httpclient 2.8.2.4 → 2.9.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/lib/hexdump.rb +12 -12
- data/lib/httpclient/http.rb +8 -8
- data/lib/httpclient/jruby_ssl_socket.rb +90 -39
- data/lib/httpclient/session.rb +13 -7
- data/lib/httpclient/ssl_config.rb +75 -123
- data/lib/httpclient/ssl_socket.rb +26 -24
- data/lib/httpclient/util.rb +1 -1
- data/lib/httpclient/version.rb +1 -1
- data/lib/httpclient.rb +7 -1
- data/lib/jsonclient.rb +8 -5
- data/sample/auth.rb +1 -1
- data/sample/generate_test_keys.rb +99 -0
- data/test/ca-chain.pem +32 -36
- data/test/ca.cert +16 -19
- data/test/ca.key +27 -0
- data/test/ca.srl +1 -0
- data/test/client-pass.key +30 -18
- data/test/client.cert +17 -16
- data/test/client.key +25 -13
- data/test/fixtures/verify.alt.cert +20 -0
- data/test/fixtures/verify.foo.cert +20 -0
- data/test/fixtures/verify.key +27 -0
- data/test/fixtures/verify.localhost.cert +20 -0
- data/test/helper.rb +5 -7
- data/test/jruby_ssl_socket/test_pemutils.rb +32 -0
- data/test/server.cert +16 -15
- data/test/server.key +25 -13
- data/test/subca.cert +16 -17
- data/test/subca.key +27 -0
- data/test/subca.srl +1 -0
- data/test/test_auth.rb +21 -17
- data/test/test_hexdump.rb +1 -2
- data/test/test_http-access2.rb +31 -23
- data/test/test_httpclient.rb +69 -58
- data/test/test_jsonclient.rb +18 -0
- data/test/test_ssl.rb +99 -90
- metadata +32 -9
data/test/test_ssl.rb
CHANGED
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
require File.expand_path('helper', File.dirname(__FILE__))
|
|
2
2
|
require 'webrick/https'
|
|
3
|
+
require 'time'
|
|
3
4
|
|
|
4
5
|
|
|
5
6
|
class TestSSL < Test::Unit::TestCase
|
|
@@ -7,6 +8,8 @@ class TestSSL < Test::Unit::TestCase
|
|
|
7
8
|
|
|
8
9
|
DIR = File.dirname(File.expand_path(__FILE__))
|
|
9
10
|
|
|
11
|
+
OPENSSL_VERSION = Integer(OpenSSL::OPENSSL_LIBRARY_VERSION.match(/OpenSSL (\d+)\./)[1])
|
|
12
|
+
|
|
10
13
|
def setup
|
|
11
14
|
super
|
|
12
15
|
@serverpid = @client = nil
|
|
@@ -24,6 +27,10 @@ class TestSSL < Test::Unit::TestCase
|
|
|
24
27
|
File.expand_path(filename, DIR)
|
|
25
28
|
end
|
|
26
29
|
|
|
30
|
+
def read_path(filename)
|
|
31
|
+
File.read(path(filename))
|
|
32
|
+
end
|
|
33
|
+
|
|
27
34
|
def test_proxy_ssl
|
|
28
35
|
setup_proxyserver
|
|
29
36
|
escape_noproxy do
|
|
@@ -31,7 +38,7 @@ class TestSSL < Test::Unit::TestCase
|
|
|
31
38
|
@client.ssl_config.set_client_cert_file(path('client.cert'), path('client.key'))
|
|
32
39
|
@client.ssl_config.add_trust_ca(path('ca.cert'))
|
|
33
40
|
@client.ssl_config.add_trust_ca(path('subca.cert'))
|
|
34
|
-
@client.debug_dev = str = ""
|
|
41
|
+
@client.debug_dev = str = "".dup
|
|
35
42
|
assert_equal(200, @client.get(@url).status)
|
|
36
43
|
assert(/accept/ =~ @proxyio.string, 'proxy is not used')
|
|
37
44
|
assert(/Host: localhost:#{serverport}/ =~ str)
|
|
@@ -70,7 +77,7 @@ unless defined?(HTTPClient::JRubySSLSocket)
|
|
|
70
77
|
end
|
|
71
78
|
|
|
72
79
|
def test_debug_dev
|
|
73
|
-
str = @client.debug_dev = ''
|
|
80
|
+
str = @client.debug_dev = ''.dup
|
|
74
81
|
cfg = @client.ssl_config
|
|
75
82
|
cfg.client_cert = path("client.cert")
|
|
76
83
|
cfg.client_key = path("client.key")
|
|
@@ -81,13 +88,14 @@ end
|
|
|
81
88
|
end
|
|
82
89
|
|
|
83
90
|
def test_verification_without_httpclient
|
|
84
|
-
raw_cert = "-----BEGIN CERTIFICATE-----\
|
|
85
|
-
raw_ca_cert = "-----BEGIN CERTIFICATE-----\
|
|
91
|
+
raw_cert = "-----BEGIN CERTIFICATE-----\nMIIDKDCCAhCgAwIBAgIBAjANBgkqhkiG9w0BAQUFADA8MQswCQYDVQQGDAJKUDES\nMBAGA1UECgwJSklOLkdSLkpQMQwwCgYDVQQLDANSUlIxCzAJBgNVBAMMAkNBMB4X\nDTA0MDEzMTAzMTQ1OFoXDTM1MDEyMzAzMTQ1OFowZTELMAkGA1UEBgwCSlAxEjAQ\nBgNVBAoMCUpJTi5HUi5KUDEMMAoGA1UECwwDUlJSMRAwDgYDVQQDDAdleGFtcGxl\nMSIwIAYJKoZIhvcNAQkBDBNleGFtcGxlQGV4YW1wbGUub3JnMIGfMA0GCSqGSIb3\nDQEBAQUAA4GNADCBiQKBgQDRWssrK8Gyr+500hpLjCGR3+AHL8/hEJM5zKi/MgLW\njTkvsgOwbYwXOiNtAbR9y4/ucDq7EY+cMUMHES4uFaPTcOaAV0aZRmk8AgslN1tQ\ngNS6ew7/Luq3DcVeWkX8PYgR9VG0mD1MPfJ6+IFA5d3vKpdBkBgN4l46jjO0/2Xf\newIDAQABo4GPMIGMMAwGA1UdEwEB/wQCMAAwMQYJYIZIAYb4QgENBCQWIlJ1Ynkv\nT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFOFvay0H7lr2\nxUx6waYEV2bVDYQhMAsGA1UdDwQEAwIF4DAdBgNVHSUEFjAUBggrBgEFBQcDAgYI\nKwYBBQUHAwQwDQYJKoZIhvcNAQEFBQADggEBABd2dYWqbDIWf5sWFvslezxJv8gI\nw64KCJBuyJAiDuf+oazr3016kMzAlt97KecLZDusGNagPrq02UX7YMoQFsWJBans\ncDtHrkM0al5r6/WGexNMgtYbNTYzt/IwodISGBgZ6dsOuhznwms+IBsTNDAvWeLP\nlt2tOqD8kEmjwMgn0GDRuKjs4EoboA3kMULb1p9akDV9ZESU3eOtpS5/G5J5msLI\n9WXbYBjcjvkLuJH9VsJhb+R58Vl0ViemvAHhPilSl1SPWVunGhv6FcIkdBEi1k9F\ne8BNMmsEjFiANiIRvpdLRbiGBt0KrKTndVfsmoKCvY48oCOvnzxtahFxfs8=\n-----END CERTIFICATE-----"
|
|
92
|
+
raw_ca_cert = "-----BEGIN CERTIFICATE-----\nMIID0DCCArigAwIBAgIBADANBgkqhkiG9w0BAQUFADA8MQswCQYDVQQGDAJKUDES\nMBAGA1UECgwJSklOLkdSLkpQMQwwCgYDVQQLDANSUlIxCzAJBgNVBAMMAkNBMB4X\nDTA0MDEzMDAwNDIzMloXDTM2MDEyMjAwNDIzMlowPDELMAkGA1UEBgwCSlAxEjAQ\nBgNVBAoMCUpJTi5HUi5KUDEMMAoGA1UECwwDUlJSMQswCQYDVQQDDAJDQTCCASIw\nDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANbv0x42BTKFEQOE+KJ2XmiSdZpR\nwjzQLAkPLRnLB98tlzs4xo+y4RyY/rd5TT9UzBJTIhP8CJi5GbS1oXEerQXB3P0d\nL5oSSMwGGyuIzgZe5+vZ1kgzQxMEKMMKlzA73rbMd4Jx3u5+jdbP0EDrPYfXSvLY\nbS04n2aX7zrN3x5KdDrNBfwBio2/qeaaj4+9OxnwRvYP3WOvqdW0h329eMfHw0pi\nJI0drIVdsEqClUV4pebT/F+CPUPkEh/weySgo9wANockkYu5ujw2GbLFcO5LXxxm\ndEfcVr3r6t6zOA4bJwL0W/e6LBcrwiG/qPDFErhwtgTLYf6Er67SzLyA66UCAwEA\nAaOB3DCB2TAPBgNVHRMBAf8EBTADAQH/MDEGCWCGSAGG+EIBDQQkFiJSdWJ5L09w\nZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBRJ7Xd380KzBV7f\nUSKIQ+O/vKbhDzAOBgNVHQ8BAf8EBAMCAQYwZAYDVR0jBF0wW4AUSe13d/NCswVe\n31EiiEPjv7ym4Q+hQKQ+MDwxCzAJBgNVBAYMAkpQMRIwEAYDVQQKDAlKSU4uR1Iu\nSlAxDDAKBgNVBAsMA1JSUjELMAkGA1UEAwwCQ0GCAQAwDQYJKoZIhvcNAQEFBQAD\nggEBAIu/mfiez5XN5tn2jScgShPgHEFJBR0BTJBZF6xCk0jyqNx/g9HMj2ELCuK+\nr/Y7KFW5c5M3AQ+xWW0ZSc4kvzyTcV7yTVIwj2jZ9ddYMN3nupZFgBK1GB4Y05GY\nMJJFRkSu6d/Ph5ypzBVw2YMT/nsOo5VwMUGLgS7YVjU+u/HNWz80J3oO17mNZllj\nPvORJcnjwlroDnS58KoJ7GDgejv3ESWADvX1OHLE4cRkiQGeLoEU4pxdCxXRqX0U\nPbwIkZN9mXVcrmPHq8MWi4eC/V7hnbZETMHuWhUoiNdOEfsAXr3iP4KjyyRdwc7a\nd/xgcK06UVQRL/HbEYGiQL056mc=\n-----END CERTIFICATE-----"
|
|
86
93
|
ca_cert = ::OpenSSL::X509::Certificate.new(raw_ca_cert)
|
|
87
94
|
cert = ::OpenSSL::X509::Certificate.new(raw_cert)
|
|
88
95
|
store = ::OpenSSL::X509::Store.new
|
|
89
96
|
store.add_cert(ca_cert)
|
|
90
|
-
|
|
97
|
+
store.time = Time.new(2017, 01, 01)
|
|
98
|
+
assert(store.verify(cert), "Verify failed: #{store.error_string}, #{store.error}")
|
|
91
99
|
end
|
|
92
100
|
|
|
93
101
|
def test_verification
|
|
@@ -246,6 +254,7 @@ end
|
|
|
246
254
|
end
|
|
247
255
|
|
|
248
256
|
def test_no_sslv3
|
|
257
|
+
omit('TODO: SSLv3 is not supported in many environments. re-enable when disable TLSv1')
|
|
249
258
|
teardown_server
|
|
250
259
|
setup_server_with_ssl_version(:SSLv3)
|
|
251
260
|
assert_raise(OpenSSL::SSL::SSLError) do
|
|
@@ -254,17 +263,29 @@ end
|
|
|
254
263
|
end
|
|
255
264
|
end
|
|
256
265
|
|
|
257
|
-
|
|
258
|
-
|
|
259
|
-
|
|
260
|
-
|
|
261
|
-
|
|
262
|
-
|
|
266
|
+
if OPENSSL_VERSION < 3
|
|
267
|
+
def test_allow_tlsv1
|
|
268
|
+
teardown_server
|
|
269
|
+
setup_server_with_ssl_version(:TLSv1)
|
|
270
|
+
assert_nothing_raised do
|
|
271
|
+
@client.ssl_config.verify_mode = nil
|
|
272
|
+
@client.get("https://localhost:#{serverport}/hello")
|
|
273
|
+
end
|
|
274
|
+
end
|
|
275
|
+
else
|
|
276
|
+
def test_disallow_tlsv1
|
|
277
|
+
teardown_server
|
|
278
|
+
setup_server_with_ssl_version(:TLSv1)
|
|
279
|
+
