faye-websocket 0.10.6 → 0.11.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 5b6bf17084f08c82f3d0d7ac138e98ddd2a0f059
-  data.tar.gz: 8b86e6161c6c6822f46675a8ac7644ad64257be8
+SHA256:
+  metadata.gz: 5d911cb9311b3ebcba587cea651bc49cf4ba29db10ef7b3c0b9bb7440571e39e
+  data.tar.gz: 81a0a87fd328f88730e84033ad795b28d969d12dfd7bcdd6c5f93e12b865bf44
 SHA512:
-  metadata.gz: 41099891f06201e60913915da0bec5f3420b2ebaf955a80d5c17cf7d3cab53feac35e0a7376ad301880eb5245f9e7412304c4a448abdbb4a942c535d46c780a8
-  data.tar.gz: 66350cd838a0a77e20285130c28bcbe2a197d7179c729866ec5d38d78c8635c212c57670ca2496e0d292f1279825d21624b4a341a1e64df7a8fa83f1d6ab8f60
+  metadata.gz: 7c4bc1540dcb37c6c7ed508ae0d459878fef3b66009acd26555ee63b3a7013ba262cffb6fe82120385a002e12847e5c3c33ec3c44cb7ba1e7be7e7f730b1ab05
+  data.tar.gz: 953bdb31da0463fbda511ca4b1276ce88a5e2e9273d52c34e4b13eb018d4dec41c1dbd678c8ebcad700a4230e26dc9576d89753fbebd743e743e1bdb48da394c

data/CHANGELOG.md

@@ -1,157 +1,189 @@
+### 0.11.1 / 2021-05-24
+
+- Prevent the client hanging if `close()` is called when already closing
+
+### 0.11.0 / 2020-07-31
+
+- Implement TLS certificate verification and enable it by default on client
+  connections
+- Add a `:tls` option to the client with sub-fields `:root_cert_file` and
+  `:verify_peer` for configuring TLS verification
+
+### 0.10.9 / 2019-06-13
+
+- Use the EventMachine API rather than `IO#write` to write data; this uses the
+  event loop and avoids getting blocked by slow clients
+
+### 0.10.8 / 2019-06-10
+
+- In the case of a close timeout, don't block on waiting for writing to the
+  socket to complete
+- Fix a race condition that caused a timeout not to be cancelled immediately
+  when the WebSocket is closed
+- Change license from MIT to Apache 2.0
+
+### 0.10.7 / 2017-02-22
+
+- Emit an error if `EventMachine::Connection#unbind` is called with an error
+
 ### 0.10.6 / 2017-01-22
 
-* Forcibly close the I/O stream after a timeout if the peer does not respond
+- Forcibly close the I/O stream after a timeout if the peer does not respond
   after calling `close()`
 
 ### 0.10.5 / 2016-11-12
 
-* Set the SNI hostname when making secure requests
+- Set the SNI hostname when making secure requests
 
 ### 0.10.4 / 2016-05-20
 
-* Amend warnings issued when running with -W2
+- Amend warnings issued when running with -W2
 
 ### 0.10.3 / 2016-02-24
 
-* Use `PATH_INFO` and `QUERY_STRING` rather than the non-standard `REQUEST_URI` from the Rack env
+- Use `PATH_INFO` and `QUERY_STRING` rather than the non-standard `REQUEST_URI`
+  from the Rack env
 
 ### 0.10.2 / 2015-11-26
 
-* Fix the `headers` and `status` methods on `Client`, which were broken in the
+- Fix the `headers` and `status` methods on `Client`, which were broken in the
   last release
 
 ### 0.10.1 / 2015-11-06
 
-* Make sure errors can be safely emitted if creating the driver fails
-* Prevent a race condition when binding `EM.attach` to the socket
+- Make sure errors can be safely emitted if creating the driver fails
+- Prevent a race condition when binding `EM.attach` to the socket
 
 ### 0.10.0 / 2015-07-08
 
-* Add the standard `code` and `reason` parameters to the `close` method
+- Add the standard `code` and `reason` parameters to the `close` method
 
 ### 0.9.2 / 2014-12-21
 
-* Only emit `error` once, and don't emit it after `close`
+- Only emit `error` once, and don't emit it after `close`
 
