cf540cb6fdc70a0bbb59ca208339ff762629108232a5dc3819030c5eed2834717cbc

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    excon (0.44.4)
+    excon (0.45.0)
 
 GEM
   remote: http://rubygems.org/

data/README.md

@@ -308,7 +308,7 @@ connection = Excon.new(
 )
 ```
 
-Excon will then instrument each request, retry, and error.  The corresponding events are named excon.request, excon.retry, and excon.error respectively.
+Excon will then instrument each request, retry, and error.  The corresponding events are named `excon.request`, `excon.retry`, and `excon.error` respectively.
 
 ```ruby
 ActiveSupport::Notifications.subscribe(/excon/) do |*args|
@@ -316,7 +316,7 @@ ActiveSupport::Notifications.subscribe(/excon/) do |*args|
 end
 ```
 
-If you prefer to label each event with something other than "excon," you may specify
+If you prefer to label each event with a namespace other than "excon", you may specify
 an alternate name in the constructor:
 
 ```ruby
@@ -327,7 +327,23 @@ connection = Excon.new(
 )
 ```
 
-If you don't want to add activesupport to your application, simply define a class which implements the same #instrument method like so:
+Note: Excon's ActiveSupport::Notifications implementation has the following event format: `<namespace>.<event>` which is the opposite of the Rails' implementation.
+
+ActiveSupport provides a [subscriber](http://api.rubyonrails.org/classes/ActiveSupport/Subscriber.html) interface which lets you attach a subscriber to a namespace. Due to the incompability above, you won't be able to attach a subscriber to the "excon" namespace out of the box.
+
+If you want this functionality, you can use a simple adapter such as this one:
+
+```ruby
+class ExconToRailsInstrumentor
+  def self.instrument(name, datum, &block)
+    namespace, *event = name.split(".")
+    rails_name = [event, namespace].flatten.join(".")
+    ActiveSupport::Notifications.instrument(rails_name, datum, &block)
+  end
+end
+```
+
+If you don't want to add ActiveSupport to your application, simply define a class which implements the same `#instrument` method like so:
 
 ```ruby
 class SimpleInstrumentor
@@ -344,7 +360,7 @@ end
 
 The #instrument method will be called for each HTTP request, response, retry, and error.
 
-For debugging purposes you can also use Excon::StandardInstrumentor to output all events to stderr. This can also be specified by setting the `EXCON_DEBUG` ENV var.
+For debugging purposes you can also use `Excon::StandardInstrumentor` to output all events to stderr. This can also be specified by setting the `EXCON_DEBUG` ENV var.
 
 See [the documentation for ActiveSupport::Notifications](http://api.rubyonrails.org/classes/ActiveSupport/Notifications.html) for more detail on using the subscription interface.  See excon's [instrumentation_test.rb](https://github.com/excon/excon/blob/master/tests/middlewares/instrumentation_tests.rb) for more examples of instrumenting excon.
 

data/changelog.txt

@@ -1,3 +1,12 @@
+0.45.0 03/26/2015
+=================
+
+prefer default SSL config to ENV, when available
+document instrumentor deviation from rails format
+better error/warning around openssl 1.0.2 bug
+fix nonblocking ssl connect to not have tight loop
+also remove user/pass when following redirects
+
 0.44.4 03/04/2015
 =================
 

data/excon.gemspec

@@ -13,8 +13,8 @@ Gem::Specification.new do |s|
   ## If your rubyforge_project name is different, then edit it and comment out
   ## the sub! line in the Rakefile
   s.name              = 'excon'
-  s.version           = '0.44.4'
-  s.date              = '2015-03-04'
+  s.version           = '0.45.0'
+  s.date              = '2015-03-26'
   s.rubyforge_project = 'excon'
 
   ## Make sure your summary is short. The description may be as long

data/lib/excon/constants.rb

@@ -1,6 +1,6 @@
 module Excon
 
-  VERSION = '0.44.4'
+  VERSION = '0.45.0'
 
   CR_NL = "\r\n"
 

data/lib/excon/middlewares/redirect_follower.rb

@@ -15,8 +15,11 @@ module Excon
             response = datum.delete(:response)
 
             params = datum.dup
-            params.delete(:stack)
             params.delete(:connection)
+            params.delete(:password)
+            params.delete(:stack)
+            params.delete(:user)
+
             if [301, 302, 303].include?(response[:status])
               params[:method] = :get
               params.delete(:body)

data/lib/excon/socket.rb

@@ -241,6 +241,14 @@ module Excon
           # I wish that this API accepted a start position, then we wouldn't
           # have to slice data when there is a short write.
           written = @socket.write_nonblock(data)
+        rescue Errno::EFAULT
+          if OpenSSL::OPENSSL_LIBRARY_VERSION.split(' ')[1] == '1.0.2'
+            msg = "The version of OpenSSL this ruby is built against (1.0.2) has a vulnerability
+                   which causes a fault. For more, see https://github.com/excon/excon/issues/467"
+            raise SecurityError.new(msg)
+          else
+            raise error
+          end
         rescue OpenSSL::SSL::SSLError, Errno::EAGAIN, Errno::EWOULDBLOCK, IO::WaitWritable => error
           if error.is_a?(OpenSSL::SSL::SSLError) && error.message != 'write would block'
             raise error

data/lib/excon/ssl_socket.rb

@@ -30,10 +30,10 @@ module Excon
         # turn verification on
         ssl_context.verify_mode = OpenSSL::SSL::VERIFY_PEER
 
-        if ca_file = ENV['SSL_CERT_FILE'] || @data[:ssl_ca_file]
+        if ca_file = @data[:ssl_ca_file] || ENV['SSL_CERT_FILE']
           ssl_context.ca_file = ca_file
         end
-        if ca_path = ENV['SSL_CERT_DIR'] || @data[:ssl_ca_path]
+        if ca_path = @data[:ssl_ca_path] || ENV['SSL_CERT_DIR']
           ssl_context.ca_path = ca_path
         end
         if cert_store = @data[:ssl_cert_store]
@@ -116,20 +116,17 @@ module Excon
 
       begin
         if @nonblock
-          loop do
-            begin
-              @socket.connect_nonblock
-              break # connect succeeded
-            rescue OpenSSL::SSL::SSLError => error
-              # would block, rescue and retry as select is non-helpful
-              raise error unless error.message == 'read would block'
-            end
+          begin
+            @socket.connect_nonblock
+          rescue IO::WaitReadable
+            IO.select([@socket])
+            retry
           end
         else
           @socket.connect
         end
-      rescue OpenSSL::SSL::SSLError => e
-        raise e
+      rescue OpenSSL::SSL::SSLError
+        raise
       rescue
         raise Excon::Errors::Timeout.new('connect timeout reached')
       end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: excon
 version: !ruby/object:Gem::Version
-  version: 0.44.4
+  version: 0.45.0
 platform: ruby
 authors:
 - dpiddy (Dan Peterson)
@@ -10,7 +10,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-03-04 00:00:00.000000000 Z
+date: 2015-03-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport