mongo 2.21.2 → 2.21.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. checksums.yaml +4 -4
  2. data/lib/mongo/socket/ssl.rb +13 -4
  3. data/lib/mongo/version.rb +1 -1
  4. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 581c10bfc119dd624b9c29d9471e7697ed7ece568cc7023c2a4894b9e430e58e
4
- data.tar.gz: 634e8d69003d43838f47999e13d5677492cfd7ea396cec02907c17c734709024
3
+ metadata.gz: aa269cb6bbc5d94255ef1dfb56b4c963304437f9ddcc064b43545485a9892ffa
4
+ data.tar.gz: e0fe8f3cadadc8ef70a28d82ea512bd779d9380738bdb814d7d8c8f59618b65d
5
5
  SHA512:
6
- metadata.gz: a58d9b653904b7c399be80f414551b00228b97078811e31c3d623ea924596510a39702c22e4830d166984326b8494d723f7e35cf6dfabbc8f06a0d30ff780c99
7
- data.tar.gz: 11d1adcea0991ec8adca191c4015dc6914622e6bf5753046a8b0ad24cdf5de138329a702b522ba54d474dd03b18a983722827b112825b5602101e550cdd3754c
6
+ metadata.gz: 6819366f273f957c46eb5a9dae0a4de7cfe12f1bfea1fe60c412631650d0337d19e8f543d5608b04e8a2c7c57cb84ce3c5598ccaca0eec0984a8dddc9876c5d8
7
+ data.tar.gz: 2aebef8f8d12d6770b5e07cd516909d29762d76352518b7dfa79433d3eaf56fd9871086c8531e4dad21c70829bf268c7f834c2cf9f3bbbbf01fe787a803f2dc3
data/lib/mongo/socket/ssl.rb CHANGED
@@ -23,6 +23,7 @@ module Mongo
23
23
  # @since 2.0.0
24
24
  class SSL < Socket
25
25
  include OpenSSL
26
+ include Loggable
26
27
 
27
28
  # Initializes a new TLS socket.
28
29
  #
@@ -455,12 +456,15 @@ module Mongo
455
456
  end
456
457
 
457
458
  def verify_ocsp_endpoint!(socket, timeout = nil)
458
- unless verify_ocsp_endpoint?
459
- return
460
- end
459
+ return unless verify_ocsp_endpoint?
461
460
 
462
461
  cert = socket.peer_cert
463
- ca_cert = socket.peer_cert_chain.last
462
+ ca_cert = find_issuer(cert, socket.peer_cert_chain)
463
+
464
+ unless ca_cert
465
+ log_warn("TLS certificate of '#{host_name}' could not be definitively verified via OCSP: issuer certificate not found in the chain.")
466
+ return
467
+ end
464
468
 
465
469
  verifier = OcspVerifier.new(@host_name, cert, ca_cert, context.cert_store,
466
470
  **Utils.shallow_symbolize_keys(options).merge(timeout: timeout))
@@ -503,6 +507,11 @@ module Mongo
503
507
  end
504
508
  end
505
509
  end
510
+
511
+ # Find the issuer certificate in the chain.
512
+ def find_issuer(cert, cert_chain)
513
+ cert_chain.find { |c| c.subject == cert.issuer }
514
+ end
506
515
  end
507
516
  end
508
517
  end
data/lib/mongo/version.rb CHANGED
@@ -5,5 +5,5 @@ module Mongo
5
5
  #
6
6
  # Note that this file is automatically updated via `rake candidate:create`.
7
7
  # Manual changes to this file will be overwritten by that rake task.
8
- VERSION = '2.21.2'
8
+ VERSION = '2.21.3'
9
9
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: mongo
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.21.2
4
+ version: 2.21.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - The MongoDB Ruby Team
@@ -553,7 +553,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
553
553
  - !ruby/object:Gem::Version
554
554
  version: '0'
555
555
  requirements: []
556
- rubygems_version: 3.6.9
556
+ rubygems_version: 3.7.1
557
557
  specification_version: 4
558
558
  summary: Ruby driver for MongoDB
559
559
  test_files: []