 ### 0.9.1 / 2014-12-18
 
-* Check that all options to the WebSocket constructor are recognized
+- Check that all options to the WebSocket constructor are recognized
 
 ### 0.9.0 / 2014-12-13
 
-* Allow protocol extensions to be passed into websocket-extensions
+- Allow protocol extensions to be passed into websocket-extensions
 
 ### 0.8.0 / 2014-11-08
 
-* Support connections via HTTP proxies
+- Support connections via HTTP proxies
 
 ### 0.7.5 / 2014-10-04
 
-* Allow sockets to be closed when they are in any state other than `CLOSED`
+- Allow sockets to be closed when they are in any state other than `CLOSED`
 
 ### 0.7.4 / 2014-07-06
 
-* Stop using `define_method` to implement `Event` properties, since it blows the method cache
-* Stop setup errors masking URI errors in `Client#initialize`
-* Make the Goliath adapter compatible with goliath-1.0.4.
+- Stop using `define_method` to implement `Event` properties, since it blows the
+  method cache
+- Stop setup errors masking URI errors in `Client#initialize`
+- Make the Goliath adapter compatible with goliath-1.0.4.
 
 ### 0.7.3 / 2014-04-24
 
-* Remove an unneeded method override in the `WebSocket` class
+- Remove an unneeded method override in the `WebSocket` class
 
 ### 0.7.2 / 2013-12-29
 
-* Fix WebSocket detection in cases where the web server does not produce an `env`
+- Fix WebSocket detection in cases where the web server does not produce an
+  `env`
 
 ### 0.7.1 / 2013-12-03
 
-* Support the `max_length` websocket-driver option
-* Expose a `message` property on `error` events
+- Support the `max_length` websocket-driver option
+- Expose a `message` property on `error` events
 
 ### 0.7.0 / 2013-09-09
 
-* Allow the server to send custom headers with EventSource responses
+- Allow the server to send custom headers with EventSource responses
 
 ### 0.6.3 / 2013-08-04
 
-* Stop implicitly depending on Rack 1.4
+- Stop implicitly depending on Rack 1.4
 
 ### 0.6.2 / 2013-07-05
 
-* Catch errors thrown by EventMachine and emit `error` and `close` events
+- Catch errors thrown by EventMachine and emit `error` and `close` events
 
 ### 0.6.1 / 2013-05-12
 
-* Release a gem without log and pid files in it
+- Release a gem without log and pid files in it
 
 ### 0.6.0 / 2013-05-12
 
-* Add support for custom headers
+- Add support for custom headers
 
 ### 0.5.0 / 2013-05-05
 
-* Extract the protocol handlers into the `websocket-driver` library
-* Support the `rack.hijack` API
-* Add support for Rainbows 4.5 and Puma
-* Officially support JRuby and Rubinius
+- Extract the protocol handlers into the `websocket-driver` library
+- Support the `rack.hijack` API
+- Add support for Rainbows 4.5 and Puma
+- Officially support JRuby and Rubinius
 
 ### 0.4.7 / 2013-02-14
 
-* Emit the `close` event if TCP is closed before CLOSE frame is acked
-* Treat the `Upgrade: websocket` header case-insensitively because of IE10
-* Do not suppress headers in the Thin and Rainbows adapters unless the status is `101`
+- Emit the `close` event if TCP is closed before CLOSE frame is acked
+- Treat the `Upgrade: websocket` header case-insensitively because of IE10
+- Do not suppress headers in the Thin and Rainbows adapters unless the status is
+  `101`
 
 ### 0.4.6 / 2012-07-09
 
-* Add `Connection: close` to EventSource response
+- Add `Connection: close` to EventSource response
 
 ### 0.4.5 / 2012-04-06
 
-* Add WebSocket error code `1011`.
-* Handle URLs with no path correctly by sending `GET /`
+- Add WebSocket error code `1011`.
+- Handle URLs with no path correctly by sending `GET /`
 
 ### 0.4.4 / 2012-03-16
 
-* Fix installation on JRuby with a platform-specific gem
+- Fix installation on JRuby with a platform-specific gem
 
