faye-websocket 0.10.5 → 0.11.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 5dfb25398e331800baf73b73988b88639753fac9
-  data.tar.gz: 86e8c6d23a38fa6e699be24dd0aa677a7ad29c0b
+SHA256:
+  metadata.gz: 42cb4ec90fb1f2d1fd16739908d415035255136b33c1b8100f4370417d7afeee
+  data.tar.gz: b75409884d2ac82e84a59752027085106d1995e92d9603628400b13d7214bc4d
 SHA512:
-  metadata.gz: 8900d2b969e66c6a9a338cf763c00f9c59728884ce52c7fe1034d852487c323b14bcab97b4a411761f6bd6d6af7f600f5a2de67c9275be912acbfe50598a0512
-  data.tar.gz: 6f8df7095506203c476b487383653ef28641bfba255b5febec138aa17af53f9b4e234f951e0f554107bbc461292ef4998cd91c94a0045dc470dc7236f6cfd5aa
+  metadata.gz: 23293a16e2b1068bb1bd9a7c4e7516f9031185393e50d766833fe468bff7fb3b807d69015c022f35545cf41abb3e5ff9cf96282bb797ecba0eee60cea63de428
+  data.tar.gz: 46ac66a36431ee0adc04dbe5286499c38904b79e4da3259bb42c57c49ff97736568957da641fd640fedc237f67e258d06d5cbd0abb5d3d10eaf662f991368b67

data/CHANGELOG.md

@@ -1,152 +1,185 @@
+### 0.11.0 / 2020-07-31
+
+- Implement TLS certificate verification and enable it by default on client
+  connections
+- Add a `:tls` option to the client with sub-fields `:root_cert_file` and
+  `:verify_peer` for configuring TLS verification
+
+### 0.10.9 / 2019-06-13
+
+- Use the EventMachine API rather than `IO#write` to write data; this uses the
+  event loop and avoids getting blocked by slow clients
+
+### 0.10.8 / 2019-06-10
+
+- In the case of a close timeout, don't block on waiting for writing to the
+  socket to complete
+- Fix a race condition that caused a timeout not to be cancelled immediately
+  when the WebSocket is closed
+- Change license from MIT to Apache 2.0
+
+### 0.10.7 / 2017-02-22
+
+- Emit an error if `EventMachine::Connection#unbind` is called with an error
+
+### 0.10.6 / 2017-01-22
+
+- Forcibly close the I/O stream after a timeout if the peer does not respond
+  after calling `close()`
+
 ### 0.10.5 / 2016-11-12
 
-* Set the SNI hostname when making secure requests
+- Set the SNI hostname when making secure requests
 
 ### 0.10.4 / 2016-05-20
 
-* Amend warnings issued when running with -W2
+- Amend warnings issued when running with -W2
 
 ### 0.10.3 / 2016-02-24
 
-* Use `PATH_INFO` and `QUERY_STRING` rather than the non-standard `REQUEST_URI` from the Rack env
+- Use `PATH_INFO` and `QUERY_STRING` rather than the non-standard `REQUEST_URI`
+  from the Rack env
 
 ### 0.10.2 / 2015-11-26
 
-* Fix the `headers` and `status` methods on `Client`, which were broken in the
+- Fix the `headers` and `status` methods on `Client`, which were broken in the
   last release
 
 ### 0.10.1 / 2015-11-06
 
-* Make sure errors can be safely emitted if creating the driver fails
-* Prevent a race condition when binding `EM.attach` to the socket
+- Make sure errors can be safely emitted if creating the driver fails
+- Prevent a race condition when binding `EM.attach` to the socket
 
 ### 0.10.0 / 2015-07-08
 
-* Add the standard `code` and `reason` parameters to the `close` method
+- Add the standard `code` and `reason` parameters to the `close` method
 
 ### 0.9.2 / 2014-12-21
 
-* Only emit `error` once, and don't emit it after `close`
+- Only emit `error` once, and don't emit it after `close`
 
 ### 0.9.1 / 2014-12-18
 
-* Check that all options to the WebSocket constructor are recognized
+- Check that all options to the WebSocket constructor are recognized
 
 ### 0.9.0 / 2014-12-13
 
-* Allow protocol extensions to be passed into websocket-extensions
+- Allow protocol extensions to be passed into websocket-extensions
 
 ### 0.8.0 / 2014-11-08
 
-* Support connections via HTTP proxies
+- Support connections via HTTP proxies
 
 ### 0.7.5 / 2014-10-04
 
-* Allow sockets to be closed when they are in any state other than `CLOSED`
+- Allow sockets to be closed when they are in any state other than `CLOSED`
 
 ### 0.7.4 / 2014-07-06
 
-* Stop using `define_method` to implement `Event` properties, since it blows the method cache
-* Stop setup errors masking URI errors in `Client#initialize`
-* Make the Goliath adapter compatible with goliath-1.0.4.
+- Stop using `define_method` to implement `Event` properties, since it blows the
+  method cache
+- Stop setup errors masking URI errors in `Client#initialize`
+- Make the Goliath adapter compatible with goliath-1.0.4.
 
