net-http-persistent 2.3.3 → 2.4
Sign up to get free protection for your applications and to get access to all the features.
- data.tar.gz.sig +0 -0
- data/History.txt +12 -3
- data/lib/net/http/persistent.rb +28 -1
- data/lib/net/http/persistent/ssl_reuse.rb +1 -1
- data/test/test_net_http_persistent.rb +29 -0
- metadata +37 -23
- metadata.gz.sig +0 -0
data.tar.gz.sig
CHANGED
|
Binary file
|
data/History.txt
CHANGED
|
@@ -1,10 +1,19 @@
|
|
|
1
|
-
=== 2.
|
|
1
|
+
=== 2.4 / 2012-01-31
|
|
2
|
+
|
|
3
|
+
* Minor Enhancement
|
|
4
|
+
* net-http-persistent now complains if OpenSSL::SSL::VERIFY_PEER is equal to
|
|
5
|
+
OpenSSL::SSL::VERIFY_NONE. If you have a platform that is broken this way
|
|
6
|
+
you must define the constant:
|
|
7
|
+
|
|
8
|
+
I_KNOW_THAT_OPENSSL_VERIFY_PEER_EQUALS_VERIFY_NONE_IS_WRONG = nil
|
|
9
|
+
|
|
10
|
+
at the top level of your application to disable the warning.
|
|
2
11
|
|
|
3
12
|
* Bug fix
|
|
4
13
|
* Fix persisting SSL sessions through HTTP proxies. Mechanize issue #178 by
|
|
5
|
-
Robert Poor.
|
|
14
|
+
Robert Poor, net-http-persistent issues #10, #11.
|
|
6
15
|
|
|
7
|
-
=== 2.3.2
|
|
16
|
+
=== 2.3.2 / 2011-12-21
|
|
8
17
|
|
|
9
18
|
* Bug fix
|
|
10
19
|
* Finish connections that were closed by Net::HTTP so they can be restarted.
|
data/lib/net/http/persistent.rb
CHANGED
|
@@ -149,7 +149,7 @@ class Net::HTTP::Persistent
|
|
|
149
149
|
##
|
|
150
150
|
# The version of Net::HTTP::Persistent you are using
|
|
151
151
|
|
|
152
|
-
VERSION = '2.
|
|
152
|
+
VERSION = '2.4'
|
|
153
153
|
|
|
154
154
|
##
|
|
155
155
|
# Error class for errors raised by Net::HTTP::Persistent. Various
|
|
@@ -715,6 +715,33 @@ class Net::HTTP::Persistent
|
|
|
715
715
|
|
|
716
716
|
connection.verify_mode = @verify_mode
|
|
717
717
|
|
|
718
|
+
if OpenSSL::SSL::VERIFY_PEER == OpenSSL::SSL::VERIFY_NONE and
|
|
719
|
+
not Object.const_defined?(:I_KNOW_THAT_OPENSSL_VERIFY_PEER_EQUALS_VERIFY_NONE_IS_WRONG) then
|
|
720
|
+
warn <<-WARNING
|
|
721
|
+
!!!SECURITY WARNING!!!
|
|
722
|
+
|
|
723
|
+
The SSL HTTP connection to:
|
|
724
|
+
|
|
725
|
+
#{connection.address}:#{connection.port}
|
|
726
|
+
|
|
727
|
+
!!!MAY NOT BE VERIFIED!!!
|
|
728
|
+
|
|
729
|
+
On your platform your OpenSSL implementation is broken.
|
|
730
|
+
|
|
731
|
+
There is no difference between the values of VERIFY_NONE and VERIFY_PEER.
|
|
732
|
+
|
|
733
|
+
This means that attempting to verify the security of SSL connections may not
|
|
734
|
+
work. This exposes you to man-in-the-middle exploits, snooping on the
|
|
735
|
+
contents of your connection and other dangers to the security of your data.
