manticore 0.3.1-java → 0.3.2-java

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 60f70fa96f93b6d9092b0455c139ae2aaf077fcf
-  data.tar.gz: ea9ab057b99806987c30ff3198cefd1d0d6ae455
+  metadata.gz: cb2cec897fad8daff54f1823bb5a01f33da18d2e
+  data.tar.gz: 4ee22665fa497aceaa9b5df01c79264ef47a8667
 SHA512:
-  metadata.gz: 24112c6208d50c27c68745340cf29c87f6cc37a8abeebb3bc051d2dc37ba883465f78e027e3dc4b5d77122c2bc9c2d9c2b6377607715bff5c953e38f0171ddb1
-  data.tar.gz: db3909740b474447d5467290992aad8b51fa34c39006714d14848650686f3ffaa095c3e8674df2f7ae0c834d7ac8fda4cc291485e790f9f3f44289a2041a647e
+  metadata.gz: 2be50f1dff4384bd95f61d6d5328aa4690461436c9d57dadae905fba897602b1c470d41763edca4955ea1d45f96f48ef80a52eccab4b3679e26bda1317cd78d6
+  data.tar.gz: 174cae4b6fef3465b339bbd4e831eed8aeb40284459102fe68fa32b3412b04460b3cbc8c649267339e50830263d0a894760fe14c55ee6c778c9370e021a6db45

data/CHANGELOG.md

@@ -1,4 +1,22 @@
 ## v0.3
+### v0.3.3 (pending)
+### v0.3.2
+* :ignore_ssl_validation is now deprecated. It has been replaced with :ssl, which takes a hash of options. These include:
+
+      :verify               - :strict (default), :browser, :none -- Specify hostname verification behaviors.
+      :protocols            - An array of protocols to accept
+      :cipher_suites        - An array of cipher suites to accept
+      :truststore           - Path to a keytool trust store, for specifying custom trusted certificate signers
+      :truststore_password  - Password for the file specified in `:truststore`
+      :truststore_type      - Specify the trust store type (JKS, PKCS12)
+      :keystore             - Path to a keytool trust store, for specifying client authentication certificates
+      :keystore_password    - Password for the file specified in `:keystore`
+      :keystore_type        - Specify the key store type (JKS, PKCS12)
+
+  (thanks @torrancew)
+
+* Fix encodings for bodies (thanks @synhaptein)
+
 ### v0.3.1
 * Added `automatic_retries` (default 3) parameter to client. The client will automatically retry requests that failed
   due to socket exceptions and empty responses up to this number of times. The most practical effect of this setting is

data/README.md

@@ -47,9 +47,15 @@ If you don't want to worry about setting up and maintaining client pools, Mantic
 
 ```ruby
 document_body = Manticore.get("http://www.google.com/").body
+
+# Or
+
+document_body = Manticore.http(:get, "http://www.google.com/").body
 ```
 
-Additionally, you can mix the `Manticore::Facade` into your own class for similar behavior:
+This is threadsafe and automatically backed with a pool, so you can execute `Manticore.get` in multiple threads without harming performance.
+
+Alternately, you can mix the `Manticore::Facade` into your own class for similar behavior:
 
 ```ruby
 class MyClient
@@ -74,9 +80,11 @@ class MyOtherClient
 end
 ```
 
-### More Control
+For detailed documentation, see the [full Manticore::Client documentation](http://www.rubydoc.info/github/cheald/manticore/master/Manticore/Client).
+
+### Configuring clients
 
-Manticore is built around a connection pool. When you create a `Client`, you will pass various parameters that it will use to set up the pool.
+Rather than using the Facade, you can create your own standalone Client instances. When you create a `Client`, you will pass various parameters that it will use to set up the pool.
 
 ```ruby
 client = Manticore::Client.new(request_timeout: 5, connect_timeout: 5, socket_timeout: 5, pool_max: 10, pool_max_per_route: 2)
@@ -99,6 +107,32 @@ client = Manticore::Client.new(socket_timeout: 5) do |http_client_builder, reque
 end
 ```
 
+### Pools
+
+You've seen "pools" mentioned a few times. Manticore creates and configures a [PoolingHttpClientConnectionManager](http://hc.apache.org/httpcomponents-client-ga/httpclient/apidocs/org/apache/http/impl/conn/PoolingHttpClientConnectionManager.html)
+which all requests are run through. The advantage here is that configuration and setup is performed once, and this lets clients take advantage of things like keepalive,
+per-route concurrency limits, and other neat things. In general, you should create one `Manticore::Client` instance pe unique configuration needed. For example, you might have an app that performs 2 functions:
+
+1. General HTTP requesting from the internet-at-large
+2. Communication with a backend service over SSL, using a custom trust store
+
+To set this up, you might create 2 pools, each configured for the task:
+
+```ruby
+general_http_client    = Manticore::Client.new connect_timeout: 10, socket_timeout: 10, request_timeout: 10, follow_redirects: true, max_per_route: 2
+proxied_backend_client = Manticore::Client.new proxy: "https://backend.internal:4242", truststore: "./truststore.jks", truststore_password: "s3cr3t"
+```
+
+This would create 2 separate request pools; the first would be configured with generous timeouts and redirect following, and would use the system
+default trust stores (ie, the normal certs used to verify SSL certificates with the normal certificate authorities). Additionally, it will only permit
+2 concurrent requests to a given domain ("route") at a time; this can be nice for web crawling or fetching against rate-limited APIs, to help you stay
+under your rate limits even when executing in a parallel context. The second client would use a custom trust store to recognize certs signed with your
+internal CA, and would proxy all requests through an internal server.
+
+Creating pools is expensive, so you don't want to be doing it for each request. Instead, you should set up your pools once and then re-use them.
+Clients and their backing pools are thread-safe, so feel free to set them up once before you start performing parallel operations.
+
+
 ### Parallel execution
 
 Manticore can perform concurrent execution of multiple requests.

data/lib/manticore/client.rb

@@ -48,11 +48,11 @@ module Manticore
   #
   # @!macro [new] http_method_shared_async_with_body
   #   @macro http_method_shared_async
-  #   @option options [Hash] body    Hash of options to pass as request body
+  #   @option options [String] body     Body to pass with the request
   #
   # @!macro [new] http_method_shared_sync_with_body
   #   @macro http_method_shared_sync
-  #   @option options [Hash] body    Hash of options to pass as request body
+  #   @option options [String] body     Body to pass with the request
 