ssle = assert_raise(OpenSSL::SSL::SSLError) do
|
|
280
|
+
@client.ssl_config.verify_mode = nil
|
|
281
|
+
@client.get("https://localhost:#{serverport}/hello")
|
|
282
|
+
end
|
|
283
|
+
assert_match(/tlsv1 alert protocol version/, ssle.message)
|
|
263
284
|
end
|
|
264
285
|
end
|
|
265
286
|
|
|
266
287
|
def test_use_higher_TLS
|
|
267
|
-
omit('TODO: it does not pass with Java 7 or old openssl
|
|
288
|
+
omit('TODO: it does not pass with Java 7 or old openssl')
|
|
268
289
|
teardown_server
|
|
269
290
|
setup_server_with_ssl_version('TLSv1_2')
|
|
270
291
|
assert_nothing_raised do
|
|
@@ -275,78 +296,14 @@ end
|
|
|
275
296
|
end
|
|
276
297
|
end
|
|
277
298
|
|
|
278
|
-
VERIFY_TEST_CERT_LOCALHOST = OpenSSL::X509::Certificate.new(<<-EOS)
|
|
279
|
-
-----BEGIN CERTIFICATE-----
|
|
280
|
-
MIIB9jCCAV+gAwIBAgIJAIH8Gsm4PcNKMA0GCSqGSIb3DQEBCwUAMBQxEjAQBgNV
|
|
281
|
-
BAMMCWxvY2FsaG9zdDAeFw0xNjA4MTgxMDI2MDVaFw00NDAxMDMxMDI2MDVaMBQx
|
|
282
|
-
EjAQBgNVBAMMCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
|
|
283
|
-
p7D8q0lcx5EZEV5+zPnQsxrbft5xyhH/MCStbH46DRATGPNSOaLRCG5r8gTKQzpD
|
|
284
|
-
4swGrQFYe2ienQ+7o4aEHErsXp4O/EmDKeiXWWrMqPr23r3HOBDebuynC/sCwy7N
|
|
285
|
-
epnX9u1VLB03eo+suj4d86OoOF+o11t9ZP+GA29Rsf8CAwEAAaNQME4wHQYDVR0O
|
|
286
|
-
BBYEFIxsJuPVvd5KKFcAvHGSeKSsWiUJMB8GA1UdIwQYMBaAFIxsJuPVvd5KKFcA
|
|
287
|
-
vHGSeKSsWiUJMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADgYEAMJaVCrrM
|
|
288
|
-
SM2I06Vr4BL+jtDFhZh3HmJFEDpwEFQ5Y9hduwdUGRBGCpkuea3fE2FKwWW9gLM1
|
|
289
|
-
w7rFMzYFtCEqm78dJWIU79MRy0wjO4LgtYfoikgBh6JKWuV5ed/+L3sLyLG0ZTtv
|
|
290
|
-
lrD7lzDtXgwvj007PxDoYRp3JwYzKRmTbH8=
|
|
291
|
-
-----END CERTIFICATE-----
|
|
292
|
-
EOS
|
|
293
|
-
|
|
294
|
-
VERIFY_TEST_CERT_FOO_DOMAIN = OpenSSL::X509::Certificate.new(<<-EOS)
|
|
295
|
-
-----BEGIN CERTIFICATE-----
|
|
296
|
-
MIIB8jCCAVugAwIBAgIJAL/od7Whx7VTMA0GCSqGSIb3DQEBCwUAMBIxEDAOBgNV
|
|
297
|
-
BAMMB2Zvby5jb20wHhcNMTYwODE4MTAyMzUyWhcNNDQwMTAzMTAyMzUyWjASMRAw
|
|
298
|
-
DgYDVQQDDAdmb28uY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCnsPyr
|
|
299
|
-
SVzHkRkRXn7M+dCzGtt+3nHKEf8wJK1sfjoNEBMY81I5otEIbmvyBMpDOkPizAat
|
|
300
|
-
AVh7aJ6dD7ujhoQcSuxeng78SYMp6JdZasyo+vbevcc4EN5u7KcL+wLDLs16mdf2
|
|
301
|
-
7VUsHTd6j6y6Ph3zo6g4X6jXW31k/4YDb1Gx/wIDAQABo1AwTjAdBgNVHQ4EFgQU
|
|
302
|
-
jGwm49W93kooVwC8cZJ4pKxaJQkwHwYDVR0jBBgwFoAUjGwm49W93kooVwC8cZJ4
|
|
303
|
-
pKxaJQkwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOBgQCVKTvfxx+yezuR
|
|
304
|
-
5WpVKw1E9qabKOYFB5TqdHMHreRubMJTaoZC+YzhcCwtyLlAA9+axKINAiMM8T+z