 ### 0.7.3 / 2014-04-24
 
-* Remove an unneeded method override in the `WebSocket` class
+- Remove an unneeded method override in the `WebSocket` class
 
 ### 0.7.2 / 2013-12-29
 
-* Fix WebSocket detection in cases where the web server does not produce an `env`
+- Fix WebSocket detection in cases where the web server does not produce an
+  `env`
 
 ### 0.7.1 / 2013-12-03
 
-* Support the `max_length` websocket-driver option
-* Expose a `message` property on `error` events
+- Support the `max_length` websocket-driver option
+- Expose a `message` property on `error` events
 
 ### 0.7.0 / 2013-09-09
 
-* Allow the server to send custom headers with EventSource responses
+- Allow the server to send custom headers with EventSource responses
 
 ### 0.6.3 / 2013-08-04
 
-* Stop implicitly depending on Rack 1.4
+- Stop implicitly depending on Rack 1.4
 
 ### 0.6.2 / 2013-07-05
 
-* Catch errors thrown by EventMachine and emit `error` and `close` events
+- Catch errors thrown by EventMachine and emit `error` and `close` events
 
 ### 0.6.1 / 2013-05-12
 
-* Release a gem without log and pid files in it
+- Release a gem without log and pid files in it
 
 ### 0.6.0 / 2013-05-12
 
-* Add support for custom headers
+- Add support for custom headers
 
 ### 0.5.0 / 2013-05-05
 
-* Extract the protocol handlers into the `websocket-driver` library
-* Support the `rack.hijack` API
-* Add support for Rainbows 4.5 and Puma
-* Officially support JRuby and Rubinius
+- Extract the protocol handlers into the `websocket-driver` library
+- Support the `rack.hijack` API
+- Add support for Rainbows 4.5 and Puma
+- Officially support JRuby and Rubinius
 
 ### 0.4.7 / 2013-02-14
 
-* Emit the `close` event if TCP is closed before CLOSE frame is acked
-* Treat the `Upgrade: websocket` header case-insensitively because of IE10
-* Do not suppress headers in the Thin and Rainbows adapters unless the status is `101`
+- Emit the `close` event if TCP is closed before CLOSE frame is acked
+- Treat the `Upgrade: websocket` header case-insensitively because of IE10
+- Do not suppress headers in the Thin and Rainbows adapters unless the status is
+  `101`
 
 ### 0.4.6 / 2012-07-09
 
-* Add `Connection: close` to EventSource response
+- Add `Connection: close` to EventSource response
 
 ### 0.4.5 / 2012-04-06
 
-* Add WebSocket error code `1011`.
-* Handle URLs with no path correctly by sending `GET /`
+- Add WebSocket error code `1011`.
+- Handle URLs with no path correctly by sending `GET /`
 
 ### 0.4.4 / 2012-03-16
 
-* Fix installation on JRuby with a platform-specific gem
+- Fix installation on JRuby with a platform-specific gem
 
 ### 0.4.3 / 2012-03-12
 
-* Make `extconf.rb` a no-op on JRuby
+- Make `extconf.rb` a no-op on JRuby
 
 ### 0.4.2 / 2012-03-09
 
-* Port masking-function C extension to Java for JRuby
+- Port masking-function C extension to Java for JRuby
 
 ### 0.4.1 / 2012-02-26
 
-* Treat anything other than an `Array` as a string when calling `send()`
-* Fix error loading UTF-8 validation code on Ruby 1.9 with `-Ku` flag
+- Treat anything other than an `Array` as a string when calling `send()`
+- Fix error loading UTF-8 validation code on Ruby 1.9 with `-Ku` flag
 
 ### 0.4.0 / 2012-02-13
 
-* Add `ping()` method to server-side `WebSocket` and `EventSource`
-* Buffer `send()` calls until the draft-76 handshake is complete
+- Add `ping()` method to server-side `WebSocket` and `EventSource`
+- Buffer `send()` calls until the draft-76 handshake is complete
 
 ### 0.3.0 / 2012-01-13
 
-* Add support for `EventSource` connections
-* Support the Thin, Rainbows and Goliath web servers
+- Add support for `EventSource` connections
+- Support the Thin, Rainbows and Goliath web servers
 
 ### 0.2.0 / 2011-12-21
 
-* Add support for `Sec-WebSocket-Protocol` negotiation
-* Support `hixie-76` close frames and 75/76 ignored segments
-* Improve performance of HyBi parsing/framing functions
-* Write masking function in C
+- Add support for `Sec-WebSocket-Protocol` negotiation
+- Support `hixie-76` close frames and 75/76 ignored segments
+- Improve performance of HyBi parsing/framing functions
+- Write masking function in C
 
 ### 0.1.2 / 2011-12-05
 
-* Make `hixie-76` sockets work through HAProxy
+- Make `hixie-76` sockets work through HAProxy
 
 ### 0.1.1 / 2011-11-30
 
-* Fix `add_event_listener()` interface methods
+- Fix `add_event_listener()` interface methods
 
 ### 0.1.0 / 2011-11-27
 
-* Initial release, based on WebSocket components from Faye
+- Initial release, based on WebSocket components from Faye

data/LICENSE.md

@@ -0,0 +1,12 @@
+Copyright 2010-2020 James Coglan
+
+Licensed under the Apache License, Version 2.0 (the "License"); you may not use
+this file except in compliance with the License. You may obtain a copy of the
+License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software distributed
+under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+CONDITIONS OF ANY KIND, either express or implied. See the License for the
+specific language governing permissions and limitations under the License.

data/README.md

@@ -1,9 +1,4 @@
-# faye-websocket
-
-* Travis CI build: [![Build
-  status](https://secure.travis-ci.org/faye/faye-websocket-ruby.svg)](http://travis-ci.org/faye/faye-websocket-ruby)
-* Autobahn tests: [server](http://faye.jcoglan.com/autobahn/servers/),
-  [client](http://faye.jcoglan.com/autobahn/clients/)
+# faye-websocket [![Build status](https://secure.travis-ci.org/faye/faye-websocket-ruby.svg)](http://travis-ci.org/faye/faye-websocket-ruby)
 
 This is a general-purpose WebSocket implementation extracted from the
 [Faye](http://faye.jcoglan.com) project. It provides classes for easily building
@@ -22,11 +17,11 @@ access via proxies than WebSockets.
 The following web servers are supported. Other servers that implement the
 `rack.hijack` API should also work.
 