   # Core Manticore client, with a backing {http://hc.apache.org/httpcomponents-client-ga/httpclient/apidocs/org/apache/http/impl/conn/PoolingHttpClientConnectionManager.html PoolingHttpClientConnectionManager}
   class Client
@@ -60,6 +60,7 @@ module Manticore
     include_package "org.apache.http.client.entity"
     include_package "org.apache.http.client.config"
     include_package "org.apache.http.config"
+    include_package "org.apache.http.conn.socket"
     include_package "org.apache.http.impl"
     include_package "org.apache.http.impl.client"
     include_package "org.apache.http.impl.conn"
@@ -72,6 +73,8 @@ module Manticore
     include_package "org.apache.http.client.protocol"
     include_package 'org.apache.http.conn.ssl'
     java_import "org.apache.http.HttpHost"
+    java_import "javax.net.ssl.SSLContext"
+    java_import "java.security.KeyStore"
 
     include ProxiesInterface
 
@@ -101,27 +104,40 @@ module Manticore
     #     http_client_builder.disable_redirect_handling
     #   end
     #
-    # @param options [Hash] Client pool options
-    # @option options [String]  user_agent                 The user agent used in requests.
-    # @option options [Integer] pool_max           (50)    The maximum number of active connections in the pool
-    # @option options [integer] pool_max_per_route (pool_max) Sets the maximum number of active connections for a given target endpoint
-    # @option options [boolean] cookies            (true)  enable or disable automatic cookie management between requests
-    # @option options [boolean] compression        (true)  enable or disable transparent gzip/deflate support
-    # @option options [integer] request_timeout    (60)    Sets the timeout for requests. Raises {Manticore::Timeout} on failure.
-    # @option options [integer] connect_timeout    (10)    Sets the timeout for connections. Raises Manticore::Timeout on failure.
-    # @option options [integer] socket_timeout     (10)    Sets SO_TIMEOUT for open connections. A value of 0 is an infinite timeout. Raises Manticore::Timeout on failure.
-    # @option options [boolean] tcp_no_delay       (true)  Enable or disable Nagle's algorithm
-    # @option options [integer] request_timeout    (60)    Sets the timeout for a given request. Raises Manticore::Timeout on failure.
-    # @option options [integer] max_redirects      (5)     Sets the maximum number of redirects to follow.
-    # @option options [integer] automatic_retries  (3)     Sets the number of times the client will automatically retry failed requests.
-    # @option options [boolean] expect_continue    (false) Enable support for HTTP 100
-    # @option options [boolean] stale_check        (false) Enable support for stale connection checking. Adds overhead.
-    # @option options [String]  proxy              Proxy host in form: http://proxy.org:1234
-    # @option options [Hash]    proxy              Proxy host in form: {host: 'proxy.org'[, port: 80[, scheme: 'http']]}
-    # @option options [URI]     proxy              Proxy host as a URI object
-    # @option options [Boolean/Integer] keepalive  (true) Whether to allow connections to be reused. Defaults to true. If an integer,
-    #                                                     then connections will be kept alive for this long when Connection: keep-alive
-    #                                                     is sent, but no Keep-Alive header is sent.
+    # @param options  [Hash]                                                   Client pool options
+    # @option options [String]          user_agent                             The user agent used in requests.
+    # @option options [Integer]         pool_max                   (50)        The maximum number of active connections in the pool
+    # @option options [integer]         pool_max_per_route         (pool_max)  Sets the maximum number of active connections for a given target endpoint
+    # @option options [boolean]         cookies                    (true)      enable or disable automatic cookie management between requests
+    # @option options [boolean]         compression                (true)      enable or disable transparent gzip/deflate support
+    # @option options [integer]         request_timeout            (60)        Sets the timeout for requests. Raises {Manticore::Timeout} on failure.
+    # @option options [integer]         connect_timeout            (10)        Sets the timeout for connections. Raises Manticore::Timeout on failure.
+    # @option options [integer]         socket_timeout             (10)        Sets SO_TIMEOUT for open connections. A value of 0 is an infinite timeout. Raises Manticore::Timeout on failure.
+    # @option options [boolean]         tcp_no_delay               (true)      Enable or disable Nagle's algorithm
+    # @option options [integer]         request_timeout            (60)        Sets the timeout for a given request. Raises Manticore::Timeout on failure.
+    # @option options [integer]         max_redirects              (5)         Sets the maximum number of redirects to follow.
+    # @option options [integer]         automatic_retries          (3)         Sets the number of times the client will automatically retry failed requests.
+    # @option options [boolean]         expect_continue            (false)     Enable support for HTTP 100
+    # @option options [boolean]         stale_check                (false)     Enable support for stale connection checking. Adds overhead.
+    # @option options [String]          proxy                                    Proxy host in form: http://proxy.org:1234
+    # @option options [Hash]            proxy                                    Proxy host in form: {host: 'proxy.org'[, port: 80[, scheme: 'http']]}
+    # @option options [URI]             proxy                                    Proxy host as a URI object
+    # @option options [Boolean/Fixnum]  keepalive                  (true)      Whether to allow connections to be reused. Defaults to true. If an integer,
+    #                                                                          then connections will be kept alive for this long when Connection: keep-alive
+    #                                                                          is sent, but no Keep-Alive header is sent.
+    # @option options [Hash]            ssl                                        Hash of options for configuring SSL
+    # @option options [Array<String>]   ssl[:protocols]            (nil)       A list of protocols that Manticore should accept
+    # @option options [Array<String>]   ssl[:cipher_suites]        (nil)       A list of cipher suites that Manticore should accept
+    # @option options [Symbol]          ssl[:verify]               (:strict)   Hostname verification setting. Set to `:disable` to turn off hostname verification. Setting to `:browser` will
+    #                                                                            cause Manticore to accept a certificate for *.foo.com for all subdomains and sub-subdomains (eg a.b.foo.com).
+    #                                                                            The default `:strict` is like `:browser` except it'll only accept a single level of subdomains for wildcards,
+    #                                                                            eg `b.foo.com` will be accepted for a `*.foo.com` certificate, but `a.b.foo.com` will not be.
+    # @option options [String]          ssl[:truststore]          (nil)        Path to a custom trust store to use the verifying SSL connections
+    # @option options [String]          ssl[:truststore_password] (nil)        Password used for decrypting the server trust store
+    # @option options [String]          ssl[:truststore_type]     (nil)        Format of the trust store, ie "JKS" or "PKCS12". If left nil, the type will be inferred from the truststore filename.
+    # @option options [String]          ssl[:keystore]            (nil)        Path to a custom key store to use for client certificate authentication
+    # @option options [String]          ssl[:keystore_password]   (nil)        Password used for decrypting the client auth key store
+    # @option options [String]          ssl[:keystore_type]       (nil)        Format of the key store, ie "JKS" or "PKCS12". If left nil, the type will be inferred from the keystore filename.
     def initialize(options = {})
       builder  = client_builder
       builder.set_user_agent options.fetch(:user_agent, "Manticore #{VERSION}")
@@ -241,6 +257,19 @@ module Manticore
       end
     end
 
