httpclient 2.7.0 → 2.7.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 95c951cb65bd356f98db7a576bbedfd059e2cbd1
4
- data.tar.gz: c507088b33276d2fb7a905efef7bfa0999d5de5c
3
+ metadata.gz: e7236cf89169c32802c8800f4f679904f1f24e95
4
+ data.tar.gz: 8096cd3b370e83a391239e6daa2657c3efa79e45
5
5
  SHA512:
6
- metadata.gz: a44aee123f0c187b7441fa1585bc473ef4bd4cdfd6407230c13903513e07416621ddfa4935875e9849efeefbda366c121444a55ded21ca961ed26c5621d236d6
7
- data.tar.gz: ef09f5103bbbf1aa257dbb3fc76abd7b7cd226986052ef70f778a18267fef38deff783f055a8ea29047efc3109cbdd0e8b12a3690c356e96473f3d30096e5121
6
+ metadata.gz: 60008ef0e10fa99bf0255cc7d78228af00eb25b457963d4108f942871925a41b0d71d90e697d66e2373b38d913349a198cd4cb818e8104536aa1670c7213d83e
7
+ data.tar.gz: 859e12aadea51b63e5892ea0b162472a36bc75b683ec4b2fde065fda8f29a45e2d17aa1f7283773cd76e17f0f4b8f2a0a4ecf7c4d99900ae96a14bbd15dbaac9
@@ -442,9 +442,10 @@ unless defined?(SSLSocket)
442
442
  new(socket, session.dest, session.ssl_config, session.debug_dev)
443
443
  end
444
444
 
445
+ DEFAULT_SSL_PROTOCOL = 'TLS'
445
446
  def initialize(socket, dest, config, debug_dev = nil)
446
447
  if config.ssl_version == :auto
447
- ssl_version = 'TLSv1'
448
+ ssl_version = DEFAULT_SSL_PROTOCOL
448
449
  else
449
450
  ssl_version = config.to_s.gsub(/_/, '.')
450
451
  end
@@ -485,13 +486,17 @@ unless defined?(SSLSocket)
485
486
  factory = ctx.getSocketFactory
486
487
  begin
487
488
  ssl_socket = factory.createSocket(socket, dest.host, dest.port, true)
488
- ssl_socket.setEnabledProtocols([ssl_version].to_java(java.lang.String))
489
+ ssl_socket.setEnabledProtocols([ssl_version].to_java(java.lang.String)) if ssl_version != DEFAULT_SSL_PROTOCOL
489
490
  if config.ciphers != SSLConfig::CIPHERS_DEFAULT
490
491
  ssl_socket.setEnabledCipherSuites(config.ciphers.to_java(java.lang.String))
491
492
  end
492
493
  ssl_socket.startHandshake
493
- @peer_cert = JavaCertificate.new(ssl_socket.getSession.getPeerCertificates.first)
494
- @ciphersuite = ssl_socket.getSession.getCipherSuite
494
+ ssl_session = ssl_socket.getSession
495
+ @peer_cert = JavaCertificate.new(ssl_session.getPeerCertificates.first)
496
+ if $DEBUG
497
+ warn("Protocol version: #{ssl_session.getProtocol}")
498
+ warn("Cipher: #{ssl_socket.getSession.getCipherSuite}")
499
+ end
495
500
  post_connection_check(dest.host, @peer_cert)
496
501
  rescue java.security.GeneralSecurityException => e
497
502
  raise OpenSSL::SSL::SSLError.new(e.getMessage)
@@ -508,10 +513,6 @@ unless defined?(SSLSocket)
508
513
  @peer_cert
509
514
  end
510
515
 
511
- def ciphersuite
512
- @ciphersuite
513
- end
514
-
515
516
  private
516
517
 
517
518
  def post_connection_check(hostname, wrap_cert)
@@ -26,6 +26,12 @@ class HTTPClient
26
26
  # like Web browsers. 'httpclient/cacert.pem' is downloaded from curl web
27
27
  # site by the author and included in released package.
28
28
  #
29
+ # On JRuby, HTTPClient uses Java runtime's trusted CA certificates, not
30
+ # cacert.pem by default. You can load cacert.pem by calling
31
+ # SSLConfig#load_trust_ca manually like:
32
+ #
33
+ # HTTPClient.new { self.ssl_config.load_trust_ca }.get("https://...")
34
+ #
29
35
  # You may want to change trust anchor by yourself. Call clear_cert_store
30
36
  # then add_trust_ca for that purpose.
31
37
  class SSLConfig
@@ -437,9 +443,10 @@ class HTTPClient
437
443
  def load_cacerts(cert_store)
438
444
  ver = OpenSSL::OPENSSL_VERSION
439
445
  if (ver.start_with?('OpenSSL 1.0.1') && ver >= 'OpenSSL 1.0.1p') ||
440
- (ver.start_with?('OpenSSL ') && ver >= 'OpenSSL 1.0.2d')
446
+ (ver.start_with?('OpenSSL ') && ver >= 'OpenSSL 1.0.2d') || defined?(JRuby)
441
447
  filename = 'cacert.pem'
442
448
  else
449
+ warn("RSA 1024 bit CA certificates are loaded due to old openssl compatibility")
443
450
  filename = 'cacert1024.pem'
444
451
  end
445
452
  file = File.join(File.dirname(__FILE__), filename)
@@ -49,7 +49,6 @@ class HTTPClient
49
49
  warn("Protocol version: #{@ssl_socket.ssl_version}")
50
50
  end
51
51
  warn("Cipher: #{@ssl_socket.cipher.inspect}")
52
- warn("State: #{@ssl_socket.state}")
53
52
  end
54
53
  post_connection_check(hostname)
55
54
  end
@@ -1,3 +1,3 @@
1
1
  class HTTPClient
2
- VERSION = '2.7.0'
2
+ VERSION = '2.7.0.1'
3
3
  end
@@ -236,6 +236,18 @@ end
236
236
  end
237
237
  end
238
238
 
239
+ def test_use_higher_TLS
240
+ omit('TODO: it does not pass with Java 7 or old openssl ')
241
+ teardown_server
242
+ setup_server_with_ssl_version(:TLSv1_2)
243
+ assert_nothing_raised do
244
+ @client.ssl_config.verify_mode = nil
245
+ @client.get("https://localhost:#{serverport}/hello")
246
+ # TODO: should check JRubySSLSocket.ssl_socket.getSession.getProtocol
247
+ # but it's not thread safe. How can I return protocol version to the caller?
248
+ end
249
+ end
250
+
239
251
  private
240
252
 
241
253
  def cert(filename)
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: httpclient
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.7.0
4
+ version: 2.7.0.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Hiroshi Nakamura
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2015-11-05 00:00:00.000000000 Z
11
+ date: 2015-11-07 00:00:00.000000000 Z
12
12
  dependencies: []
13
13
  description:
14
14
  email: nahi@ruby-lang.org