-* [Goliath](http://postrank-labs.github.com/goliath/)
-* [Phusion Passenger](https://www.phusionpassenger.com/) >= 4.0 with nginx >= 1.4
-* [Puma](http://puma.io/) >= 2.0
-* [Rainbows](http://rainbows.bogomips.org/)
-* [Thin](http://code.macournoyer.com/thin/)
+- [Goliath](http://postrank-labs.github.com/goliath/)
+- [Phusion Passenger](https://www.phusionpassenger.com/) >= 4.0 with nginx >= 1.4
+- [Puma](http://puma.io/) >= 2.0
+- [Rainbows](http://rainbows.bogomips.org/)
+- [Thin](http://code.macournoyer.com/thin/)
 
 
 ## Installation
@@ -65,7 +60,7 @@ App = lambda do |env|
 
   else
     # Normal HTTP request
-    [200, {'Content-Type' => 'text/plain'}, ['Hello']]
+    [200, { 'Content-Type' => 'text/plain' }, ['Hello']]
   end
 end
 ```
@@ -133,7 +128,7 @@ including any authorization information and custom headers you require:
 ws = Faye::WebSocket::Client.new('ws://www.example.com/', [], {
   :proxy => {
     :origin  => 'http://username:password@proxy.example.com',
-    :headers => {'User-Agent' => 'ruby'}
+    :headers => { 'User-Agent' => 'ruby' }
   }
 })
 ```
@@ -190,45 +185,78 @@ ws = Faye::WebSocket::Client.new(url, protocols, options)
 `protocols` as an array of subprotocols as described above, or `nil`. `options`
 is an optional hash containing any of these keys:
 
-* `:extensions` - an array of
+- `:extensions` - an array of
   [websocket-extensions](https://github.com/faye/websocket-extensions-ruby)
   compatible extensions, as described above
-* `:headers` - a hash containing key-value pairs representing HTTP headers to be
+- `:headers` - a hash containing key-value pairs representing HTTP headers to be
   sent during the handshake process
-* `:max_length` - the maximum allowed size of incoming message frames, in bytes.
+- `:max_length` - the maximum allowed size of incoming message frames, in bytes.
   The default value is `2^26 - 1`, or 1 byte short of 64 MiB.
-* `:ping` - an integer that sets how often the WebSocket should send ping
+- `:ping` - an integer that sets how often the WebSocket should send ping
   frames, measured in seconds
-* `:tls` - a hash containing key-value pairs for specifying TLS parameters.
+- `:tls` - a hash containing key-value pairs for specifying TLS parameters.
   These are passed along to EventMachine and you can find
   [more details here](http://rubydoc.info/gems/eventmachine/EventMachine%2FConnection%3Astart_tls)
 
+### Secure sockets
+
+Starting with version 0.11.0, `Faye::WebSocket::Client` will verify the server
+certificate for `wss` connections. This is not the default behaviour for
+EventMachine's TLS interface, and so our defaults for the `:tls` option are a
+little different.
+
+First, `:verify_peer` is enabled by default. Our implementation checks that the
+chain of certificates sent by the server is trusted by your root certificates,
+and that the final certificate's hostname matches the hostname in the request
+URL.
+
+By default, we use your system's root certificate store by invoking
+`OpenSSL::X509::Store#set_default_paths`. If you want to use a different set of
+root certificates, you can pass them via the `:root_cert_file` option, which
+takes a path or an array of paths to the certificates you want to use.
+
+```ruby
+ws = Faye::WebSocket::Client.new('wss://example.com/', [], :tls => {
+  :root_cert_file => ['path/to/certificate.pem']
+})
+```
+
+If you want to switch off certificate verification altogether, then set
+`:verify_peer` to `false`.
+
+```ruby
+ws = Faye::WebSocket::Client.new('wss://example.com/', [], :tls => {
+  :verify_peer => false
+})
+```
+
 ## WebSocket API
 
 Both the server- and client-side `WebSocket` objects support the following API:
 
-* <b>`on(:open) { |event| }`</b> fires when the socket connection is
-  established. Event has no attributes.
-* <b>`on(:message) { |event| }`</b> fires when the socket receives a message.
-  Event has one attribute, <b>`data`</b>, which is either a `String` (for text
-  frames) or an `Array` of byte-sized integers (for binary frames).
-* <b>`on(:error) { |event| }`</b> fires when there is a protocol error due to
-  bad data sent by the other peer. This event is purely informational, you do
-  not need to implement error recovery.
-* <b>`on(:close) { |event| }`</b> fires when either the client or the server
-  closes the connection. Event has two optional attributes, <b>`code`</b> and
-  <b>`reason`</b>, that expose the status code and message sent by the peer that
+- **`on(:open) { |event| }`** fires when the socket connection is established.
+  Event has no attributes.
+- **`on(:message) { |event| }`** fires when the socket receives a message. Event
+  has one attribute, **`data`**, which is either a `String` (for text frames) or
+  an `Array` of unsigned integers, i.e. integers in the range `0..255` (for
+  binary frames).
+- **`on(:error) { |event| }`** fires when there is a protocol error due to bad
+  data sent by the other peer. This event is purely informational, you do not
+  need to implement error recovery.
+- **`on(:close) { |event| }`** fires when either the client or the server closes
+  the connection. Event has two optional attributes, **`code`** and
+  **`reason`**, that expose the status code and message sent by the peer that
   closed the connection.
-* <b>`send(message)`</b> accepts either a `String` or an `Array` of byte-sized
+- **`send(message)`** accepts either a `String` or an `Array` of byte-sized
   integers and sends a text or binary message over the connection to the other
   peer; binary data must be encoded as an `Array`.
-* <b>`ping(message, &callback)`</b> sends a ping frame with an optional message
-  and fires the callback when a matching pong is received.
-* <b>`close(code, reason)`</b> closes the connection, sending the given status
-  code and reason text, both of which are optional.
-* <b>`version`</b> is a string containing the version of the `WebSocket`
-  protocol the connection is using.
-* <b>`protocol`</b> is a string (which may be empty) identifying the subprotocol
+- **`ping(message, &callback)`** sends a ping frame with an optional message and
+  fires the callback when a matching pong is received.
+- **`close(code, reason)`** closes the connection, sending the given status code
+  and reason text, both of which are optional.
+- **`version`** is a string containing the version of the `WebSocket` protocol
+  the connection is using.
+- **`protocol`** is a string (which may be empty) identifying the subprotocol
   the socket is using.
 