|
|
305
|
-
jjfOHQSa2GS2TaaVDJWmXIgsAlEbjd2BEiQF0LZYGJRG9pyq0WbTV+CyFdrghjcO
|
|
306
|
-
xX/t7OG7NfOG9dhv3J+5SX10S5V5Dg==
|
|
307
|
-
-----END CERTIFICATE-----
|
|
308
|
-
EOS
|
|
309
|
-
|
|
310
|
-
VERIFY_TEST_CERT_ALT_NAME = OpenSSL::X509::Certificate.new(<<-EOS)
|
|
311
|
-
-----BEGIN CERTIFICATE-----
|
|
312
|
-
MIICDDCCAXWgAwIBAgIJAOxXY4nOwxhGMA0GCSqGSIb3DQEBCwUAMBQxEjAQBgNV
|
|
313
|
-
BAMMCWxvY2FsaG9zdDAeFw0xNjA4MTgxMDM0NTJaFw00NDAxMDMxMDM0NTJaMBQx
|
|
314
|
-
EjAQBgNVBAMMCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
|
|
315
|
-
p7D8q0lcx5EZEV5+zPnQsxrbft5xyhH/MCStbH46DRATGPNSOaLRCG5r8gTKQzpD
|
|
316
|
-
4swGrQFYe2ienQ+7o4aEHErsXp4O/EmDKeiXWWrMqPr23r3HOBDebuynC/sCwy7N
|
|
317
|
-
epnX9u1VLB03eo+suj4d86OoOF+o11t9ZP+GA29Rsf8CAwEAAaNmMGQwFAYDVR0R
|
|
318
|
-
BA0wC4IJKi5mb28uY29tMB0GA1UdDgQWBBSMbCbj1b3eSihXALxxknikrFolCTAf
|
|
319
|
-
BgNVHSMEGDAWgBSMbCbj1b3eSihXALxxknikrFolCTAMBgNVHRMEBTADAQH/MA0G
|
|
320
|
-
CSqGSIb3DQEBCwUAA4GBADJlKNFuOnsDIhHGW72HuQw4naN6lM3eZE9JJ+UF/XIF
|
|
321
|
-
ghGtgqw+00Yy5wMFc1K2Wm4p5NymmDfC/P1FOe34bpxt9/IWm6mEoIWoodC3N4Cm
|
|
322
|
-
PtnSS1/CRWzVIPGMglTGGDcUc70tfeAWgyTxgcNQd4vTFtnN0f0RDdaXa8kfKMTw
|
|
323
|
-
-----END CERTIFICATE-----
|
|
324
|
-
EOS
|
|
325
|
-
|
|
326
|
-
VERIFY_TEST_PKEY = OpenSSL::PKey::RSA.new(<<-EOS)
|
|
327
|
-
-----BEGIN RSA PRIVATE KEY-----
|
|
328
|
-
MIICXQIBAAKBgQCnsPyrSVzHkRkRXn7M+dCzGtt+3nHKEf8wJK1sfjoNEBMY81I5
|
|
329
|
-
otEIbmvyBMpDOkPizAatAVh7aJ6dD7ujhoQcSuxeng78SYMp6JdZasyo+vbevcc4
|
|
330
|
-
EN5u7KcL+wLDLs16mdf27VUsHTd6j6y6Ph3zo6g4X6jXW31k/4YDb1Gx/wIDAQAB
|
|
331
|
-
AoGAe0RHx+WKtQx8/96VmTl951qzxMPho2etTYd4kAsNwzJwx2N9qu57eBYrdWF+
|
|
332
|
-
CQMYievucFhP4Y+bINtC1Eb6btz9TCUwjCfeIxfGRoFf3cxVmxlsRJJmN1kSZlu1
|
|
333
|
-
yYlcMVuP4noeFIMQBRrt5pyLCx2Z9A01NCQT4Y6VoREBIeECQQDWeNhsL6xkrmdB
|
|
334
|
-
M9+zl+SqHdNKhgKwMdp74+UNnAV9I8GB7bGlOWhc83aqMLgS+JBDFXcmNF/KawTR
|
|
335
|
-
zcnkod5xAkEAyClFgr3lZQSnwUwoA/AOcyW0+H63taaaXS/g8n3H8ENK6kL4ldUx
|
|
336
|
-
IgCk2ekbQ5Y3S2WScIGXNxMOza9MlsOvbwJAPUtoPvMZB+U4KVBT/JXKijvf6QqH
|
|
337
|
-
tidpU8L78XnHr84KPcHa5WeUxgvmvBkUYoebYzC9TrPlNIqFZBi2PJtuYQJBAMda
|
|
338
|
-
E5j7eJT75fhm2RPS6xFT5MH5sw6AOA3HucrJ63AoFVzsBpl0E9NBwO4ndLgDzF6T
|
|
339
|
-
cx4Kc4iuunewuB8QFpECQQCfvsHCjIJ/X4kiqeBzxDq2GR/oDgQkOzY+4H9U7Lwl
|
|
340
|
-
e61RBaxk5OHOA0bLtvJblV6NL72ZEZhX60wAWbrOPhpT
|
|
341
|
-
-----END RSA PRIVATE KEY-----
|
|
342
|
-
EOS
|
|
343
|
-
|
|
344
299
|
def test_post_connection_check
|
|
345
300
|
teardown_server
|
|