+    # Perform an HTTP request, passing the method as a parameter
+    # @param method [String, Symbol] Method to call (get put head post options patch)
+    # @macro http_method_shared
+    # @macro http_request_exceptions
+    def http(method, url, options = {}, &block)
+      case method.to_s.downcase
+      when *%w(get put head post options patch)
+        send method, url, options, &block
+      else
+        raise "Invalid method: #{method}"
+      end
+    end
+
     # Cause this client to return a stubbed response for this URL
     # @param  url [String] URL to stub for
     # @param  stubs [Hash] Hash of options to return for the stubbed response
@@ -289,14 +318,17 @@ module Manticore
     end
 
     def pool_builder(options)
-      if options.fetch(:ignore_ssl_validation, false)
-        context  = SSLContexts.custom.load_trust_material(nil, TrustSelfSignedStrategy.new).build
-        sslsf    = SSLConnectionSocketFactory.new(context, SSLConnectionSocketFactory::ALLOW_ALL_HOSTNAME_VERIFIER)
-        registry = RegistryBuilder.create.register("https", sslsf).build
-        PoolingHttpClientConnectionManager.new(registry)
-      else
-        PoolingHttpClientConnectionManager.new
+      http_sf  = PlainConnectionSocketFactory.new
+
+      if options[:ignore_ssl_validation]
+        $stderr.puts 'The options[:ignore_ssl_validation] setting is deprecated in favor of options[:ssl][:verify]'
+        options[:ssl] ||= {}
+        options[:ssl]   = {:verify => !options.delete(:ignore_ssl_validation)}.merge(options[:ssl])
       end
+
+      https_sf = ssl_socket_factory_from_options options.fetch(:ssl, {})
+      registry = RegistryBuilder.create.register("http", http_sf).register("https", https_sf).build
+      PoolingHttpClientConnectionManager.new(registry)
     end
 
     def pool(options = {})
@@ -380,7 +412,7 @@ module Manticore
         if options[:params]
           req.set_entity hash_to_entity(options[:params])
         elsif options[:body]
-          req.set_entity StringEntity.new(options[:body])
+          req.set_entity StringEntity.new(options[:body], minimum_encoding_for(options[:body]))
         elsif options[:entity]
           req.set_entity options[:entity]
         end
@@ -442,10 +474,79 @@ module Manticore
     end
 
     def hash_to_entity(hash)
+      # This is a really stupid way to get the "lowest common denominator" encoding for the options hash
+      # Is there a better way?
+      encoding = minimum_encoding_for hash.to_a.flatten.join
       pairs = hash.map do |key, val|
         BasicNameValuePair.new(key, val)
       end
-      UrlEncodedFormEntity.new(pairs)
+      UrlEncodedFormEntity.new(pairs, encoding)
+    end
+
+    # Apache HTTP assumes ISO_8859_1 for StringEntities; we'll try to be nice and pass that when possible
+    # so that it doesn't have to any multibyte work.
+    ISO_8859_1 = "ISO-8859-1".freeze
+    def minimum_encoding_for(string)
+      if string.ascii_only?
+        ISO_8859_1
+      else
+        string.encoding.to_s
+      end
+    end
+
+    # Configure the SSL Context
+    def ssl_socket_factory_from_options(ssl_options)
+      trust_store = trust_strategy = nil
+
+      verifier = SSLConnectionSocketFactory::STRICT_HOSTNAME_VERIFIER
+      case ssl_options.fetch(:verify, :strict)
+      when false, :disable, :none
+        trust_store = nil
+        trust_strategy = TrustSelfSignedStrategy.new
+        verifier = SSLConnectionSocketFactory::ALLOW_ALL_HOSTNAME_VERIFIER
+      when :browser
+        verifier = SSLConnectionSocketFactory::BROWSER_COMPATIBLE_HOSTNAME_VERIFIER
+      when true, :strict, :default
+        verifier = SSLConnectionSocketFactory::STRICT_HOSTNAME_VERIFIER
+      else
+        raise "Invalid value for :verify. Valid values are (:all, :browser, :default)"
+      end
+
+
+      context = SSLContexts.custom
+
+      trust_store = get_store(:truststore, ssl_options) if ssl_options.key?(:truststore)
+      context.load_trust_material(trust_store, trust_strategy)
+
+      if ssl_options.key?(:keystore)
+        key_store = get_store(:keystore, ssl_options)
+        context.load_key_material(key_store, ssl_options.fetch(:keystore_password, nil).to_java.toCharArray)
+      end
+
+      SSLConnectionSocketFactory.new context.build, ssl_options[:protocols], ssl_options[:cipher_suites], verifier
+    end
+
+    def get_trust_store(options)
+      get_store :truststore, options
+    end
+
+    def get_key_store(options)
+      get_store :keystore, options
+    end
+
+    def get_store(prefix, options)
+      KeyStore.get_instance(options[:"#{prefix}_type"] || guess_store_type(options[prefix])).tap do |store|
+        instream = open(options[prefix], "rb").to_inputstream
+        store.load(instream, options.fetch(:"#{prefix}_password", nil).to_java.toCharArray)
+      end
+    end
+
+    def guess_store_type(filename)
+      if filename.end_with?(".p12")
+        "pkcs12"
+      else
+        KeyStore.get_default_type
+      end
     end
   end
-end
+end

data/lib/manticore/version.rb

@@ -1,3 +1,3 @@
 module Manticore
-  VERSION = "0.3.1"
+  VERSION = "0.3.2"
 end

data/spec/manticore/client_spec.rb

@@ -1,3 +1,4 @@
+# encoding: utf-8
 require 'spec_helper'
 
 java_import 'org.apache.http.entity.mime.MultipartEntityBuilder'
@@ -41,7 +42,7 @@ describe Manticore::Client do
     j["uri"]["port"].should == 55441
   end
 
-  describe "ignore_ssl_validation" do
+  describe "ignore_ssl_validation (deprecated option)" do
     context "when on" do
       let(:client) { Manticore::Client.new ignore_ssl_validation: true }
 