 
@@ -261,7 +289,7 @@ App = lambda do |env|
 
   else
     # Normal HTTP request
-    [200, {'Content-Type' => 'text/plain'}, ['Hello']]
+    [200, { 'Content-Type' => 'text/plain' }, ['Hello']]
   end
 end
 ```
@@ -276,29 +304,29 @@ es.send('Breaking News!', :event => 'notification', :id => '99')
 
 The `EventSource` object exposes the following properties:
 
-* <b>`url`</b> is a string containing the URL the client used to create the
+- **`url`** is a string containing the URL the client used to create the
   EventSource.
-* <b>`last_event_id`</b> is a string containing the last event ID received by
-  the client. You can use this when the client reconnects after a dropped
-  connection to determine which messages need resending.
+- **`last_event_id`** is a string containing the last event ID received by the
+  client. You can use this when the client reconnects after a dropped connection
+  to determine which messages need resending.
 
 When you initialize an EventSource with `Faye::EventSource.new`, you can pass
 configuration options after the `env` parameter. Available options are:
 
-* <b>`:headers`</b> is a hash containing custom headers to be set on the
+- **`:headers`** is a hash containing custom headers to be set on the
   EventSource response.
-* <b>`:retry`</b> is a number that tells the client how long (in seconds) it
-  should wait after a dropped connection before attempting to reconnect.
-* <b>`:ping`</b> is a number that tells the server how often (in seconds) to
-  send 'ping' packets to the client to keep the connection open, to defeat
-  timeouts set by proxies. The client will ignore these messages.
+- **`:retry`** is a number that tells the client how long (in seconds) it should
+  wait after a dropped connection before attempting to reconnect.
+- **`:ping`** is a number that tells the server how often (in seconds) to send
+  'ping' packets to the client to keep the connection open, to defeat timeouts
+  set by proxies. The client will ignore these messages.
 
 For example, this creates a connection that allows access from any origin, pings
 every 15 seconds and is retryable every 10 seconds if the connection is broken:
 