 ### 0.4.3 / 2012-03-12
 
-* Make `extconf.rb` a no-op on JRuby
+- Make `extconf.rb` a no-op on JRuby
 
 ### 0.4.2 / 2012-03-09
 
-* Port masking-function C extension to Java for JRuby
+- Port masking-function C extension to Java for JRuby
 
 ### 0.4.1 / 2012-02-26
 
-* Treat anything other than an `Array` as a string when calling `send()`
-* Fix error loading UTF-8 validation code on Ruby 1.9 with `-Ku` flag
+- Treat anything other than an `Array` as a string when calling `send()`
+- Fix error loading UTF-8 validation code on Ruby 1.9 with `-Ku` flag
 
 ### 0.4.0 / 2012-02-13
 
-* Add `ping()` method to server-side `WebSocket` and `EventSource`
-* Buffer `send()` calls until the draft-76 handshake is complete
+- Add `ping()` method to server-side `WebSocket` and `EventSource`
+- Buffer `send()` calls until the draft-76 handshake is complete
 
 ### 0.3.0 / 2012-01-13
 
-* Add support for `EventSource` connections
-* Support the Thin, Rainbows and Goliath web servers
+- Add support for `EventSource` connections
+- Support the Thin, Rainbows and Goliath web servers
 
 ### 0.2.0 / 2011-12-21
 
-* Add support for `Sec-WebSocket-Protocol` negotiation
-* Support `hixie-76` close frames and 75/76 ignored segments
-* Improve performance of HyBi parsing/framing functions
-* Write masking function in C
+- Add support for `Sec-WebSocket-Protocol` negotiation
+- Support `hixie-76` close frames and 75/76 ignored segments
+- Improve performance of HyBi parsing/framing functions
+- Write masking function in C
 
 ### 0.1.2 / 2011-12-05
 
-* Make `hixie-76` sockets work through HAProxy
+- Make `hixie-76` sockets work through HAProxy
 
 ### 0.1.1 / 2011-11-30
 
-* Fix `add_event_listener()` interface methods
+- Fix `add_event_listener()` interface methods
 
 ### 0.1.0 / 2011-11-27
 
-* Initial release, based on WebSocket components from Faye
+- Initial release, based on WebSocket components from Faye

data/LICENSE.md

@@ -0,0 +1,12 @@
+Copyright 2010-2021 James Coglan
+
+Licensed under the Apache License, Version 2.0 (the "License"); you may not use
+this file except in compliance with the License. You may obtain a copy of the
+License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software distributed
+under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+CONDITIONS OF ANY KIND, either express or implied. See the License for the
+specific language governing permissions and limitations under the License.

data/README.md

@@ -1,10 +1,5 @@
 # faye-websocket
 
-* Travis CI build: [![Build
-  status](https://secure.travis-ci.org/faye/faye-websocket-ruby.svg)](http://travis-ci.org/faye/faye-websocket-ruby)
-* Autobahn tests: [server](http://faye.jcoglan.com/autobahn/servers/),
-  [client](http://faye.jcoglan.com/autobahn/clients/)
-
 This is a general-purpose WebSocket implementation extracted from the
 [Faye](http://faye.jcoglan.com) project. It provides classes for easily building
 WebSocket servers and clients in Ruby. It does not provide a server itself, but
@@ -22,11 +17,11 @@ access via proxies than WebSockets.
 The following web servers are supported. Other servers that implement the
 `rack.hijack` API should also work.
 
-* [Goliath](http://postrank-labs.github.com/goliath/)
-* [Phusion Passenger](https://www.phusionpassenger.com/) >= 4.0 with nginx >= 1.4
-* [Puma](http://puma.io/) >= 2.0
-* [Rainbows](http://rainbows.bogomips.org/)
-* [Thin](http://code.macournoyer.com/thin/)
+- [Goliath](http://postrank-labs.github.com/goliath/)
+- [Phusion Passenger](https://www.phusionpassenger.com/) >= 4.0 with nginx >= 1.4
+- [Puma](http://puma.io/) >= 2.0
+- [Rainbows](http://rainbows.bogomips.org/)
+- [Thin](http://code.macournoyer.com/thin/)
 