@@ -59,6 +60,90 @@ describe Manticore::Client do
     end
   end
 
+  describe 'ssl settings' do
+    describe 'verify' do
+      context 'default' do
+        let(:client) { Manticore::Client.new }
+
+        it "should break on SSL validation errors" do
+          expect { client.get("https://localhost:55444/").call }.to raise_exception(Manticore::ClientProtocolException)
+        end
+      end
+
+      context 'when on and no trust store is given' do
+        let(:client) { Manticore::Client.new :ssl => {:verify => :strict} }
+
+        it "should break on SSL validation errors" do
+          expect { client.get("https://localhost:55444/").call }.to raise_exception(Manticore::ClientProtocolException)
+        end
+      end
+
+      context 'when on and custom trust store is given' do
+        let(:client) { Manticore::Client.new :ssl => {verify: :strict, truststore: File.expand_path("../../ssl/test_truststore", __FILE__), truststore_password: "test123"} }
+
+        it "should verify the request and succeed" do
+          expect { client.get("https://localhost:55444/").body }.to_not raise_exception
+        end
+      end
+
+      context 'when on and custom trust store is given with the wrong password' do
+        let(:client) { Manticore::Client.new :ssl => {verify: :strict, truststore: File.expand_path("../../ssl/test_truststore", __FILE__), truststore_password: "wrongpass"} }
+
+        it "should fail to load the keystore" do
+          expect { client.get("https://localhost:55444/").body }.to raise_exception(Java::JavaIo::IOException)
+        end
+      end
+
+      context 'when off' do
+        let(:client) { Manticore::Client.new :ssl => {:verify => :none} }
+
+        it "should not break on SSL validation errors" do
+          expect { client.get("https://localhost:55444/").body }.to_not raise_exception
+        end
+      end
+
+      context "against a server that verifies clients" do
+        context "when client cert auth is provided" do
+          let(:client) {
+            options = {
+              truststore: File.expand_path("../../ssl/test_truststore", __FILE__),
+              truststore_password: "test123",
+              keystore: File.expand_path("../../ssl/client.p12", __FILE__),
+              keystore_password: ""
+            }
+            Manticore::Client.new :ssl => options.merge(verify: :strict)
+          }
+
+          it "should successfully auth requests" do
+            expect(client.get("https://localhost:55445/").body).to match("hello")
+          end
+        end
+
+        context "when client cert auth is not provided" do
+          let(:client) {
+            options = {
+              truststore: File.expand_path("../../ssl/test_truststore", __FILE__),
+              truststore_password: "test123"
+            }
+            Manticore::Client.new :ssl => options.merge(verify: :strict)
+          }
+
+          it "should fail the request" do
+            expect { client.get("https://localhost:55445/").body }.to raise_exception(Manticore::ClientProtocolException)
+          end
+        end
+      end
+    end
+
+    describe ":cipher_suites" do
+      pending
+    end
+
+    describe ":protocols" do
+      pending
+    end
+  end
+
   describe "lazy evaluation" do
     it "should not call synchronous requests by default" do
       req = client.get(local_server)
@@ -231,9 +316,19 @@ describe Manticore::Client do
       JSON.load(response.body)["body"].should == "This is a post body"
     end
 
+    it "should send a UTF-8 body" do
+      response = client.post(local_server, body: "This is a post body ∑")
+      JSON.load(response.body)["body"].should == "This is a post body ∑"
+    end
+
     it "should send params" do
       response = client.post(local_server, params: {key: "value"})
-      JSON.load(response.body)["body"].should == "key=value"
+      CGI.unescape(JSON.load(response.body)["body"]).should == "key=value"
+    end
+
+    it "should send non-ASCII params" do
+      response = client.post(local_server, params: {"∑" => "√"})
+      CGI.unescape(JSON.load(response.body)["body"]).should == "∑=√"
     end
 
     it "should send an arbitrary entity" do

data/spec/spec_helper.rb

@@ -6,6 +6,7 @@ require 'json'
 require 'rack'
 require 'webrick'
 require 'webrick/https'
+require 'openssl'
 
 PORT = 55441
 
@@ -16,14 +17,14 @@ end
 def read_nonblock(socket)
   buffer = ""
   loop {
-     begin
-         buffer << socket.read_nonblock(4096)
-     rescue Errno::EAGAIN
-         # Resource temporarily unavailable - read would block
-         break
-     end
+    begin
+      buffer << socket.read_nonblock(4096)
+    rescue Errno::EAGAIN
+      # Resource temporarily unavailable - read would block
+      break
+    end
   }
-  buffer
+  buffer.force_encoding("UTF-8")
 end
 
 def start_server(port = PORT)
@@ -37,7 +38,7 @@ def start_server(port = PORT)
       end
 
       if cl = request[:headers]["Content-Length"] || request[:headers]["Transfer-Encoding"] == "chunked"
-        request[:body] = read_nonblock stream.socket
+        request[:body] = read_nonblock(stream.socket)
       end
 
       content_type = request[:headers]["X-Content-Type"] || "text/plain"
@@ -87,18 +88,28 @@ def stop_servers
   @servers.values.each(&:kill) if @servers
 end
 
-def start_ssl_server(port)
+def start_ssl_server(port, options = {})
   cert_name = [
     %w[CN localhost],
   ]
+  cert = OpenSSL::X509::Certificate.new File.read(File.expand_path('../ssl/localhost.pem', __FILE__))
+  pkey = OpenSSL::PKey::RSA.new File.read(File.expand_path('../ssl/localhost.key', __FILE__))
   @servers[port] = Thread.new {
-    server = WEBrick::HTTPServer.new(:Port => port, :SSLEnable => true, :SSLCertName => cert_name, :Logger => WEBrick::Log.new("/dev/null"))
+    server = WEBrick::HTTPServer.new(
+      {
+        :Port => port,
+        :SSLEnable => true,
+        :SSLCertificate => cert,
+        :SSLPrivateKey => pkey,
+        :AccessLog => [],
+        :Logger => WEBrick::Log.new("/dev/null")
+      }.merge(options)
+    )
     server.mount_proc "/" do |req, res|
       res.body = "hello!"
     end
 
     server.start
-    puts "Server started?"
   }
 end
 
@@ -110,6 +121,7 @@ RSpec.configure do |c|
     start_server 55441
     start_server 55442
     start_ssl_server 55444
+    start_ssl_server 55445, :SSLVerifyClient => OpenSSL::SSL::VERIFY_PEER | OpenSSL::SSL::VERIFY_FAIL_IF_NO_PEER_CERT, :SSLCACertificateFile => File.expand_path("../ssl/ca_cert.pem", __FILE__)
   }
 