 ```ruby
 es = Faye::EventSource.new(es,
-  :headers => {'Access-Control-Allow-Origin' => '*'},
+  :headers => { 'Access-Control-Allow-Origin' => '*' },
   :ping    => 15,
   :retry   => 10
 )
@@ -487,27 +515,3 @@ class EchoServer < Goliath::API
   end
 end
 ```
-
-
-## License
-
-(The MIT License)
-
-Copyright (c) 2010-2016 James Coglan
-
-Permission is hereby granted, free of charge, to any person obtaining a copy of
-this software and associated documentation files (the 'Software'), to deal in
-the Software without restriction, including without limitation the rights to
-use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
-the Software, and to permit persons to whom the Software is furnished to do so,
-subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
-FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
-COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
-IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
-CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/lib/faye/eventsource.rb

@@ -63,7 +63,7 @@ module Faye
     end
 
   private
-    
+
     def open
       return unless @ready_state == WebSocket::API::CONNECTING
 
@@ -83,9 +83,9 @@ module Faye
                 gsub(/(\r\n|\r|\n)/, '\1data: ')
 
       frame  = ""
-      frame << "event: #{options[:event]}\r\n" if options[:event]
-      frame << "id: #{options[:id]}\r\n" if options[:id]
-      frame << "data: #{message}\r\n\r\n"
+      frame << "event: #{ options[:event] }\r\n" if options[:event]
+      frame << "id: #{ options[:id] }\r\n" if options[:id]
+      frame << "data: #{ message }\r\n\r\n"
 
       @stream.write(frame)
       true

data/lib/faye/rack_stream.rb

@@ -79,6 +79,7 @@ module Faye
     end
 
     def write(data)
+      return @rack_hijack_io_reader.send_data(data) if @rack_hijack_io_reader
       return @rack_hijack_io.write(data) if @rack_hijack_io
       return @stream_send.call(data) if @stream_send
     rescue => e

data/lib/faye/websocket.rb

@@ -17,9 +17,10 @@ module Faye
   class WebSocket
     root = File.expand_path('../websocket', __FILE__)
 
-    autoload :Adapter, root + '/adapter'
-    autoload :API,     root + '/api'
-    autoload :Client,  root + '/client'
+    autoload :Adapter,      root + '/adapter'
+    autoload :API,          root + '/api'
+    autoload :Client,       root + '/client'
+    autoload :SslVerifier,  root + '/ssl_verifier'
 
     ADAPTERS = {
       'goliath'  => :Goliath,
@@ -44,7 +45,7 @@ module Faye
     def self.load_adapter(backend)
       const = Kernel.const_get(ADAPTERS[backend]) rescue nil
       require(backend) unless const
-      path = File.expand_path("../adapters/#{backend}.rb", __FILE__)
+      path = File.expand_path("../adapters/#{ backend }.rb", __FILE__)
       require(path) if File.file?(path)
     end
 

data/lib/faye/websocket/api.rb

@@ -10,6 +10,8 @@ module Faye
       CLOSING    = 2
       CLOSED     = 3
 
+      CLOSE_TIMEOUT = 30
+
       include EventTarget
 
       extend Forwardable
@@ -36,12 +38,12 @@ module Faye
         @ping_id         = 0
         @buffered_amount = 0
 
-        @close_params = @ping_timer = @proxy = @stream = nil
+        @close_params = @close_timer = @ping_timer = @proxy = @stream = nil
         @onopen = @onmessage = @onclose = @onerror = nil
 
         @driver.on(:open)    { |e| open }
         @driver.on(:message) { |e| receive_message(e.data) }
-        @driver.on(:close)   { |e| begin_close(e.reason, e.code) }
+        @driver.on(:close)   { |e| begin_close(e.reason, e.code, :wait_for_write => true) }
 
         @driver.on(:error) do |error|
           emit_error(error.message)
@@ -81,10 +83,12 @@ module Faye
         unless code == 1000 or (code >= 3000 and code <= 4999)
           raise ArgumentError, "Failed to execute 'close' on WebSocket: " +
                                "The code must be either 1000, or between 3000 and 4999. " +
-                               "#{code} is neither."
+                               "#{ code } is neither."
         end
 
         @ready_state = CLOSING unless @ready_state == CLOSED
+        @close_timer = EventMachine.add_timer(CLOSE_TIMEOUT) { begin_close('', 1006) }
+
         @driver.close(reason, code)
       end
 
@@ -117,13 +121,17 @@ module Faye
         dispatch_event(event)
       end
 
-      def begin_close(reason, code)
+      def begin_close(reason, code, options = {})
         return if @ready_state == CLOSED
         @ready_state = CLOSING
         @close_params = [reason, code]
 
         if @stream
-          @stream.close_connection_after_writing
+          if options[:wait_for_write]
+            @stream.close_connection_after_writing
+          else
+            @stream.close_connection
+          end
         else
           finalize_close
         end
@@ -133,6 +141,7 @@ module Faye
         return if @ready_state == CLOSED
         @ready_state = CLOSED
 
+        EventMachine.cancel_timer(@close_timer) if @close_timer
         EventMachine.cancel_timer(@ping_timer) if @ping_timer
 
         reason = @close_params ? @close_params[0] : ''

data/lib/faye/websocket/api/event.rb

@@ -10,7 +10,7 @@ module Faye::WebSocket::API
 
     def initialize(event_type, options)
       @type = event_type
-      options.each { |key, value| instance_variable_set("@#{key}", value) }
+      options.each { |key, value| instance_variable_set("@#{ key }", value) }
     end
 
     def init_event(event_type, can_bubble, cancelable)

data/lib/faye/websocket/api/event_target.rb

@@ -5,10 +5,10 @@ module Faye::WebSocket::API
     events = %w[open message error close]
 
     events.each do |event_type|
-      define_method "on#{event_type}=" do |handler|