 
 ## Installation
@@ -65,7 +60,7 @@ App = lambda do |env|
 
   else
     # Normal HTTP request
-    [200, {'Content-Type' => 'text/plain'}, ['Hello']]
+    [200, { 'Content-Type' => 'text/plain' }, ['Hello']]
   end
 end
 ```
@@ -133,7 +128,7 @@ including any authorization information and custom headers you require:
 ws = Faye::WebSocket::Client.new('ws://www.example.com/', [], {
   :proxy => {
     :origin  => 'http://username:password@proxy.example.com',
-    :headers => {'User-Agent' => 'ruby'}
+    :headers => { 'User-Agent' => 'ruby' }
   }
 })
 ```
@@ -190,45 +185,78 @@ ws = Faye::WebSocket::Client.new(url, protocols, options)
 `protocols` as an array of subprotocols as described above, or `nil`. `options`
 is an optional hash containing any of these keys:
 
-* `:extensions` - an array of
+- `:extensions` - an array of
   [websocket-extensions](https://github.com/faye/websocket-extensions-ruby)
   compatible extensions, as described above
-* `:headers` - a hash containing key-value pairs representing HTTP headers to be
+- `:headers` - a hash containing key-value pairs representing HTTP headers to be
   sent during the handshake process
-* `:max_length` - the maximum allowed size of incoming message frames, in bytes.
+- `:max_length` - the maximum allowed size of incoming message frames, in bytes.
   The default value is `2^26 - 1`, or 1 byte short of 64 MiB.
-* `:ping` - an integer that sets how often the WebSocket should send ping
+- `:ping` - an integer that sets how often the WebSocket should send ping
   frames, measured in seconds
-* `:tls` - a hash containing key-value pairs for specifying TLS parameters.
+- `:tls` - a hash containing key-value pairs for specifying TLS parameters.
   These are passed along to EventMachine and you can find
   [more details here](http://rubydoc.info/gems/eventmachine/EventMachine%2FConnection%3Astart_tls)
 
+### Secure sockets
+
+Starting with version 0.11.0, `Faye::WebSocket::Client` will verify the server
+certificate for `wss` connections. This is not the default behaviour for
+EventMachine's TLS interface, and so our defaults for the `:tls` option are a
+little different.
+
+First, `:verify_peer` is enabled by default. Our implementation checks that the
+chain of certificates sent by the server is trusted by your root certificates,
+and that the final certificate's hostname matches the hostname in the request
+URL.
+
+By default, we use your system's root certificate store by invoking
+`OpenSSL::X509::Store#set_default_paths`. If you want to use a different set of
+root certificates, you can pass them via the `:root_cert_file` option, which
+takes a path or an array of paths to the certificates you want to use.
+
+```ruby
+ws = Faye::WebSocket::Client.new('wss://example.com/', [], :tls => {
+  :root_cert_file => ['path/to/certificate.pem']
+})
+```
+
+If you want to switch off certificate verification altogether, then set
+`:verify_peer` to `false`.
+
+```ruby
+ws = Faye::WebSocket::Client.new('wss://example.com/', [], :tls => {
+  :verify_peer => false
+})
+```
+
 ## WebSocket API
 
 Both the server- and client-side `WebSocket` objects support the following API:
 
