httpclient 2.7.0 → 2.7.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/httpclient/jruby_ssl_socket.rb +9 -8
- data/lib/httpclient/ssl_config.rb +8 -1
- data/lib/httpclient/ssl_socket.rb +0 -1
- data/lib/httpclient/version.rb +1 -1
- data/test/test_ssl.rb +12 -0
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: e7236cf89169c32802c8800f4f679904f1f24e95
|
|
4
|
+
data.tar.gz: 8096cd3b370e83a391239e6daa2657c3efa79e45
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 60008ef0e10fa99bf0255cc7d78228af00eb25b457963d4108f942871925a41b0d71d90e697d66e2373b38d913349a198cd4cb818e8104536aa1670c7213d83e
|
|
7
|
+
data.tar.gz: 859e12aadea51b63e5892ea0b162472a36bc75b683ec4b2fde065fda8f29a45e2d17aa1f7283773cd76e17f0f4b8f2a0a4ecf7c4d99900ae96a14bbd15dbaac9
|
|
@@ -442,9 +442,10 @@ unless defined?(SSLSocket)
|
|
|
442
442
|
new(socket, session.dest, session.ssl_config, session.debug_dev)
|
|
443
443
|
end
|
|
444
444
|
|
|
445
|
+
DEFAULT_SSL_PROTOCOL = 'TLS'
|
|
445
446
|
def initialize(socket, dest, config, debug_dev = nil)
|
|
446
447
|
if config.ssl_version == :auto
|
|
447
|
-
ssl_version =
|
|
448
|
+
ssl_version = DEFAULT_SSL_PROTOCOL
|
|
448
449
|
else
|
|
449
450
|
ssl_version = config.to_s.gsub(/_/, '.')
|
|
450
451
|
end
|
|
@@ -485,13 +486,17 @@ unless defined?(SSLSocket)
|
|
|
485
486
|
factory = ctx.getSocketFactory
|
|
486
487
|
begin
|
|
487
488
|
ssl_socket = factory.createSocket(socket, dest.host, dest.port, true)
|
|
488
|
-
ssl_socket.setEnabledProtocols([ssl_version].to_java(java.lang.String))
|
|
489
|
+
ssl_socket.setEnabledProtocols([ssl_version].to_java(java.lang.String)) if ssl_version != DEFAULT_SSL_PROTOCOL
|
|
489
490
|
if config.ciphers != SSLConfig::CIPHERS_DEFAULT
|
|
490
491
|
ssl_socket.setEnabledCipherSuites(config.ciphers.to_java(java.lang.String))
|
|
491
492
|
end
|
|
492
493
|
ssl_socket.startHandshake
|
|
493
|
-
|
|
494
|
-
@
|
|
494
|
+
ssl_session = ssl_socket.getSession
|
|
495
|
+
@peer_cert = JavaCertificate.new(ssl_session.getPeerCertificates.first)
|
|
496
|
+
if $DEBUG
|
|
497
|
+
warn("Protocol version: #{ssl_session.getProtocol}")
|
|
498
|
+
warn("Cipher: #{ssl_socket.getSession.getCipherSuite}")
|
|
499
|
+
end
|
|
495
500
|
post_connection_check(dest.host, @peer_cert)
|
|
496
501
|
rescue java.security.GeneralSecurityException => e
|
|
497
502
|
raise OpenSSL::SSL::SSLError.new(e.getMessage)
|
|
@@ -508,10 +513,6 @@ unless defined?(SSLSocket)
|
|
|
508
513
|
@peer_cert
|
|
509
514
|
end
|
|
510
515
|
|
|
511
|
-
def ciphersuite
|
|
512
|
-
@ciphersuite
|
|
513
|
-
end
|
|
514
|
-
|
|
515
516
|
private
|
|
516
517
|
|
|
517
518
|
def post_connection_check(hostname, wrap_cert)
|
|
@@ -26,6 +26,12 @@ class HTTPClient
|
|
|
26
26
|
# like Web browsers. 'httpclient/cacert.pem' is downloaded from curl web
|
|
27
27
|
# site by the author and included in released package.
|
|
28
28
|
#
|
|
29
|
+
# On JRuby, HTTPClient uses Java runtime's trusted CA certificates, not
|
|
30
|
+
# cacert.pem by default. You can load cacert.pem by calling
|
|
31
|
+
# SSLConfig#load_trust_ca manually like:
|
|
32
|
+
#
|
|
33
|
+
# HTTPClient.new { self.ssl_config.load_trust_ca }.get("https://...")
|
|
34
|
+
#
|
|
29
35
|
# You may want to change trust anchor by yourself. Call clear_cert_store
|
|
30
36
|
# then add_trust_ca for that purpose.
|
|
31
37
|
class SSLConfig
|
|
@@ -437,9 +443,10 @@ class HTTPClient
|
|
|
437
443
|
def load_cacerts(cert_store)
|
|
438
444
|
ver = OpenSSL::OPENSSL_VERSION
|
|
439
445
|
if (ver.start_with?('OpenSSL 1.0.1') && ver >= 'OpenSSL 1.0.1p') ||
|
|
440
|
-
(ver.start_with?('OpenSSL ') && ver >= 'OpenSSL 1.0.2d')
|
|
446
|
+
(ver.start_with?('OpenSSL ') && ver >= 'OpenSSL 1.0.2d') || defined?(JRuby)
|
|
441
447
|
filename = 'cacert.pem'
|
|
442
448
|
else
|
|
449
|
+
warn("RSA 1024 bit CA certificates are loaded due to old openssl compatibility")
|
|
443
450
|
filename = 'cacert1024.pem'
|
|
444
451
|
end
|
|
445
452
|
file = File.join(File.dirname(__FILE__), filename)
|
data/lib/httpclient/version.rb
CHANGED
data/test/test_ssl.rb
CHANGED
|
@@ -236,6 +236,18 @@ end
|
|
|
236
236
|
end
|
|
237
237
|
end
|
|
238
238
|
|
|
239
|
+
def test_use_higher_TLS
|
|
240
|
+
omit('TODO: it does not pass with Java 7 or old openssl ')
|
|
241
|
+
teardown_server
|
|
242
|
+
setup_server_with_ssl_version(:TLSv1_2)
|
|
243
|
+
assert_nothing_raised do
|
|
244
|
+
@client.ssl_config.verify_mode = nil
|
|
245
|
+
@client.get("https://localhost:#{serverport}/hello")
|
|
246
|
+
# TODO: should check JRubySSLSocket.ssl_socket.getSession.getProtocol
|
|
247
|
+
# but it's not thread safe. How can I return protocol version to the caller?
|
|
248
|
+
end
|
|
249
|
+
end
|
|
250
|
+
|
|
239
251
|
private
|
|
240
252
|
|
|
241
253
|
def cert(filename)
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: httpclient
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.7.0
|
|
4
|
+
version: 2.7.0.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Hiroshi Nakamura
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2015-11-
|
|
11
|
+
date: 2015-11-07 00:00:00.000000000 Z
|
|
12
12
|
dependencies: []
|
|
13
13
|
description:
|
|
14
14
|
email: nahi@ruby-lang.org
|