+      define_method "on#{ event_type }=" do |handler|
         EventMachine.next_tick do
           flush(event_type, handler)
-          instance_variable_set("@on#{event_type}", handler)
+          instance_variable_set("@on#{ event_type }", handler)
         end
       end
     end

data/lib/faye/websocket/client.rb

@@ -7,7 +7,7 @@ module Faye
       extend Forwardable
       include API
 
-      DEFAULT_PORTS    = {'http' => 80, 'https' => 443, 'ws' => 80, 'wss' => 443}
+      DEFAULT_PORTS    = { 'http' => 80, 'https' => 443, 'ws' => 80, 'wss' => 443 }
       SECURE_PROTOCOLS = ['https', 'wss']
 
       def_delegators :@driver, :headers, :status
@@ -17,58 +17,72 @@ module Faye
         super(options) { ::WebSocket::Driver.client(self, :max_length => options[:max_length], :protocols => protocols) }
 
         proxy       = options.fetch(:proxy, {})
-        endpoint    = URI.parse(proxy[:origin] || @url)
-        port        = endpoint.port || DEFAULT_PORTS[endpoint.scheme]
-        @secure     = SECURE_PROTOCOLS.include?(endpoint.scheme)
+        @endpoint   = URI.parse(proxy[:origin] || @url)
+        port        = @endpoint.port || DEFAULT_PORTS[@endpoint.scheme]
         @origin_tls = options.fetch(:tls, {})
         @socket_tls = proxy[:origin] ? proxy.fetch(:tls, {}) : @origin_tls
 
-        if proxy[:origin]
-          @proxy = @driver.proxy(proxy[:origin])
-          if headers = proxy[:headers]
-            headers.each { |name, value| @proxy.set_header(name, value) }
-          end
+        configure_proxy(proxy)
 
-          @proxy.on(:connect) do
-            uri    = URI.parse(@url)
-            secure = SECURE_PROTOCOLS.include?(uri.scheme)
-            @proxy = nil
+        EventMachine.connect(@endpoint.host, port, Connection) do |conn|
+          conn.parent = self
+        end
+      rescue => error
+        on_network_error(error)
+      end
 
-            if secure
-              origin_tls = {:sni_hostname => uri.host}.merge(@origin_tls)
-              @stream.start_tls(origin_tls)
-            end
+    private
+
+      def configure_proxy(proxy)
+        return unless proxy[:origin]
 
-            @driver.start
-          end
+        @proxy = @driver.proxy(proxy[:origin])
+        @proxy.on(:error) { |error| @driver.emit(:error, error) }
 
-          @proxy.on(:error) do |error|
-            @driver.emit(:error, error)
-          end
+        if headers = proxy[:headers]
+          headers.each { |name, value| @proxy.set_header(name, value) }
         end
 
-        EventMachine.connect(endpoint.host, port, Connection) do |conn|
-          conn.parent = self
+        @proxy.on(:connect) do
+          @proxy = nil
+          start_tls(URI.parse(@url), @origin_tls)
+          @driver.start
         end
-      rescue => error
-        emit_error("Network error: #{url}: #{error.message}")
-        finalize_close
       end
 
-    private
+      def start_tls(uri, options)
+        return unless SECURE_PROTOCOLS.include?(uri.scheme)
+
+        tls_options = { :sni_hostname => uri.host, :verify_peer => true }.merge(options)
+        @ssl_verifier = SslVerifier.new(uri.host, tls_options)
+        @stream.start_tls(tls_options)
+      end
 
       def on_connect(stream)
         @stream = stream
-
-        if @secure
-          socket_tls = {:sni_hostname => URI.parse(@url).host}.merge(@socket_tls)
-          @stream.start_tls(socket_tls)
-        end
+        start_tls(@endpoint, @socket_tls)
 
         worker = @proxy || @driver
         worker.start
       end
 
+      def on_network_error(error)
+        emit_error("Network error: #{ @url }: #{ error.message }")
+        finalize_close
+      end
+
+      def ssl_verify_peer(cert)
+        @ssl_verifier.ssl_verify_peer(cert)
+      rescue => error
+        on_network_error(error)
+      end
+
+      def ssl_handshake_completed
+        @ssl_verifier.ssl_handshake_completed
+      rescue => error
+        on_network_error(error)
+      end
+
       module Connection
         attr_accessor :parent
 
@@ -76,11 +90,20 @@ module Faye
           parent.__send__(:on_connect, self)
         end
 
+        def ssl_verify_peer(cert)
+          parent.__send__(:ssl_verify_peer, cert)
+        end
+
+        def ssl_handshake_completed
+          parent.__send__(:ssl_handshake_completed)
+        end
+
         def receive_data(data)
           parent.__send__(:parse, data)
         end
 
-        def unbind
+        def unbind(error = nil)
+          parent.__send__(:emit_error, error) if error
           parent.__send__(:finalize_close)
         end
 

data/lib/faye/websocket/ssl_verifier.rb

@@ -0,0 +1,89 @@
+# This code is based on the implementation in Faraday:
+#
+#     https://github.com/lostisland/faraday/blob/v1.0.1/lib/faraday/adapter/em_http_ssl_patch.rb
+#
+# Faraday is published under the MIT license as detailed here:
+#
+#     https://github.com/lostisland/faraday/blob/v1.0.1/LICENSE.md
+#
+# Copyright (c) 2009-2019 Rick Olson, Zack Hobson
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+
+require 'openssl'
+
+module Faye
+  class WebSocket
+
+    SSLError = Class.new(OpenSSL::SSL::SSLError)
+
+    class SslVerifier
+      def initialize(hostname, ssl_opts)
+        @hostname   = hostname
+        @ssl_opts   = ssl_opts
+        @cert_store = OpenSSL::X509::Store.new
+
+        if root = @ssl_opts[:root_cert_file]
+          [root].flatten.each { |ca_path| @cert_store.add_file(ca_path) }
+        else
+          @cert_store.set_default_paths
+        end
+      end
+
+      def ssl_verify_peer(cert_text)
+        return true unless should_verify?
+
+        certificate = parse_cert(cert_text)
