nats-pure 0.2.4 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. checksums.yaml +5 -5
  2. data/lib/nats/io/client.rb +39 -4
  3. data/lib/nats/io/version.rb +1 -1
  4. metadata +3 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
- SHA1:
3
- metadata.gz: 44273223e517bfe16e454408baba484fb3a80d8c
4
- data.tar.gz: 2cfa6aaae35c049279ae72d637c58aeabdd7e035
2
+ SHA256:
3
+ metadata.gz: 6511a5fc9c87e5a783322e9fe0b02f66a2b36d47c1ea806208877ec2c63c6a23
4
+ data.tar.gz: bfdc75088d4a39cf5e020248664d72e3ae2cdc774a26a69fcc15ddf67727e531
5
5
  SHA512:
6
- metadata.gz: f816d3cef57c6527ceae6e7dea24ec1ffd99f097ba97a8292ae1db20e3718d417f12661471830806038d0a2018deb9844c5dc57513c0c2482c1501795edfc605
7
- data.tar.gz: 9304d8711e83748d065f9ab1eddca0528b97f11d84aaec870726d6907c51343898da7656983d402e0c6ec723b41e5246bb504896332008ba0a304bc153bd27e9
6
+ metadata.gz: 300ab49335e50800e0dc0c5971dd5b96682a7e0a5be9c9f09edf10f0a1c97a3c3f10749d1b87276cd4a709d724c8e3c627ef239a5fc49ff3cfff9f2e32ac71f7
7
+ data.tar.gz: 49a3618d2dc8ab3fd7844d4e7d98035c9fbfdb68e0f336e94437edeec0572197437cc02d14f136b006b52a641a8f588cd4abaec688f1b6252efb8e361391b9a5
data/lib/nats/io/client.rb CHANGED
@@ -148,6 +148,10 @@ module NATS
148
148
 
149
149
  # Secure TLS options
150
150
  @tls = nil
151
+
152
+ # Hostname of current server; used for when TLS host
153
+ # verification is enabled.
154
+ @hostname = nil
151
155
  end
152
156
 
153
157
  # Establishes connection to NATS
@@ -175,7 +179,16 @@ module NATS
175
179
  uris = opts[:servers] || [DEFAULT_URI]
176
180
  uris.shuffle! unless @options[:dont_randomize_servers]
177
181
  uris.each do |u|
178
- @server_pool << { :uri => u.is_a?(URI) ? u.dup : URI.parse(u) }
182
+ nats_uri = case u
183
+ when URI
184
+ u.dup
185
+ else
186
+ URI.parse(u)
187
+ end
188
+ @server_pool << {
189
+ :uri => nats_uri,
190
+ :hostname => nats_uri.host
191
+ }
179
192
  end
180
193
 
181
194
  # Check for TLS usage
@@ -196,6 +209,9 @@ module NATS
196
209
  # Connection established and now in process of sending CONNECT to NATS
197
210
  @status = CONNECTING
198
211
 
212
+ # Use the hostname from the server for TLS hostname verification.
213
+ @hostname = srv[:hostname]
214
+
199
215
  # Established TCP connection successfully so can start connect
200
216
  process_connect_init
201
217
 
@@ -507,7 +523,8 @@ module NATS
507
523
  u.password ||= @uri.password if @uri.password
508
524
  end
509
525
 
510
- srv = { :uri => u, :reconnect_attempts => 0, :discovered => true }
526
+ # NOTE: Auto discovery won't work here when TLS host verification is enabled.
527
+ srv = { :uri => u, :reconnect_attempts => 0, :discovered => true, :hostname => u.host }
511
528
  srvs << srv
512
529
  end
513
530
  end
@@ -798,11 +815,26 @@ module NATS
798
815
  else
799
816
  # Defaults
800
817
  tls_context = OpenSSL::SSL::SSLContext.new
801
- tls_context.ssl_version = :TLSv1_2
818
+
819
+ # Use the default verification options from Ruby:
820
+ # https://github.com/ruby/ruby/blob/96db72ce38b27799dd8e80ca00696e41234db6ba/ext/openssl/lib/openssl/ssl.rb#L19-L29
821
+ #
822
+ # Insecure TLS versions not supported already:
823
+ # https://github.com/ruby/openssl/commit/3e5a009966bd7f806f7180d82cf830a04be28986
824
+ #
825
+ tls_context.set_params
802
826
  end
803
827
 
804
828
  # Setup TLS connection by rewrapping the socket
805
829
  tls_socket = OpenSSL::SSL::SSLSocket.new(@io.socket, tls_context)
830
+
831
+ # Close TCP socket after closing TLS socket as well.
832
+ tls_socket.sync_close = true
833
+
834
+ # Required to enable hostname verification if Ruby runtime supports it (>= 2.4):
835
+ # https://github.com/ruby/openssl/commit/028e495734e9e6aa5dba1a2e130b08f66cf31a21
836
+ tls_socket.hostname = @hostname
837
+
806
838
  tls_socket.connect
807
839
  @io.socket = tls_socket
808
840
  when (server_using_secure_connection? and !client_using_secure_connection?)
@@ -857,6 +889,9 @@ module NATS
857
889
  @io.connect
858
890
  @stats[:reconnects] += 1
859
891
 
892
+ # Set hostname to use for TLS hostname verification
893
+ @hostname = srv[:hostname]
894
+
860
895
  # Established TCP connection successfully so can start connect
861
896
  process_connect_init
862
897
 
@@ -873,7 +908,7 @@ module NATS
873
908
  # to see whether need to take it out from rotation
874
909
  srv[:auth_required] ||= true if @server_info[:auth_required]
875
910
  server_pool << srv if can_reuse_server?(srv)
876
-
911
+
877
912
  @last_err = e
878
913
 
879
914
  # Trigger async error handler
data/lib/nats/io/version.rb CHANGED
@@ -1,7 +1,7 @@
1
1
  module NATS
2
2
  module IO
3
3
  # NOTE: These are all announced to the server on CONNECT
4
- VERSION = "0.2.4"
4
+ VERSION = "0.3.0"
5
5
  LANG = "#{RUBY_ENGINE}2".freeze
6
6
  PROTOCOL = 1
7
7
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: nats-pure
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.4
4
+ version: 0.3.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Waldemar Quevedo
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2017-03-30 00:00:00.000000000 Z
11
+ date: 2018-02-24 00:00:00.000000000 Z
12
12
  dependencies: []
13
13
  description: NATS is an open-source, high-performance, lightweight cloud messaging
14
14
  system.
@@ -41,7 +41,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
41
41
  version: '0'
42
42
  requirements: []
43
43
  rubyforge_project:
44
- rubygems_version: 2.5.2
44
+ rubygems_version: 2.7.3
45
45
  signing_key:
46
46
  specification_version: 4
47
47
  summary: NATS is an open-source, high-performance, lightweight cloud messaging system.