   c.after(:suite)  { stop_servers }

data/spec/ssl/ca_cert.pem

@@ -0,0 +1,33 @@
+-----BEGIN CERTIFICATE-----
+MIIFpTCCA42gAwIBAgIJAKwJSFJWm00IMA0GCSqGSIb3DQEBCwUAMGExCzAJBgNV
+BAYTAlVTMQswCQYDVQQIDAJNRDESMBAGA1UEBwwJQmFsdGltb3JlMRAwDgYDVQQD
+DAdUZXN0IENBMR8wHQYJKoZIhvcNAQkBFhB0ZXN0QGV4YW1wbGUuY29tMB4XDTE0
+MTEyOTAwMTM1NloXDTE0MTIyOTAwMTM1NlowYTELMAkGA1UEBhMCVVMxCzAJBgNV
+BAgMAk1EMRIwEAYDVQQHDAlCYWx0aW1vcmUxEDAOBgNVBAMMB1Rlc3QgQ0ExHzAd
+BgkqhkiG9w0BCQEWEHRlc3RAZXhhbXBsZS5jb20wggIiMA0GCSqGSIb3DQEBAQUA
+A4ICDwAwggIKAoICAQC5OUzLMt4sXq2zqWpWxIVs0LZHQpe9HNcTO1vOxX/JVhOR
+pfY+e6UR699T+oSHNr3jTfa0JWq9Ve7VfXU8kRBFaZnuzmi8RbXX2Hk31wyUcFoA
+4luWzdKKAMLZKwkYKd+thmm4F1syxO2oTnQ4RccIrWMeSYzzzbVe8TCGw9JGBKmV
+yyBVLZCvHMh4/Oel0mdIUjpPtL9ah6S3QyfW53A46Eqjpjc1rFfvMzctgXdEEXC9
+jbCnNX8y7z8F7X1rxAs3dlK3IDADJLWdsfX9rvQh7zIWIRmzvpBUliqR951CS3bj
+DPl8YGhUJj/CWQbLfpTQGKO5q2iHh2veK/E0RHPrKrs73u+WuyrjMUEbxVFBsBOH
+8A9MUFDu1YkOVAiaoR9WdYK/xsTLiSRMHPbrSJPT9aYQLnNhPs1becp8YZ2jykRG
+pafXH2BMumw+4ijxve9RQmOWqlJ9KiKJpsLpY/RtDyHyzC8BYQrZDZ7kqpuZKaV9
+WsJBTKcLGxL1bBf1mb8BRL+HFuzqAKeYpwhVVx6xauelfOQLa168Bisgib3gSfDL
+9jIoEh03+krcNxYhvc0b/oB8HLBKdb2alvJe+dJwMxLkVdmFvp5Wn/fNMpijHg5B
+6dvqpfQkVEe5fZxUrzhYm0kQoAW87aexjaSDYLeHcjcsJlO2F2dnTo2rUBX3CwID
+AQABo2AwXjAdBgNVHQ4EFgQUyLdEJh76En9e3sHQqJE2zkOlikEwHwYDVR0jBBgw
+FoAUyLdEJh76En9e3sHQqJE2zkOlikEwDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8E
+BAMCAQYwDQYJKoZIhvcNAQELBQADggIBAHfYBKBoxvxoj7OzPwPAStDcIX7Kbo4b
+21qPPIlmkzr1Z1QfEObvoeEJc0om4wHLUbOfUKiyf9LiqoW3AW0cWIJ802cdW8Lz
+ANy3XPyqDdhhogqcgz4O6JBP4jopZ124IX70ZIntu7tY+a0eADkfdwJY6VxRB8GQ
+Ms2jJ8lcjg7UPefqRxF+bU1AcVE/9Gj83ZcUtZfJLG4vuyKUgR7gsFO4W2l1taLX
+7iU1gbPMW+j5pqJY3yXsWuWehRJEoTFL2QYdxTXqN5E3PCOwBzvYWnu//VBHKaJ+
+Bvik0mGIpmFpXpRYnRZ92SxH1bCl7d+wH8CgnY/elIy3w7f05ZsZl0zGklHcWjPH
+TP/JRlZtaUUbj9L247OTOrNe9yZ88iEbMlztljHsG71PIBT/TBS/+w/Bfwm/T2HA
+PGn8wwRp5+xrRzdN61mGcGYwZ5kYA2PXwZYp4gvIwTn3X6M+h76tfoS1Loh28YLJ
+XPjNHMxWr5N8xhlzOVU1Ny1c/77uEXPLrrzJcW70iF4rBIQr2xSWtcRjt07iXBqg
+NPAqqeHmUDQnReoFHXB+gmqvTWF/rv3i6BsWY9wS6MyWJ/AZZODyQ60fpLGJo12Q
+8s25QyDvJfUy5n+/0sxPBSR7Uk9yn9se3Q6zKF4pMcxUyC2yqgZZv5Et41dkJbac
+wuhTyH5RfnYu
+-----END CERTIFICATE-----

