excon 0.97.2 → 0.98.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b7299d2595012ebdc3e6ea3a6e7c9478a1f541864d7fc1b1147cd7a315180d66
-  data.tar.gz: 795a5765db34fb7976fc828c34dc1787fab67f8decefbe1b1175b29ea1ac4fd5
+  metadata.gz: b980a243ce1d748881c7d985f42db2e6fc20b382597220d2c5d5541e8b3359f9
+  data.tar.gz: 2dacdc182c779be0cf4c978092baca5fef6e4fa0971369be2764b7e090830f68
 SHA512:
-  metadata.gz: 38892a1a6bc4a36111a94381ddea0df672887bbe27daa0aae92db51101a59559b30939352a6f992d3ee60f6a85434e2ee3479523e161292c0706debd0b44140c
-  data.tar.gz: 6f2a03711c7aff7137e65bb01799edc2455b359df86c42b491db42d82090397d74191ee3e72d420656adcd1295b317f7c7a031002f3f6385fd15cf9a0974c7ce
+  metadata.gz: 9495b2cf646c81eb2ab6691cbafe44ddc4842cba32abd2c849b348ad13ad0d067f8ef14babeed0cee3116bf7d7939ec68fdc5c7632455104183ea7d1dcefb938
+  data.tar.gz: bdc12e6fc203c223bad18faaa42311ed416befffe2475c74e2d164fca3a44389b55627b3178022a38b6440a54fadba1ec63b8eb42af843f28fdb731713035725

data/README.md

@@ -446,7 +446,16 @@ connection = Excon.new('https://example.com',
 
 `client_key_pass` is optional.
 
-If you already have loaded the certificate and key into memory, then pass it through like:
+Optionally, you can also pass the whole chain by passing the extra certificates through `client_chain`:
+
+```ruby
+connection = Excon.new('https://example.com',
+                       client_cert: 'mycert.pem',
+                       client_chain: 'mychain.pem',
+                       client_key: 'mycert.key')
+```
+
+If you already have loaded the certificate, key and chain into memory, then pass it through like:
 
 ```ruby
 client_cert_data = File.load 'mycert.pem'
@@ -454,6 +463,7 @@ client_key_data = File.load 'mycert.key'
 
 connection = Excon.new('https://example.com',
                        client_cert_data: client_cert_data,
+                       client_chain_data: client_chain_data,
                        client_key_data: client_key_data)
 ```
 

data/lib/excon/constants.rb

@@ -72,6 +72,8 @@ module Excon
     :client_key_pass,
     :client_cert,
     :client_cert_data,
+    :client_chain,
+    :client_chain_data,
     :certificate,
     :certificate_path,
     :disable_proxy,

data/lib/excon/ssl_socket.rb

@@ -90,6 +90,14 @@ module Excon
         else
           ssl_context.key = OpenSSL::PKey::RSA.new(client_key_data, client_key_pass)
         end
+        if client_chain_data && OpenSSL::X509::Certificate.respond_to?(:load)
+          ssl_context.extra_chain_cert = OpenSSL::X509::Certificate.load(client_chain_data)
+        elsif client_chain_data
+          certs = client_chain_data.scan(/-----BEGIN CERTIFICATE-----(?:.|\n)+?-----END CERTIFICATE-----/)
+          ssl_context.extra_chain_cert = certs.map do |cert|
+            OpenSSL::X509::Certificate.new(cert)
+          end
+        end
       elsif @data.key?(:certificate) && @data.key?(:private_key)
         ssl_context.cert = OpenSSL::X509::Certificate.new(@data[:certificate])
         if OpenSSL::PKey.respond_to? :read
@@ -171,6 +179,14 @@ module Excon
                             end
     end
 
+    def client_chain_data
+      @client_chain_data ||= if (ccd = @data[:client_chain_data])
+                               ccd
+                             elsif (path = @data[:client_chain])
+                               File.read path
+                             end
+    end
+
     def connect
       # backwards compatability for things lacking nonblock
       @nonblock = HAVE_NONBLOCK && @nonblock

data/lib/excon/version.rb

@@ -1,4 +1,4 @@
 # frozen_string_literal: true
 module Excon
-  VERSION = '0.97.2'
+  VERSION = '0.98.0'
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: excon
 version: !ruby/object:Gem::Version
-  version: 0.97.2
+  version: 0.98.0
 platform: ruby
 authors:
 - dpiddy (Dan Peterson)
@@ -10,7 +10,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2023-01-20 00:00:00.000000000 Z
+date: 2023-01-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rspec