+        return false unless certificate
+
+        unless @cert_store.verify(certificate)
+          raise SSLError, "Unable to verify the server certificate for '#{ @hostname }'"
+        end
+
+        store_cert(certificate)
+        @last_cert = certificate
+
+        true
+      end
+
+      def ssl_handshake_completed
+        return unless should_verify?
+
+        unless identity_verified?
+          raise SSLError, "Host '#{ @hostname }' does not match the server certificate"
+        end
+      end
+
+    private
+
+      def should_verify?
+        @ssl_opts[:verify_peer] != false
+      end
+
+      def parse_cert(cert_text)
+        OpenSSL::X509::Certificate.new(cert_text)
+      rescue OpenSSL::X509::CertificateError
+        nil
+      end
+
+      def store_cert(certificate)
+        @cert_store.add_cert(certificate)
+      rescue OpenSSL::X509::StoreError => error
+        raise error unless error.message == 'cert already in hash table'
+      end
+
+      def identity_verified?
+        @last_cert and OpenSSL::SSL.verify_certificate_identity(@last_cert, @hostname)
+      end
+    end
+
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: faye-websocket
 version: !ruby/object:Gem::Version
-  version: 0.10.5
+  version: 0.11.0
 platform: ruby
 authors:
 - James Coglan
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2016-11-12 00:00:00.000000000 Z
+date: 2020-07-31 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: eventmachine
@@ -66,20 +66,6 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-- !ruby/object:Gem::Dependency
-  name: public_suffix
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "<"
-      - !ruby/object:Gem::Version
-        version: 1.5.0
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "<"
-      - !ruby/object:Gem::Version
-        version: 1.5.0
 - !ruby/object:Gem::Dependency
   name: puma
   requirement: !ruby/object:Gem::Requirement
@@ -168,14 +154,14 @@ dependencies:
   name: goliath
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - ">"
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - ">"
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
@@ -192,7 +178,7 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: 4.0.0
-description: 
+description:
 email: jcoglan@gmail.com
 executables: []
 extensions: []
@@ -200,17 +186,8 @@ extra_rdoc_files:
 - README.md
 files:
 - CHANGELOG.md
+- LICENSE.md
 - README.md
-- examples/app.rb
-- examples/autobahn_client.rb
-- examples/client.rb
-- examples/config.ru
-- examples/haproxy.conf
-- examples/proxy_server.rb
-- examples/rainbows.conf
-- examples/server.rb
-- examples/sse.html
-- examples/ws.html
 - lib/faye/adapters/goliath.rb
 - lib/faye/adapters/rainbows.rb
 - lib/faye/adapters/rainbows_client.rb
@@ -223,11 +200,12 @@ files:
 - lib/faye/websocket/api/event.rb
 - lib/faye/websocket/api/event_target.rb
 - lib/faye/websocket/client.rb
+- lib/faye/websocket/ssl_verifier.rb
 homepage: https://github.com/faye/faye-websocket-ruby
 licenses:
-- MIT
+- Apache-2.0
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options:
 - "--main"
 - README.md
@@ -246,9 +224,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.5.1
-signing_key: 
+rubygems_version: 3.1.2
+signing_key:
 specification_version: 4
 summary: Standards-compliant WebSocket server and client
 test_files: []

data/examples/app.rb

@@ -1,54 +0,0 @@
-require 'faye/websocket'
-require 'permessage_deflate'
-require 'rack'
-
-static  = Rack::File.new(File.dirname(__FILE__))
-options = {:extensions => [PermessageDeflate], :ping => 5}
-
-App = lambda do |env|
-  if Faye::WebSocket.websocket?(env)
-    ws = Faye::WebSocket.new(env, ['irc', 'xmpp'], options)
-    p [:open, ws.url, ws.version, ws.protocol]
-
-    ws.onmessage = lambda do |event|
-      ws.send(event.data)
-    end
-
-    ws.onclose = lambda do |event|
-      p [:close, event.code, event.reason]
-      ws = nil
-    end
-
-    ws.rack_response
-
-  elsif Faye::EventSource.eventsource?(env)
-    es   = Faye::EventSource.new(env)
-    time = es.last_event_id.to_i
-
-    p [:open, es.url, es.last_event_id]
-
-    loop = EM.add_periodic_timer(2) do
-      time += 1
-      es.send("Time: #{time}")
-      EM.add_timer(1) do
-        es.send('Update!!', :event => 'update', :id => time) if es
-      end
-    end
-
-    es.send("Welcome!\n\nThis is an EventSource server.")
-
-    es.onclose = lambda do |event|
-      EM.cancel_timer(loop)
-      p [:close, es.url]
-      es = nil
-    end
-
-    es.rack_response
-
-  else
-    static.call(env)
-  end
-end
-
-def App.log(message)
-end

data/examples/autobahn_client.rb

@@ -1,48 +0,0 @@
-require 'rubygems'
-require 'bundler/setup'
-require 'cgi'
-require 'faye/websocket'
-require 'permessage_deflate'
-require 'progressbar'
-
-EM.run {
-  host    = 'ws://localhost:9001'
-  ruby    = RUBY_PLATFORM =~ /java/ ? 'jruby' : 'cruby'
-  agent   = CGI.escape("#{ruby}-#{RUBY_VERSION}")
-  cases   = 0
-  options = {:extensions => [PermessageDeflate]}
-
-  socket   = Faye::WebSocket::Client.new("#{host}/getCaseCount")
-  progress = nil
-
-  socket.onmessage = lambda do |event|
-    puts "Total cases to run: #{event.data}"
-    cases = event.data.to_i
-    progress = ProgressBar.new('Autobahn', cases)
-  end
-
-  run_case = lambda do |n|
-    if n > cases
-      socket = Faye::WebSocket::Client.new("#{host}/updateReports?agent=#{agent}")
-      progress.finish
-      socket.onclose = lambda { |e| EM.stop }
-      next
-    end
-
-    url = "#{host}/runCase?case=#{n}&agent=#{agent}"
-    socket = Faye::WebSocket::Client.new(url, [], options)
-
-    socket.onmessage = lambda do |event|
-      socket.send(event.data)
-    end
-