data/spec/ssl/ca_key.pem

@@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQC5OUzLMt4sXq2z
+qWpWxIVs0LZHQpe9HNcTO1vOxX/JVhORpfY+e6UR699T+oSHNr3jTfa0JWq9Ve7V
+fXU8kRBFaZnuzmi8RbXX2Hk31wyUcFoA4luWzdKKAMLZKwkYKd+thmm4F1syxO2o
+TnQ4RccIrWMeSYzzzbVe8TCGw9JGBKmVyyBVLZCvHMh4/Oel0mdIUjpPtL9ah6S3
+QyfW53A46Eqjpjc1rFfvMzctgXdEEXC9jbCnNX8y7z8F7X1rxAs3dlK3IDADJLWd
+sfX9rvQh7zIWIRmzvpBUliqR951CS3bjDPl8YGhUJj/CWQbLfpTQGKO5q2iHh2ve
+K/E0RHPrKrs73u+WuyrjMUEbxVFBsBOH8A9MUFDu1YkOVAiaoR9WdYK/xsTLiSRM
+HPbrSJPT9aYQLnNhPs1becp8YZ2jykRGpafXH2BMumw+4ijxve9RQmOWqlJ9KiKJ
+psLpY/RtDyHyzC8BYQrZDZ7kqpuZKaV9WsJBTKcLGxL1bBf1mb8BRL+HFuzqAKeY
+pwhVVx6xauelfOQLa168Bisgib3gSfDL9jIoEh03+krcNxYhvc0b/oB8HLBKdb2a
+lvJe+dJwMxLkVdmFvp5Wn/fNMpijHg5B6dvqpfQkVEe5fZxUrzhYm0kQoAW87aex
+jaSDYLeHcjcsJlO2F2dnTo2rUBX3CwIDAQABAoICAFGUZDdnOyWtubHU32pB+kY4
+EuCF+xEnH69vyHrkz+icidfvkeppSQYArodtYmuvd6ki0JL9m+qya5QKQtWfStxX
+q53buZOa3IGp7ZHjnL3QUkPrbs2X77Aqr6c45jOHVeY2ul+Dof5VcBteGqAiU4yF
+2Y8gc/15z/V2I5pnqzh9mzfHlIEPpZcLBV0MfvaxGh5nYRl0EYfNEIZLBMQJgYr+
+/MjhT5XLR5uqIhZf3GjViaNjQbgTvudvKoHw3PnXCd2utrXDboIj6/39wMuwAATm
+Nlg60fgx6Z3n2e4acmAdnspYD5ZxW+IcSp7N2UlNgju5bns7fLmcsqzTC9SqhacB
+ANrjxsz4DwgXdkTlzgdW0nmi9iTsOiei2Z7yotja/EjAcsaKaufk1544RohTo2ve
+BBxlbA2yjeaNgQqS/iFc/QWgX1OI376j9SXaYQE8fBj6n5TPdamj5Yg+M4xP+i10
+56zqcGfMvepYkOTUoNGdQ3KYjc3Te6S86nLEO8pgcdOvtLcuS8Z9SsJOSWdgPBI9
+NeFPxyNRtf3sQtFgQKP+mvFsjHsKWivHmNUEiJmILhv+tZs4iA32Cs1z244FMCk/
+m7hHmspVxRm90wjh8SC14tbSEAqYOY/dYfJSgpHPofvHnMPOs3h1j/tH1sM7Z8K6
+sT9v7Ft4CD/iRG5yVMexAoIBAQDqTbzhV+W+IREPx5XulWdRmEttUdfkcPyKCrYs
+uiogTmoHnHpNhfJWMULpX5HCIYbFIRW5xDbLyLX6KUHmhWbx5yZToRSq79T/wViG
+8qToF8+GH1tO3wb3FQayQTR0EbWGJH984MXmKRgiQsNtjvcJa957+vYX41ldoq7R
+I4vX1u3cKyo7cRENMAzjsW9hmH56Zit0whWZ2GKiqS32Rf85ZzNNTU1ssVPu7of0
+pE5te4qf/jnUpzMxooyO5sAdFzOp9K0Y2+fqxQ0LFu103xHJZdEvksNw5+G44Jkl
+ysVwHVkI4XmQuM2Bi89w+eVTbV3vynpA4kLjmFinDsXiRefZAoIBAQDKYBrhzNzN
+SdE4xSBy/r/n2l5iy9vdV6soWk/ZmWLNYT17+oTkqUx6lmryQaT6413FO57IS8V0
+PJutV/P/5ljcYwcIIaISo8mMEojGsfrfrKg6knFOZFATeB04/nOoUX6B7eMcGk2P
+9PHu8NbuMMEKwwlAmT5DjbUfeTNhYcdUsYWwJdS6m3VBZUML+B6gIXiTSvkLwYu9
+PSqe8veBqxX5X18R3eVKUYpLH1dgzmFi25VsgeefX6xeYJvmouOdst6HEdFt+Qyx
+PRNQR5iKwWAZdlV07rGV+7gMlIdZ13af7cNvhwSD5+9i88weZ4YT7rtT0+acf552
+FqE5vZfB6guDAoIBAQCK8a6gs086gMFtah4vbcnnSTjxiydMAPTBp7iAraVtoxKd
+kN22O0iKdIwJePMm/Fq/a+9GSmV0U4IW54B9A38Y1MqVrWBkPfVB9ZZZ8Gp6eCRI
+lS/AheHLhFyEOMayTg4njl1L4L96zcPSDWV3AuDcZWt6ekiVweys6lxhCYNUa9CC
+T9ariVFjUKtUG1TBu3zFePEsPCwzH27epxTqhnfjwp9ZqA3R9xafCjT1jrozkp+S
+YWBKCx0AwjQ4Sf6DQc8Rald79myBfHlPqjkGpYIWvJpga9gajGf/CrHHB4guBDlY
+Wt2MRQsZV5+cj5S+9IxQNvJop8Si0yU/bDNNC8eBAoIBAQC0IgMLhWvsFo5yN5SA
+hxyN5SMqUUZsqEIi8vAsQYleQfWWSxDK756xZv3ekGunHYYzrrPQmREyO1heXPFE
+j+X8lPCHXliCuuMFGOJB6d3iBi7fo8XS/xr/mWR5fJO5+H/garxCIW90eZR3GExX
+S3IogB3WMBDp1FKppxoCziO80R6sAaBuUT13bgjVuI6Z/fDzOkKfIjGdyboMLTv9
+YSl4BFn870POePHdmBIQiuLIOaexI5flliU5BEkAa3Cqx7GnDEcb2hhgEnsEdBXl
+O+asA1ZhdK0BUUMrf3FSmKRwChRxSv7L4kCEFXlUftUrHM4E+ZJFLpr/hXkQih9w
+bUC9AoIBAFiXa1qyRWGVkaPIY1tWr0UQywSESZ0C1+4W0Lfe8Wn+Vlx3H+voywQt
+G7dbxXpobbKof2qUGvZvPyvr6QrY9u1HrKbyIZB85ptKe5u6a11F+JDewBycfMR1
+WKlu0bSFOunlz8mlYlgpKpHdTjGjPDulDC1/SHWGMoqnO43Hv+5t+tT6cjEN2+SD
+HqkLCzZIn2K4VSDwd9J2szyWsHbJ+O5A/pdpz4ZNkF8boXfhM3z8Xv1JLkG/dq70
+VjWYNVJ4K+hB08jWs+GY+hpBiSf0RG2JRmCr8lItXAodaIwarr4s4yftiIfeEkg1
+umjprdvaT6QOMOjb1GZqJhdCLskcB/w=
+-----END PRIVATE KEY-----

data/spec/ssl/localhost.key

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC4I1J9AVuytCuy
+BlmDQD/ZhJygHhLhGN2ZBPd2mBs0OfnNO2ert9zo5jUaRvHAKhTs6/gmmMd2U39R
+TnN4cqHtEVbyDp/97zY4v75rL9iILk8l18qJVSbdsbEdZ9fyuj9MnLNY+J100FVS
+jfNIR+mCunVPjI+Mb2tooSOZKovdcTZVZcLVwnnkXsPbDFOZbWp3V0v0vqyYxAQB
+sLEypEtt1fzKrL0gevTCsRFYxsUbjdaJmb4E63hKAr+PkrjXT6r6gR4oWjFejoIm
+OhEZxm1H6cLwBWK/PM55b7kdV9pNUetXTNz5uTjKx0512rsBC9GZK9rM/wATI1o+
+KsXSxuDnAgMBAAECggEAG2OFnXpaPVZ3OV+gaNlhpeUHtvlCLaEZNO18MXOmeDo3
+YcN4RB5xCWNUergatU6NFkBzBKqs4HjC80EMA9ppI2301MRAH/E4y3AZzq+rMXZR
+53sVcR/tTARmJ82OXVg+mhKkypMQOJPUXRcoHJQ1s3AwisiJgYYBH+r39IxTiXhQ
+vMuiUFHmQSn7TAsDV9ULMvYmMh4FA+9RVW1DJ9zH5/IQKtRyLVupulGimF8n0kVR
+tNVqwTckZpJJlZFdLHUjaTiSm4s5vYwoxNzNXxZ0GnBXBxs5YAErEjas/OhmYguZ
+lFwpkVuV9/dwR4jfPRciGuRuJqO2I2Pp6K6/Z+QLoQKBgQDmYRNnOfESwaqVWh9G
+VmT70bhob5A2GwVS2fJ+UOBCfnwrn+ybR2AZjliKlM4a6k+pboPrwl4rncH2LlXO
+o/EX9VyTdDCMxiN+YMlvOuzpVF1LrM/BL6pw3uMjmWBEMmbprwiMFCKRC4BJZ3Vv
+X07A1zoKq8oNFW+m80Db1eMciwKBgQDMncDJLJFBqIcas5plUlwTQXmr8Xq/+Q/B
+UB4yU75eUbp1H0jFrJ8ier6A1IXX2bVnxUjilATM/trIH4GLMK66j5hp0ih0JfjE
+gYnI83GKOxL+KF0C2tLjjhuTAVtmWXla8s37dBtz3ZleyyKfaGzvgm3zjheD+s/R
+ordHaRpMlQKBgEOvq9q9TFX9bpf45Y1t3reZ03tjo9Qxtiu0eymfq3P944+Rqhup
+KdP4XY1B0RhZVVRrcvj2n2JjNFSXIoDW7APlA/ESxxzlLhJ4b1Zt0qNvNQYB3Pxe
+e84zvjp8WqtOv6vS0EkPtWQ2I9ftPLSfJO1FjvkJphCYBrjfaWPtgI+nAoGBAMOS
+RKIEJxJKslejMv+FKNx+yHy/4kN7GsP6f+I6iMo986nerP/DbpbWGx+oAgW94NW+
+i1uFftExBowhEQCpF1jZxyPd6yyY3p1z8u5PQUaOECk9CymfXdKCEXkA4wuAma2E
+Rb0BzPuB4wXnwr/6X6TNVaplNbTAFcKZc/SdULXBAoGBAM02iPIys9ghA1nfQHD+
+MD4lJNyPzOrnx1C8SXPP/hHUbFRmZF9hW3U9vuwo7jD2MzIrHAycAaIUjIDkTD+w
+rUYsH9nOAHCbk1lGqy24SF4Pcvpj28O4gfHBdBEq4c2b48moml3tJOPOTEude8fp
+PgYaeX3y+gzY7K7ZSM+gIuuo
+-----END PRIVATE KEY-----