-* <b>`on(:open) { |event| }`</b> fires when the socket connection is
-  established. Event has no attributes.
-* <b>`on(:message) { |event| }`</b> fires when the socket receives a message.
-  Event has one attribute, <b>`data`</b>, which is either a `String` (for text
-  frames) or an `Array` of byte-sized integers (for binary frames).
-* <b>`on(:error) { |event| }`</b> fires when there is a protocol error due to
-  bad data sent by the other peer. This event is purely informational, you do
-  not need to implement error recovery.
-* <b>`on(:close) { |event| }`</b> fires when either the client or the server
-  closes the connection. Event has two optional attributes, <b>`code`</b> and
-  <b>`reason`</b>, that expose the status code and message sent by the peer that
+- **`on(:open) { |event| }`** fires when the socket connection is established.
+  Event has no attributes.
+- **`on(:message) { |event| }`** fires when the socket receives a message. Event
+  has one attribute, **`data`**, which is either a `String` (for text frames) or
+  an `Array` of unsigned integers, i.e. integers in the range `0..255` (for
+  binary frames).
+- **`on(:error) { |event| }`** fires when there is a protocol error due to bad
+  data sent by the other peer. This event is purely informational, you do not
+  need to implement error recovery.
+- **`on(:close) { |event| }`** fires when either the client or the server closes
+  the connection. Event has two optional attributes, **`code`** and
+  **`reason`**, that expose the status code and message sent by the peer that
   closed the connection.
-* <b>`send(message)`</b> accepts either a `String` or an `Array` of byte-sized
+- **`send(message)`** accepts either a `String` or an `Array` of byte-sized
   integers and sends a text or binary message over the connection to the other
   peer; binary data must be encoded as an `Array`.
-* <b>`ping(message, &callback)`</b> sends a ping frame with an optional message
-  and fires the callback when a matching pong is received.
-* <b>`close(code, reason)`</b> closes the connection, sending the given status
-  code and reason text, both of which are optional.
-* <b>`version`</b> is a string containing the version of the `WebSocket`
-  protocol the connection is using.
-* <b>`protocol`</b> is a string (which may be empty) identifying the subprotocol
+- **`ping(message, &callback)`** sends a ping frame with an optional message and
+  fires the callback when a matching pong is received.
+- **`close(code, reason)`** closes the connection, sending the given status code
+  and reason text, both of which are optional.
+- **`version`** is a string containing the version of the `WebSocket` protocol
+  the connection is using.
+- **`protocol`** is a string (which may be empty) identifying the subprotocol
   the socket is using.
 
 
@@ -261,7 +289,7 @@ App = lambda do |env|
 
   else
     # Normal HTTP request
-    [200, {'Content-Type' => 'text/plain'}, ['Hello']]
+    [200, { 'Content-Type' => 'text/plain' }, ['Hello']]
   end
 end
 ```
@@ -276,29 +304,29 @@ es.send('Breaking News!', :event => 'notification', :id => '99')
 
 The `EventSource` object exposes the following properties:
 
-* <b>`url`</b> is a string containing the URL the client used to create the
+- **`url`** is a string containing the URL the client used to create the
   EventSource.
-* <b>`last_event_id`</b> is a string containing the last event ID received by
-  the client. You can use this when the client reconnects after a dropped
-  connection to determine which messages need resending.
+- **`last_event_id`** is a string containing the last event ID received by the
+  client. You can use this when the client reconnects after a dropped connection
+  to determine which messages need resending.
 
 When you initialize an EventSource with `Faye::EventSource.new`, you can pass
 configuration options after the `env` parameter. Available options are:
 
-* <b>`:headers`</b> is a hash containing custom headers to be set on the
+- **`:headers`** is a hash containing custom headers to be set on the
   EventSource response.
-* <b>`:retry`</b> is a number that tells the client how long (in seconds) it
-  should wait after a dropped connection before attempting to reconnect.
-* <b>`:ping`</b> is a number that tells the server how often (in seconds) to
-  send 'ping' packets to the client to keep the connection open, to defeat
-  timeouts set by proxies. The client will ignore these messages.
+- **`:retry`** is a number that tells the client how long (in seconds) it should
+  wait after a dropped connection before attempting to reconnect.
+- **`:ping`** is a number that tells the server how often (in seconds) to send
+  'ping' packets to the client to keep the connection open, to defeat timeouts
+  set by proxies. The client will ignore these messages.
 
 For example, this creates a connection that allows access from any origin, pings
 every 15 seconds and is retryable every 10 seconds if the connection is broken:
 
 ```ruby
 es = Faye::EventSource.new(es,
-  :headers => {'Access-Control-Allow-Origin' => '*'},
+  :headers => { 'Access-Control-Allow-Origin' => '*' },
   :ping    => 15,
   :retry   => 10
 )
@@ -487,27 +515,3 @@ class EchoServer < Goliath::API
   end
 end
 ```
-
-
-## License
-
-(The MIT License)
-
-Copyright (c) 2010-2017 James Coglan
-
-Permission is hereby granted, free of charge, to any person obtaining a copy of
-this software and associated documentation files (the 'Software'), to deal in
-the Software without restriction, including without limitation the rights to
-use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
-the Software, and to permit persons to whom the Software is furnished to do so,
-subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
-FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
-COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
-IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
-CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.