-    socket.on :close do |event|
-      progress.inc
-      run_case[n + 1]
-    end
-  end
-
-  socket.onclose = lambda do |event|
-    run_case[1]
-  end
-}

data/examples/client.rb

@@ -1,34 +0,0 @@
-require 'rubygems'
-require 'bundler/setup'
-require 'faye/websocket'
-require 'eventmachine'
-require 'permessage_deflate'
-
-EM.run {
-  url   = ARGV[0]
-  proxy = ARGV[1]
-
-  ws = Faye::WebSocket::Client.new(url, [],
-    :proxy      => {:origin => proxy, :headers => {'User-Agent' => 'Echo'}},
-    :headers    => {'Origin' => 'http://faye.jcoglan.com'},
-    :extensions => [PermessageDeflate]
-  )
-
-  ws.onopen = lambda do |event|
-    p [:open, ws.headers]
-    ws.send('mic check')
-  end
-
-  ws.onclose = lambda do |close|
-    p [:close, close.code, close.reason]
-    EM.stop
-  end
-
-  ws.onerror = lambda do |error|
-    p [:error, error.message]
-  end
-
-  ws.onmessage = lambda do |message|
-    p [:message, message.data]
-  end
-}

data/examples/config.ru

@@ -1,13 +0,0 @@
-# Run using your favourite server:
-#
-#     thin start -R examples/config.ru -p 7000
-#     rainbows -c examples/rainbows.conf -E production examples/config.ru -p 7000
-
-require 'rubygems'
-require 'bundler/setup'
-require File.expand_path('../app', __FILE__)
-
-Faye::WebSocket.load_adapter('thin')
-Faye::WebSocket.load_adapter('rainbows')
-
-run App

data/examples/haproxy.conf

@@ -1,20 +0,0 @@
-defaults
-   mode http
-   timeout client  5s
-   timeout connect 5s
-   timeout server  5s
-
-frontend all 0.0.0.0:3000
-   mode http
-   timeout client 120s
-
-   option forwardfor
-   option http-server-close
-   option http-pretend-keepalive
-
-   default_backend sockets
-
-backend sockets
-   balance uri depth 2
-   timeout server  120s
-   server socket1 127.0.0.1:7000

data/examples/proxy_server.rb

@@ -1,14 +0,0 @@
-require 'rubygems'
-require 'bundler/setup'
-require 'eventmachine'
-require 'websocket/driver'
-
-require File.expand_path('../../spec/proxy_server', __FILE__)
-
-port   = ARGV[0]
-secure = ARGV[1] == 'tls'
-
-EM.run {
-  proxy = ProxyServer.new(:debug => true)
-  proxy.listen(port, secure)
-}

data/examples/rainbows.conf

@@ -1,3 +0,0 @@
-Rainbows! do
-  use :EventMachine
-end

data/examples/server.rb

@@ -1,50 +0,0 @@
-require 'rubygems'
-require 'bundler/setup'
-require 'rack/content_length'
-require 'rack/chunked'
-
-port   = ARGV[0] || 7000
-secure = ARGV[1] == 'tls'
-engine = ARGV[2] || 'thin'
-spec   = File.expand_path('../../spec', __FILE__)
-
-require File.expand_path('../app', __FILE__)
-Faye::WebSocket.load_adapter(engine)
-
-case engine
-
-when 'goliath'
-  class WebSocketServer < Goliath::API
-    def response(env)
-      App.call(env)
-    end
-  end
-
-when 'puma'
-  events = Puma::Events.new($stdout, $stderr)
-  binder = Puma::Binder.new(events)
-  binder.parse(["tcp://0.0.0.0:#{port}"], App)
-  server = Puma::Server.new(App, events)
-  server.binder = binder
-  server.run.join
-
-when 'rainbows'
-  rackup = Unicorn::Configurator::RACKUP
-  rackup[:port] = port
-  rackup[:set_listener] = true
-  options = rackup[:options]
-  options[:config_file] = File.expand_path('../rainbows.conf', __FILE__)
-  Rainbows::HttpServer.new(App, options).start.join
-
-when 'thin'
-  thin = Rack::Handler.get('thin')
-  thin.run(App, :Port => port) do |server|
-    if secure
-      server.ssl_options = {
-        :private_key_file => spec + '/server.key',
-        :cert_chain_file  => spec + '/server.crt'
-      }
-      server.ssl = true
-    end
-  end
-end

data/examples/sse.html

@@ -1,38 +0,0 @@
-<!doctype html>
-<html>
-  <head>
-    <meta http-equiv="Content-type" content="text/html; charset=utf-8">
-    <title>EventSource test</title>
-  </head>
-  <body>
-
-    <h1>EventSource test</h1>
-    <ul></ul>
-
-    <script type="text/javascript">
-      var logger = document.getElementsByTagName('ul')[0],
-          socket = new EventSource('/');
-
-      var log = function(text) {
-        logger.innerHTML += '<li>' + text + '</li>';
-      };
-
-      socket.onopen = function() {
-        log('OPEN');
-      };
-
-      socket.onmessage = function(event) {
-        log('MESSAGE: ' + event.data);
-      };
-
-      socket.addEventListener('update', function(event) {
-        log('UPDATE(' + event.lastEventId + '): ' + event.data);
-      });
-
-      socket.onerror = function(event) {
-        log('ERROR: ' + event.message);
-      };
-    </script>
-
-  </body>
-</html>

data/examples/ws.html

@@ -1,43 +0,0 @@
-<!doctype html>
-<html>
-  <head>
-    <meta http-equiv="Content-type" content="text/html; charset=utf-8">
-    <title>WebSocket test</title>
-  </head>
-  <body>
-
-    <h1>WebSocket test</h1>
-    <ul></ul>
-
-    <script type="text/javascript">
-      var logger = document.getElementsByTagName('ul')[0],
-          Socket = window.MozWebSocket || window.WebSocket,
-          protos = ['foo', 'bar', 'xmpp'],
-          socket = new Socket('ws://' + location.hostname + ':' + location.port + '/', protos),
-          index  = 0;
-
-      var log = function(text) {
-        logger.innerHTML += '<li>' + text + '</li>';
-      };
-
-      socket.addEventListener('open', function() {
-        log('OPEN: ' + socket.protocol);
-        socket.send('Hello, world');
-      });
-
-      socket.onerror = function(event) {
-        log('ERROR: ' + event.message);
-      };
-
-      socket.onmessage = function(event) {
-        log('MESSAGE: ' + event.data);
-        setTimeout(function() { socket.send(++index + ' ' + event.data) }, 2000);
-      };
-
-      socket.onclose = function(event) {
-        log('CLOSE: ' + event.code + ', ' + event.reason);
-      };
-    </script>
-
-  </body>
-</html>