data/spec/ssl/localhost.pem

@@ -0,0 +1,100 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 3 (0x3)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=US, ST=MD, L=Baltimore, CN=Test CA/emailAddress=test@example.com
+        Validity
+            Not Before: Nov 29 00:38:23 2014 GMT
+            Not After : Aug 25 00:38:23 2017 GMT
+        Subject: C=US, ST=Arizona, L=NA, O=Manticore, OU=Manticore, CN=localhost
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:b8:23:52:7d:01:5b:b2:b4:2b:b2:06:59:83:40:
+                    3f:d9:84:9c:a0:1e:12:e1:18:dd:99:04:f7:76:98:
+                    1b:34:39:f9:cd:3b:67:ab:b7:dc:e8:e6:35:1a:46:
+                    f1:c0:2a:14:ec:eb:f8:26:98:c7:76:53:7f:51:4e:
+                    73:78:72:a1:ed:11:56:f2:0e:9f:fd:ef:36:38:bf:
+                    be:6b:2f:d8:88:2e:4f:25:d7:ca:89:55:26:dd:b1:
+                    b1:1d:67:d7:f2:ba:3f:4c:9c:b3:58:f8:9d:74:d0:
+                    55:52:8d:f3:48:47:e9:82:ba:75:4f:8c:8f:8c:6f:
+                    6b:68:a1:23:99:2a:8b:dd:71:36:55:65:c2:d5:c2:
+                    79:e4:5e:c3:db:0c:53:99:6d:6a:77:57:4b:f4:be:
+                    ac:98:c4:04:01:b0:b1:32:a4:4b:6d:d5:fc:ca:ac:
+                    bd:20:7a:f4:c2:b1:11:58:c6:c5:1b:8d:d6:89:99:
+                    be:04:eb:78:4a:02:bf:8f:92:b8:d7:4f:aa:fa:81:
+                    1e:28:5a:31:5e:8e:82:26:3a:11:19:c6:6d:47:e9:
+                    c2:f0:05:62:bf:3c:ce:79:6f:b9:1d:57:da:4d:51:
+                    eb:57:4c:dc:f9:b9:38:ca:c7:4e:75:da:bb:01:0b:
+                    d1:99:2b:da:cc:ff:00:13:23:5a:3e:2a:c5:d2:c6:
+                    e0:e7
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                00:AD:24:E9:F6:F5:82:D6:44:2E:DB:A3:16:75:E4:B9:56:5E:87:55
+            X509v3 Authority Key Identifier: 
+                keyid:C8:B7:44:26:1E:FA:12:7F:5E:DE:C1:D0:A8:91:36:CE:43:A5:8A:41
+
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            X509v3 Key Usage: 
+                Digital Signature, Non Repudiation, Key Encipherment
+    Signature Algorithm: sha256WithRSAEncryption
+         99:1b:a2:a5:63:03:22:70:62:4a:ff:3d:c7:46:53:25:9d:4c:
+         9c:73:4f:b6:fa:cd:7a:57:cb:96:3b:8f:58:4e:26:b4:30:ea:
+         39:25:ad:8f:f9:ce:8c:87:ef:fc:5a:8e:94:3e:37:ac:35:e2:
+         d1:4f:e2:1c:59:33:4c:19:08:33:53:6b:d3:da:d1:2b:7a:90:
+         2a:15:f6:49:4f:95:4a:34:46:a1:a6:43:15:2d:c5:bc:e8:1b:
+         9a:1c:bd:f3:01:b1:60:16:5d:7e:1b:52:9c:08:d6:b8:2e:68:
+         2c:68:11:65:52:8a:52:fa:86:ee:a7:9f:bc:a7:54:a0:4d:3e:
+         78:4a:f6:fb:a5:ed:83:51:68:93:e5:46:c4:c9:30:ff:76:ee:
+         e3:e6:cd:c6:7f:1f:19:61:01:0d:5e:05:c3:38:fa:c2:dd:c3:
+         ec:0a:18:5e:bf:66:6b:c1:09:9b:38:47:43:69:09:9f:91:ff:
+         4c:2c:71:d9:4a:63:0a:84:68:ef:ac:d3:29:f8:16:dc:d5:3f:
+         38:8b:14:a1:a6:00:c2:b4:5d:53:7f:14:ce:fc:74:f4:cc:c2:
+         ee:9f:b6:9c:22:6c:af:1c:a5:ee:36:f7:ef:f2:02:80:18:69:
+         eb:ec:bc:03:df:b6:e1:3f:6f:a2:26:57:a0:6b:23:2f:05:bd:
+         7a:36:db:41:7f:2e:30:b4:06:a6:47:9d:a7:8a:f3:3b:6e:b8:
+         b1:86:14:a0:38:2c:64:14:cb:df:4e:b3:47:f4:a0:e1:50:02:
+         cc:20:db:01:31:77:35:35:e9:ad:2b:f5:4f:f9:40:35:fb:1a:
+         ad:33:fd:37:7d:e9:52:65:11:df:d6:6a:9e:dd:ed:54:c1:25:
+         71:33:08:5b:62:18:67:c8:4e:d6:82:64:f7:d7:3b:b8:9d:5d:
+         55:36:fc:6f:da:97:56:48:91:28:e8:fa:38:5f:a3:c6:60:b5:
+         35:f0:a9:bf:15:40:d0:fb:3a:42:df:e8:25:82:ff:19:93:a8:
+         57:dc:f2:2c:5f:de:1a:13:c6:c9:e3:5d:a8:f7:d9:6e:66:0d:
+         3e:fc:ea:59:25:89:2c:ff:91:0e:3e:08:83:25:2f:f2:de:3e:
+         ec:be:27:64:3c:84:20:20:47:1b:2a:e6:1f:33:6c:15:af:86:
+         79:86:a5:0a:12:d3:89:0b:82:b4:98:cc:02:7b:ef:b6:4f:5a:
+         ef:96:7a:d9:51:dc:b7:41:b4:a3:23:6a:ed:32:22:76:88:b6:
+         ec:e5:be:cb:a6:98:b3:35:d5:74:7e:5f:1c:97:a3:ac:f6:75:
+         e0:98:64:57:4c:22:ea:c4:93:37:cb:74:28:c6:a0:fe:eb:ec:
+         48:00:cc:06:97:de:82:7c
+-----BEGIN CERTIFICATE-----
+MIIEnjCCAoagAwIBAgIBAzANBgkqhkiG9w0BAQsFADBhMQswCQYDVQQGEwJVUzEL
+MAkGA1UECAwCTUQxEjAQBgNVBAcMCUJhbHRpbW9yZTEQMA4GA1UEAwwHVGVzdCBD
+QTEfMB0GCSqGSIb3DQEJARYQdGVzdEBleGFtcGxlLmNvbTAeFw0xNDExMjkwMDM4
+MjNaFw0xNzA4MjUwMDM4MjNaMGgxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdBcml6
+b25hMQswCQYDVQQHDAJOQTESMBAGA1UECgwJTWFudGljb3JlMRIwEAYDVQQLDAlN
+YW50aWNvcmUxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBALgjUn0BW7K0K7IGWYNAP9mEnKAeEuEY3ZkE93aYGzQ5+c07
+Z6u33OjmNRpG8cAqFOzr+CaYx3ZTf1FOc3hyoe0RVvIOn/3vNji/vmsv2IguTyXX
+yolVJt2xsR1n1/K6P0ycs1j4nXTQVVKN80hH6YK6dU+Mj4xva2ihI5kqi91xNlVl
+wtXCeeRew9sMU5ltandXS/S+rJjEBAGwsTKkS23V/MqsvSB69MKxEVjGxRuN1omZ
+vgTreEoCv4+SuNdPqvqBHihaMV6OgiY6ERnGbUfpwvAFYr88znlvuR1X2k1R61dM
+3Pm5OMrHTnXauwEL0Zkr2sz/ABMjWj4qxdLG4OcCAwEAAaNaMFgwHQYDVR0OBBYE
+FACtJOn29YLWRC7boxZ15LlWXodVMB8GA1UdIwQYMBaAFMi3RCYe+hJ/Xt7B0KiR
+Ns5DpYpBMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgXgMA0GCSqGSIb3DQEBCwUAA4IC
+AQCZG6KlYwMicGJK/z3HRlMlnUycc0+2+s16V8uWO49YTia0MOo5Ja2P+c6Mh+/8
+Wo6UPjesNeLRT+IcWTNMGQgzU2vT2tErepAqFfZJT5VKNEahpkMVLcW86BuaHL3z
+AbFgFl1+G1KcCNa4LmgsaBFlUopS+obup5+8p1SgTT54Svb7pe2DUWiT5UbEyTD/
+du7j5s3Gfx8ZYQENXgXDOPrC3cPsChhev2ZrwQmbOEdDaQmfkf9MLHHZSmMKhGjv
+rNMp+Bbc1T84ixShpgDCtF1TfxTO/HT0zMLun7acImyvHKXuNvfv8gKAGGnr7LwD
+37bhP2+iJlegayMvBb16NttBfy4wtAamR52nivM7brixhhSgOCxkFMvfTrNH9KDh
+UALMINsBMXc1NemtK/VP+UA1+xqtM/03felSZRHf1mqe3e1UwSVxMwhbYhhnyE7W
+gmT31zu4nV1VNvxv2pdWSJEo6Po4X6PGYLU18Km/FUDQ+zpC3+glgv8Zk6hX3PIs
+X94aE8bJ412o99luZg0+/OpZJYks/5EOPgiDJS/y3j7svidkPIQgIEcbKuYfM2wV
+r4Z5hqUKEtOJC4K0mMwCe++2T1rvlnrZUdy3QbSjI2rtMiJ2iLbs5b7LppizNdV0
+fl8cl6Os9nXgmGRXTCLqxJM3y3QoxqD+6+xIAMwGl96CfA==
+-----END CERTIFICATE-----