346
|
-
setup_server_with_server_cert(
|
|
347
|
-
|
|
348
|
-
|
|
349
|
-
|
|
301
|
+
setup_server_with_server_cert(
|
|
302
|
+
nil,
|
|
303
|
+
OpenSSL::X509::Certificate.new(read_path("fixtures/verify.localhost.cert")),
|
|
304
|
+
OpenSSL::PKey::RSA.new(read_path("fixtures/verify.key")),
|
|
305
|
+
)
|
|
306
|
+
@client.ssl_config.add_trust_ca(path("fixtures/verify.localhost.cert"))
|
|
350
307
|
assert_nothing_raised do
|
|
351
308
|
@client.get("https://localhost:#{serverport}/hello")
|
|
352
309
|
end
|
|
@@ -357,9 +314,12 @@ e61RBaxk5OHOA0bLtvJblV6NL72ZEZhX60wAWbrOPhpT
|
|
|
357
314
|
@client.ssl_config.verify_mode = OpenSSL::SSL::VERIFY_PEER
|
|
358
315
|
|
|
359
316
|
teardown_server
|
|
360
|
-
setup_server_with_server_cert(
|
|
361
|
-
|
|
362
|
-
|
|
317
|
+
setup_server_with_server_cert(
|
|
318
|
+
nil,
|
|
319
|
+
OpenSSL::X509::Certificate.new(read_path("fixtures/verify.foo.cert")),
|
|
320
|
+
OpenSSL::PKey::RSA.new(read_path("fixtures/verify.key")),
|
|
321
|
+
)
|
|
322
|
+
@client.ssl_config.add_trust_ca(path("fixtures/verify.foo.cert"))
|
|
363
323
|
assert_raises(OpenSSL::SSL::SSLError) do
|
|
364
324
|
@client.get("https://localhost:#{serverport}/hello")
|
|
365
325
|
end
|
|
@@ -370,9 +330,12 @@ e61RBaxk5OHOA0bLtvJblV6NL72ZEZhX60wAWbrOPhpT
|
|
|
370
330
|
@client.ssl_config.verify_mode = OpenSSL::SSL::VERIFY_PEER
|
|
371
331
|
|
|
372
332
|
teardown_server
|
|
373
|
-
setup_server_with_server_cert(
|
|
374
|
-
|
|
375
|
-
|
|
333
|
+
setup_server_with_server_cert(
|
|
334
|
+
nil,
|
|
335
|
+
OpenSSL::X509::Certificate.new(read_path("fixtures/verify.alt.cert")),
|
|
336
|
+
OpenSSL::PKey::RSA.new(read_path("fixtures/verify.key")),
|
|
337
|
+
)
|
|
338
|
+
@client.ssl_config.add_trust_ca(path("fixtures/verify.alt.cert"))
|
|
376
339
|
assert_raises(OpenSSL::SSL::SSLError) do
|
|
377
340
|
@client.get("https://localhost:#{serverport}/hello")
|
|
378
341
|
end
|
|
@@ -385,7 +348,46 @@ e61RBaxk5OHOA0bLtvJblV6NL72ZEZhX60wAWbrOPhpT
|
|
|
385
348
|
|
|
386
349
|
def test_x509_store_add_cert_prepend
|
|
387
350
|
store = OpenSSL::X509::Store.new
|
|
388
|
-
assert_equal(store, store.add_cert(OpenSSL::X509::Certificate.new(
|
|
351
|
+
assert_equal(store, store.add_cert(OpenSSL::X509::Certificate.new(read_path("fixtures/verify.localhost.cert"))))
|
|
352
|
+
end
|
|
353
|
+
|
|
354
|
+
def test_tcp_keepalive
|
|
355
|
+
@client.tcp_keepalive = true
|
|
356
|
+
@client.ssl_config.add_trust_ca(path('ca-chain.pem'))
|
|
357
|
+