|
|
736
|
+
|
|
737
|
+
To disable this warning define the following constant at top-level in your
|
|
738
|
+
application:
|
|
739
|
+
|
|
740
|
+
I_KNOW_THAT_OPENSSL_VERIFY_PEER_EQUALS_VERIFY_NONE_IS_WRONG = nil
|
|
741
|
+
|
|
742
|
+
WARNING
|
|
743
|
+
end
|
|
744
|
+
|
|
718
745
|
if @ca_file then
|
|
719
746
|
connection.ca_file = @ca_file
|
|
720
747
|
connection.verify_mode = OpenSSL::SSL::VERIFY_PEER
|
|
@@ -112,7 +112,7 @@ class Net::HTTP::Persistent::SSLReuse < Net::HTTP
|
|
|
112
112
|
@socket.writeline "Proxy-Authorization: Basic #{credential}"
|
|
113
113
|
end
|
|
114
114
|
@socket.writeline ''
|
|
115
|
-
HTTPResponse.read_new(@socket).value
|
|
115
|
+
Net::HTTPResponse.read_new(@socket).value
|
|
116
116
|
end
|
|
117
117
|
s.connect
|
|
118
118
|
if @ssl_context.verify_mode != OpenSSL::SSL::VERIFY_NONE
|
|
@@ -965,6 +965,35 @@ class TestNetHttpPersistent < MiniTest::Unit::TestCase
|
|
|
965
965
|
assert_equal OpenSSL::SSL::VERIFY_NONE, c.verify_mode
|
|
966
966
|
end
|
|
967
967
|
|
|
968
|
+
def test_ssl_warning
|
|
969
|
+
orig_verify_peer = OpenSSL::SSL::VERIFY_PEER
|
|
970
|
+
OpenSSL::SSL.send :remove_const, :VERIFY_PEER
|
|
971
|
+
OpenSSL::SSL.send :const_set, :VERIFY_PEER, OpenSSL::SSL::VERIFY_NONE
|
|
972
|
+
|
|
973
|
+
c = Net::HTTP.new 'localhost', 80
|
|
974
|
+
|
|
975
|
+
out, err = capture_io do
|
|
976
|
+
@http.ssl c
|
|
977
|
+
end
|
|
978
|
+
|
|
979
|
+
assert_empty out
|
|
980
|
+
|
|
981
|
+
assert_match %r%localhost:80%, err
|
|
982
|
+
assert_match %r%I_KNOW_THAT_OPENSSL%, err
|
|
983
|
+
|
|
984
|
+
Object.send :const_set, :I_KNOW_THAT_OPENSSL_VERIFY_PEER_EQUALS_VERIFY_NONE_IS_WRONG, nil
|
|
985
|
+
|
|
986
|
+
assert_silent do
|
|
987
|
+
@http.ssl c
|
|
988
|
+
end
|
|
989
|
+
ensure
|
|
990
|
+
OpenSSL::SSL.send :remove_const, :VERIFY_PEER
|
|
991
|
+
OpenSSL::SSL.send :const_set, :VERIFY_PEER, orig_verify_peer
|
|
992
|
+
if Object.const_defined?(:I_KNOW_THAT_OPENSSL_VERIFY_PEER_EQUALS_VERIFY_NONE_IS_WRONG) then
|
|
993
|
+
Object.send :remove_const, :I_KNOW_THAT_OPENSSL_VERIFY_PEER_EQUALS_VERIFY_NONE_IS_WRONG
|
|
994
|
+
end
|
|
995
|
+
end
|
|
996
|
+
|
|
968
997
|
def test_can_retry_change_requests
|
|
969
998
|
get = Net::HTTP::Get.new('/')
|
|
970
999
|
post = Net::HTTP::Post.new('/')
|
metadata
CHANGED
|
@@ -1,13 +1,12 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: net-http-persistent
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
hash:
|
|
4
|
+
hash: 11
|
|
5
5
|
prerelease:
|
|
6
6
|
segments:
|
|
7
7
|
- 2
|
|
8
|
-
-
|
|
9
|
-
|
|
10
|
-
version: 2.3.3
|
|
8
|
+
- 4
|
|
9
|
+
version: "2.4"
|
|
11
10
|
platform: ruby
|
|
12
11
|
authors:
|
|
13
12
|
- Eric Hodel
|
|
@@ -16,9 +15,9 @@ bindir: bin
|
|
|
16
15
|
cert_chain:
|
|
17
16
|
- |
|
|
18
17
|
-----BEGIN CERTIFICATE-----
|
|
19
|
-
|
|
18
|
+
MIIDVzCCAj+gAwIBAgIBATANBgkqhkiG9w0BAQUFADBBMRAwDgYDVQQDDAdkcmJy
|
|
20
19
|
YWluMRgwFgYKCZImiZPyLGQBGRYIc2VnbWVudDcxEzARBgoJkiaJk/IsZAEZFgNu
|
|
21
|
-
|
|
20
|
+