data/spec/ssl/readme.md

@@ -0,0 +1,14 @@
+test_truststore is a trust store which has trusted the cacert.pem certificate
+
+localhost.pem is a server certificate signed by our test CA
+
+We can test custom trust stores by:
+
+1. Starting a server which uses localhost.pem/localhost.key to serve SSL
+2. Trusting ca_cert.pem (via the test_truststore)
+
+And then verifying that SSL operations complete successfully.
+
+The test_truststore password is `test123`
+
+You should never use these certificates or keys for anything other than testing Manticore's SSL behavior.

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: manticore
 version: !ruby/object:Gem::Version
-  version: 0.3.1
+  version: 0.3.2
 platform: java
 authors:
 - Chris Heald
@@ -30,7 +30,7 @@ cert_chain:
   E7PWS50D9moUJ6xWcemf0qKYC87qBFh0ng73awjG9uf+13lMslqJRMtek8C92cvh
   +R9zgQlbeNjy9O1i
   -----END CERTIFICATE-----
-date: 2014-08-08 00:00:00.000000000 Z
+date: 2014-12-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: addressable
@@ -114,6 +114,13 @@ files:
 - spec/manticore/response_spec.rb
 - spec/manticore/stubbed_response_spec.rb
 - spec/spec_helper.rb
+- spec/ssl/ca_cert.pem
+- spec/ssl/ca_key.pem
+- spec/ssl/client.p12
+- spec/ssl/localhost.key
+- spec/ssl/localhost.pem
+- spec/ssl/readme.md
+- spec/ssl/test_truststore
 homepage: https://github.com/cheald/manticore
 licenses:
 - MIT
@@ -134,7 +141,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 2.2.2
+rubygems_version: 2.1.9
 signing_key:
 specification_version: 4
 summary: Manticore is an HTTP client built on the Apache HttpCore components
@@ -146,3 +153,10 @@ test_files:
 - spec/manticore/response_spec.rb
 - spec/manticore/stubbed_response_spec.rb
 - spec/spec_helper.rb
+- spec/ssl/ca_cert.pem
+- spec/ssl/ca_key.pem
+- spec/ssl/client.p12
+- spec/ssl/localhost.key
+- spec/ssl/localhost.pem
+- spec/ssl/readme.md
+- spec/ssl/test_truststore