@client.get_content(@url)
|
|
358
|
+
|
|
359
|
+
# expecting HTTP keepalive caches the socket
|
|
360
|
+
session = @client.instance_variable_get(:@session_manager).send(:get_cached_session, HTTPClient::Site.new(URI.parse(@url)))
|
|
361
|
+
socket = session.instance_variable_get(:@socket).instance_variable_get(:@socket)
|
|
362
|
+
|
|
363
|
+
assert_true(session.tcp_keepalive)
|
|
364
|
+
if RUBY_ENGINE == 'jruby'
|
|
365
|
+
assert_true(socket.getKeepAlive())
|
|
366
|
+
else
|
|
367
|
+
assert_equal(Socket::SO_KEEPALIVE, socket.getsockopt(Socket::SOL_SOCKET, Socket::SO_KEEPALIVE).optname)
|
|
368
|
+
end
|
|
369
|
+
end
|
|
370
|
+
|
|
371
|
+
def test_timeout
|
|
372
|
+
url = "https://localhost:#{serverport}/"
|
|
373
|
+
@client.ssl_config.add_trust_ca(path('ca-chain.pem'))
|
|
374
|
+
assert_equal('sleep', @client.get_content(url + 'sleep?sec=2'))
|
|
375
|
+
@client.receive_timeout = 1
|
|
376
|
+
@client.reset_all
|
|
377
|
+
assert_equal('sleep', @client.get_content(url + 'sleep?sec=0'))
|
|
378
|
+
|
|
379
|
+
start = Time.now
|
|
380
|
+
assert_raise(HTTPClient::ReceiveTimeoutError) do
|
|
381
|
+
@client.get_content(url + 'sleep?sec=5')
|
|
382
|
+
end
|
|
383
|
+
if Time.now - start > 3
|
|
384
|
+
# before #342 it detected timeout when IO was freed
|
|
385
|
+
fail 'timeout does not work'
|
|
386
|
+
end
|
|
387
|
+
|
|
388
|
+
@client.receive_timeout = 3
|
|
389
|
+
@client.reset_all
|
|
390
|
+
assert_equal('sleep', @client.get_content(url + 'sleep?sec=2'))
|
|
389
391
|
end
|
|
390
392
|
|
|
391
393
|
private
|
|
@@ -420,7 +422,7 @@ private
|
|
|
420
422
|
:SSLCertName => nil
|
|
421
423
|
)
|
|
422
424
|
@serverport = @server.config[:Port]
|
|
423
|
-
[:hello].each do |sym|
|
|
425
|
+
[:hello, :sleep].each do |sym|
|
|
424
426
|
@server.mount(
|
|
425
427
|
"/#{sym}",
|
|
426
428
|
WEBrick::HTTPServlet::ProcHandler.new(method("do_#{sym}").to_proc)
|
|
@@ -490,6 +492,13 @@ private
|
|
|
490
492
|
res.body = "hello"
|
|
491
493
|
end
|
|
492
494
|
|
|
495
|
+
def do_sleep(req, res)
|
|
496
|
+
sec = req.query['sec'].to_i
|
|
497
|
+
sleep sec
|
|
498
|
+
res['content-type'] = 'text/html'
|
|
499
|
+
res.body = "sleep"
|
|
500
|
+
end
|
|
501
|
+
|
|
493
502
|
def start_server_thread(server)
|
|
494
503
|
t = Thread.new {
|
|
495
504
|
Thread.current.abort_on_exception = true
|
metadata
CHANGED
|
@@ -1,16 +1,30 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: httpclient
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.