ZXQwHhcNMTIwMTMxMDEwMzUyWhcNMTMwMTMwMDEwMzUyWjBBMRAwDgYDVQQDDAdk
|
|
22
21
|
cmJyYWluMRgwFgYKCZImiZPyLGQBGRYIc2VnbWVudDcxEzARBgoJkiaJk/IsZAEZ
|
|
23
22
|
FgNuZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCbbgLrGLGIDE76
|
|
24
23
|
LV/cvxdEzCuYuS3oG9PrSZnuDweySUfdp/so0cDq+j8bqy6OzZSw07gdjwFMSd6J
|
|
@@ -26,17 +25,17 @@ cert_chain:
|
|
|
26
25
|
Gj/okWrQl0NjYOYBpDi+9PPmaH2RmLJu0dB/NylsDnW5j6yN1BEI8MfJRR+HRKZY
|
|
27
26
|
mUtgzBwF1V4KIZQ8EuL6I/nHVu07i6IkrpAgxpXUfdJQJi0oZAqXurAV3yTxkFwd
|
|
28
27
|
g62YrrW26mDe+pZBzR6bpLE+PmXCzz7UxUq3AE0gPHbiMXie3EFE0oxnsU3lIduh
|
|
29
|
-
|
|
30
|
-
BBS5k4Z75VSpdM0AclG2UvzFA/
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
28
|
+
sCANiQ8BAgMBAAGjWjBYMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgSwMB0GA1UdDgQW
|
|
29
|
+
BBS5k4Z75VSpdM0AclG2UvzFA/VW5DAfBgNVHREEGDAWgRRkcmJyYWluQHNlZ21l
|
|
30
|
+
bnQ3Lm5ldDANBgkqhkiG9w0BAQUFAAOCAQEAge3LmAU2QbrS2/grAEmRu3bCCHrQ
|
|
31
|
+
NSc6j+p53VJ1DraNWEMY3D90F/SKzsI0SYgZb71i49k+pNA2CVXzEJAY7agZbjWJ
|
|
32
|
+
UbgGKN8u9SGbIoQPBPIl97JPIGlR7AoEdmlWyFySaZD4o6+Q0onUXIV+P/KrYTVb
|
|
33
|
+
Zj/NEjHGrvskpDzlYI2LvG71DFp1o0hfIZzdvfWLAMVqtuEjJ6QrUm9FttR06rNo
|
|
34
|
+
itgEKl/tNI4M9oKJT0faQ5PvJ70ualcLnwkBLyJVd2r8qwxfjUAjKF8iMpBSb98s
|
|
35
|
+
YJY7T/W2n+eWy8WuPhzVUkyzguj0bQe27NDeabgCh2mHd4Hynk2AkYh8MQ==
|
|
37
36
|
-----END CERTIFICATE-----
|
|
38
37
|
|
|
39
|
-
date:
|
|
38
|
+
date: 2012-01-31 00:00:00 Z
|
|
40
39
|
dependencies:
|
|
41
40
|
- !ruby/object:Gem::Dependency
|
|
42
41
|
name: minitest
|
|
@@ -46,28 +45,43 @@ dependencies:
|
|
|
46
45
|
requirements:
|
|
47
46
|
- - ~>
|
|
48
47
|
- !ruby/object:Gem::Version
|
|
49
|
-
hash:
|
|
48
|
+
hash: 23
|
|
50
49
|
segments:
|
|
51
50
|
- 2
|
|
52
|
-
-
|
|
53
|
-
version: "2.
|
|
51
|
+
- 10
|
|
52
|
+
version: "2.10"
|
|
54
53
|
type: :development
|
|
55
54
|
version_requirements: *id001
|
|
56
55
|
- !ruby/object:Gem::Dependency
|
|
57
|
-
name:
|
|
56
|
+
name: rdoc
|
|
58
57
|
prerelease: false
|
|
59
58
|
requirement: &id002 !ruby/object:Gem::Requirement
|
|
60
59
|
none: false
|
|
61
60
|
requirements:
|
|
62
61
|
- - ~>
|
|
63
62
|
- !ruby/object:Gem::Version
|
|
64
|
-
hash:
|
|
63
|
+
hash: 19
|
|
65
64
|
segments:
|
|
66
|
-
-
|
|
67
|
-
-
|
|
68
|
-
version: "
|
|
65
|
+
- 3
|
|
66
|
+
- 10
|
|
67
|
+
version: "3.10"
|
|
69
68
|
type: :development
|
|
70
69
|
version_requirements: *id002
|
|
70
|
+
- !ruby/object:Gem::Dependency
|
|
71
|
+
name: hoe
|
|
72
|
+
prerelease: false
|
|
73
|
+
requirement: &id003 !ruby/object:Gem::Requirement
|
|
74
|
+
none: false
|
|
75
|
+
requirements:
|
|
76
|
+
- - ~>
|
|
77
|
+
- !ruby/object:Gem::Version
|
|
78
|
+
hash: 25
|
|
79
|
+
segments:
|
|
80
|
+
- 2
|
|
81
|
+
- 13
|
|
82
|
+
version: "2.13"
|
|
83
|
+
type: :development
|
|
84
|
+
version_requirements: *id003
|
|
71
85
|
description: |-
|
|
72
86
|
Manages persistent connections using Net::HTTP plus a speed fix for Ruby 1.8.
|
|
73
87
|
It's thread-safe too!
|
metadata.gz.sig
CHANGED
|
Binary file
|