httpclient 2.7.0 → 2.7.0.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/httpclient/jruby_ssl_socket.rb +9 -8
- data/lib/httpclient/ssl_config.rb +8 -1
- data/lib/httpclient/ssl_socket.rb +0 -1
- data/lib/httpclient/version.rb +1 -1
- data/test/test_ssl.rb +12 -0
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: e7236cf89169c32802c8800f4f679904f1f24e95
|
|
4
|
+
data.tar.gz: 8096cd3b370e83a391239e6daa2657c3efa79e45
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 60008ef0e10fa99bf0255cc7d78228af00eb25b457963d4108f942871925a41b0d71d90e697d66e2373b38d913349a198cd4cb818e8104536aa1670c7213d83e
|
|
7
|
+
data.tar.gz: 859e12aadea51b63e5892ea0b162472a36bc75b683ec4b2fde065fda8f29a45e2d17aa1f7283773cd76e17f0f4b8f2a0a4ecf7c4d99900ae96a14bbd15dbaac9
|
|
@@ -442,9 +442,10 @@ unless defined?(SSLSocket)
|
|
|
442
442
|
new(socket, session.dest, session.ssl_config, session.debug_dev)
|
|
443
443
|
end
|
|
444
444
|
|
|
445
|
+
DEFAULT_SSL_PROTOCOL = 'TLS'
|
|
445
446
|
def initialize(socket, dest, config, debug_dev = nil)
|
|
446
447
|
if config.ssl_version == :auto
|
|
447
|
-
ssl_version =
|
|
448
|
+
ssl_version = DEFAULT_SSL_PROTOCOL
|
|
448
449
|
else
|
|
449
450
|
ssl_version = config.to_s.gsub(/_/, '.')
|
|
450
451
|
end
|
|
@@ -485,13 +486,17 @@ unless defined?(SSLSocket)
|
|
|
485
486
|
factory = ctx.getSocketFactory
|
|
486
487
|
begin
|
|
487
488
|
ssl_socket = factory.createSocket(socket, dest.host, dest.port, true)
|
|
488
|
-
ssl_socket.setEnabledProtocols([ssl_version].to_java(java.lang.String))
|
|
489
|
+
ssl_socket.setEnabledProtocols([ssl_version].to_java(java.lang.String)) if ssl_version != DEFAULT_SSL_PROTOCOL
|
|
489
490
|
if config.ciphers != SSLConfig::CIPHERS_DEFAULT
|
|
490
491
|
ssl_socket.setEnabledCipherSuites(config.ciphers.to_java(java.lang.String))
|
|
491
492
|
end
|
|
492
493
|
ssl_socket.startHandshake
|
|
493
|
-
|
|
494
|
-
@
|
|
494
|
+
ssl_session = ssl_socket.getSession
|
|
495
|
+
@peer_cert = JavaCertificate.new(ssl_session.getPeerCertificates.first)
|
|
496
|
+
if $DEBUG
|
|
497
|
+
warn("Protocol version: #{ssl_session.getProtocol}")
|
|
498
|
+
warn("Cipher: #{ssl_socket.getSession.getCipherSuite}")
|
|
499
|
+
end
|
|
495
500
|
post_connection_check(dest.host, @peer_cert)
|
|
496
501
|
rescue java.security.GeneralSecurityException => e
|
|
497
502
|
raise OpenSSL::SSL::SSLError.new(e.getMessage)
|
|
@@ -508,10 +513,6 @@ unless defined?(SSLSocket)
|
|
|
508
513
|
@peer_cert
|
|
509
514
|
end
|
|
510
515
|
|
|
511
|
-
def ciphersuite
|
|
512
|
-
@ciphersuite
|
|
513
|
-
end
|
|
514
|
-
|
|
515
516
|
private
|
|
516
517
|
|
|
517
518
|
def post_connection_check(hostname, wrap_cert)
|
|
@@ -26,6 +26,12 @@ class HTTPClient
|
|
|
26
26
|
# like Web browsers. 'httpclient/cacert.pem' is downloaded from curl web
|
|
27
27
|
# site by the author and included in released package.
|
|
28
28
|
#
|
|
29
|
+
# On JRuby, HTTPClient uses Java runtime's trusted CA certificates, not
|
|
30
|
+
# cacert.pem by default. You can load cacert.pem by calling
|
|
31
|
+
# SSLConfig#load_trust_ca manually like:
|
|
32
|
+
#
|
|
33
|
+
# HTTPClient.new { self.ssl_config.load_trust_ca }.get("https://...")
|
|
34
|
+
#
|
|
29
35
|
# You may want to change trust anchor by yourself. Call clear_cert_store
|
|
30
36
|
# then add_trust_ca for that purpose.
|
|
31
37
|
class SSLConfig
|
|
@@ -437,9 +443,10 @@ class HTTPClient
|
|
|
437
443
|
def load_cacerts(cert_store)
|
|
438
444
|
ver = OpenSSL::OPENSSL_VERSION
|
|
439
445
|
if (ver.start_with?('OpenSSL 1.0.1') && ver >= 'OpenSSL 1.0.1p') ||
|
|
440
|
-
(ver.start_with?('OpenSSL ') && ver >= 'OpenSSL 1.0.2d')
|
|
446
|
+
(ver.start_with?('OpenSSL ') && ver >= 'OpenSSL 1.0.2d') || defined?(JRuby)
|
|
441
447
|
filename = 'cacert.pem'
|
|
442
448
|
else
|
|
449
|
+
warn("RSA 1024 bit CA certificates are loaded due to old openssl compatibility")
|
|
443
450
|
filename = 'cacert1024.pem'
|
|
444
451
|
end
|
|
445
452
|
file = File.join(File.dirname(__FILE__), filename)
|
data/lib/httpclient/version.rb
CHANGED
data/test/test_ssl.rb
CHANGED
|
@@ -236,6 +236,18 @@ end
|
|
|
236
236
|
end
|
|
237
237
|
end
|
|
238
238
|
|
|
239
|
+
def test_use_higher_TLS
|
|
240
|
+
omit('TODO: it does not pass with Java 7 or old openssl ')
|
|
241
|
+
teardown_server
|
|
242
|
+
setup_server_with_ssl_version(:TLSv1_2)
|
|
243
|
+
assert_nothing_raised do
|
|
244
|
+
@client.ssl_config.verify_mode = nil
|
|
245
|
+
@client.get("https://localhost:#{serverport}/hello")
|
|
246
|
+
# TODO: should check JRubySSLSocket.ssl_socket.getSession.getProtocol
|
|
247
|
+
# but it's not thread safe. How can I return protocol version to the caller?
|
|
248
|
+
end
|
|
249
|
+
end
|
|
250
|
+
|
|
239
251
|
private
|
|
240
252
|
|
|
241
253
|
def cert(filename)
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: httpclient
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.7.0
|
|
4
|
+
version: 2.7.0.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Hiroshi Nakamura
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2015-11-
|
|
11
|
+
date: 2015-11-07 00:00:00.000000000 Z
|
|
12
12
|
dependencies: []
|
|
13
13
|
description:
|
|
14
14
|
email: nahi@ruby-lang.org
|