|
|
4
|
+
version: 2.9.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Hiroshi Nakamura
|
|
8
|
-
autorequire:
|
|
8
|
+
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
12
|
-
dependencies:
|
|
13
|
-
|
|
11
|
+
date: 2025-02-22 00:00:00.000000000 Z
|
|
12
|
+
dependencies:
|
|
13
|
+
- !ruby/object:Gem::Dependency
|
|
14
|
+
name: mutex_m
|
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
|
16
|
+
requirements:
|
|
17
|
+
- - ">="
|
|
18
|
+
- !ruby/object:Gem::Version
|
|
19
|
+
version: '0'
|
|
20
|
+
type: :runtime
|
|
21
|
+
prerelease: false
|
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
23
|
+
requirements:
|
|
24
|
+
- - ">="
|
|
25
|
+
- !ruby/object:Gem::Version
|
|
26
|
+
version: '0'
|
|
27
|
+
description:
|
|
14
28
|
email: nahi@ruby-lang.org
|
|
15
29
|
executables:
|
|
16
30
|
- httpclient
|
|
@@ -46,6 +60,7 @@ files:
|
|
|
46
60
|
- sample/auth.rb
|
|
47
61
|
- sample/cookie.rb
|
|
48
62
|
- sample/dav.rb
|
|
63
|
+
- sample/generate_test_keys.rb
|
|
49
64
|
- sample/howto.rb
|
|
50
65
|
- sample/jsonclient.rb
|
|
51
66
|
- sample/oauth_buzz.rb
|
|
@@ -63,17 +78,26 @@ files:
|
|
|
63
78
|
- sample/wcat.rb
|
|
64
79
|
- test/ca-chain.pem
|
|
65
80
|
- test/ca.cert
|
|
81
|
+
- test/ca.key
|
|
82
|
+
- test/ca.srl
|
|
66
83
|
- test/client-pass.key
|
|
67
84
|
- test/client.cert
|
|
68
85
|
- test/client.key
|
|
86
|
+
- test/fixtures/verify.alt.cert
|
|
87
|
+
- test/fixtures/verify.foo.cert
|
|
88
|
+
- test/fixtures/verify.key
|
|
89
|
+
- test/fixtures/verify.localhost.cert
|
|
69
90
|
- test/helper.rb
|
|
70
91
|
- test/htdigest
|
|
71
92
|
- test/htpasswd
|
|
93
|
+
- test/jruby_ssl_socket/test_pemutils.rb
|
|
72
94
|
- test/runner.rb
|
|
73
95
|
- test/server.cert
|
|
74
96
|
- test/server.key
|
|
75
97
|
- test/sslsvr.rb
|
|
76
98
|
- test/subca.cert
|
|
99
|
+
- test/subca.key
|
|
100
|
+
- test/subca.srl
|
|
77
101
|
- test/test_auth.rb
|
|
78
102
|
- test/test_cookie.rb
|
|
79
103
|
- test/test_hexdump.rb
|
|
@@ -87,7 +111,7 @@ homepage: https://github.com/nahi/httpclient
|
|
|
87
111
|
licenses:
|
|
88
112
|
- ruby
|
|
89
113
|
metadata: {}
|
|
90
|
-
post_install_message:
|
|
114
|
+
post_install_message:
|
|
91
115
|
rdoc_options: []
|
|
92
116
|
require_paths:
|
|
93
117
|
- lib
|
|
@@ -102,9 +126,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
102
126
|
- !ruby/object:Gem::Version
|
|
103
127
|
version: '0'
|
|
104
128
|
requirements: []
|
|
105
|
-
|
|
106
|
-
|
|
107
|
-
signing_key:
|
|
129
|
+
rubygems_version: 3.5.3
|
|
130
|
+
signing_key:
|
|
108
131
|
specification_version: 4
|
|
109
132
|
summary: gives something like the functionality of libwww-perl (LWP) in Ruby
|
|
110
133
|
test_files: []
|