pcp-client 0.5.2 → 0.5.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/pcp-client/version.rb +1 -1
- data/lib/pcp/client.rb +1 -51
- metadata +6 -6
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: c8712776d17a4fffc25f012a1471bb56de3af9db2edbfe9c770cae53fc6de82c
|
|
4
|
+
data.tar.gz: 7e53fc42f88e35bf7d2d2051188d9672d39ac82ed568d3fab0ddacc666666a00
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: ccc042e29255ca1d5c3d4951d35126bbb7383c87c966c62c23beaee21e15fcc507784a900c09b7cf6b77e4833f2116f636eca468e263379dd5c73dca5c71a92c
|
|
7
|
+
data.tar.gz: cfa9f803edb4339b4ab5d9fbc77c64c2c13fe669920391f5f63b0876dcf073d0f8105a7be4079a72a683e7f79c96e63da8ab9f7e0a8ab9188bd4a22e72da3892
|
data/lib/pcp-client/version.rb
CHANGED
data/lib/pcp/client.rb
CHANGED
|
@@ -4,52 +4,6 @@ require 'pcp/message'
|
|
|
4
4
|
require 'logger'
|
|
5
5
|
require 'openssl'
|
|
6
6
|
|
|
7
|
-
# So EventMachine when you specify :verify_peer => true in the TLS
|
|
8
|
-
# options decides what that means is it should just fire off a
|
|
9
|
-
# #ssl_verify_peer(cert) on the Connection object; which is expected
|
|
10
|
-
# to be user-supplied. In this case the user is
|
|
11
|
-
# Faye::Websocket::Client::Connection, so we monkey-patch it to have a
|
|
12
|
-
# #ssl_verify_peer method.
|
|
13
|
-
|
|
14
|
-
module Faye
|
|
15
|
-
class WebSocket
|
|
16
|
-
class Client
|
|
17
|
-
module Connection
|
|
18
|
-
def ssl_verify_peer(cert)
|
|
19
|
-
# The :@socket_tls instance variable of
|
|
20
|
-
# Faye::Websocket::Client is passed to tls_start, so we can
|
|
21
|
-
# get parameters from there.
|
|
22
|
-
start_tls_options = parent.instance_variable_get(:@socket_tls)
|
|
23
|
-
logger = start_tls_options[:xxx_logger]
|
|
24
|
-
logger.debug { [:ssl_verify_peer] }
|
|
25
|
-
|
|
26
|
-
peer_cert = OpenSSL::X509::Certificate.new cert
|
|
27
|
-
|
|
28
|
-
hostname = start_tls_options[:xxx_hostname]
|
|
29
|
-
if !OpenSSL::SSL.verify_certificate_identity(peer_cert, hostname)
|
|
30
|
-
logger.error { [:ssl_verify_peer, :fail,
|
|
31
|
-
"Certificate presented does not match '#{hostname}'"] }
|
|
32
|
-
return false
|
|
33
|
-
end
|
|
34
|
-
|
|
35
|
-
ssl_ca_cert = start_tls_options[:xxx_ssl_ca_cert]
|
|
36
|
-
cert_store = OpenSSL::X509::Store.new
|
|
37
|
-
cert_store.add_file ssl_ca_cert
|
|
38
|
-
|
|
39
|
-
if !cert_store.verify(peer_cert)
|
|
40
|
-
logger.error { [:ssl_verify_peer, :ca_verify_failed,
|
|
41
|
-
"Peer certificate not verified by ca"] }
|
|
42
|
-
return false
|
|
43
|
-
end
|
|
44
|
-
|
|
45
|
-
logger.debug { [:ssl_verify_peer, :success] }
|
|
46
|
-
return true
|
|
47
|
-
end
|
|
48
|
-
end
|
|
49
|
-
end
|
|
50
|
-
end
|
|
51
|
-
end
|
|
52
|
-
|
|
53
7
|
module PCP
|
|
54
8
|
# Manages a client connection to a pcp broker
|
|
55
9
|
class Client
|
|
@@ -107,13 +61,9 @@ module PCP
|
|
|
107
61
|
:ssl_version => ["TLSv1", "TLSv1_1", "TLSv1_2"],
|
|
108
62
|
:private_key_file => @ssl_key,
|
|
109
63
|
:cert_chain_file => @ssl_cert,
|
|
64
|
+
:root_cert_file => @ssl_ca_cert,
|
|
110
65
|
:verify_peer => true,
|
|
111
66
|
:fail_if_no_peer_cert => true,
|
|
112
|
-
# side-channeled properties we want around during ssl
|
|
113
|
-
# verification are prefixed with xxx_.
|
|
114
|
-
:xxx_logger => @logger,
|
|
115
|
-
:xxx_ssl_ca_cert => @ssl_ca_cert,
|
|
116
|
-
:xxx_hostname => URI.parse(@server).host,
|
|
117
67
|
}
|
|
118
68
|
|
|
119
69
|
@connection = Faye::WebSocket::Client.new(@server, nil, {:tls => start_tls_options,
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: pcp-client
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.5.
|
|
4
|
+
version: 0.5.3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Puppet Labs
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2021-06-17 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: eventmachine
|
|
@@ -28,16 +28,16 @@ dependencies:
|
|
|
28
28
|
name: faye-websocket
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
30
30
|
requirements:
|
|
31
|
-
- -
|
|
31
|
+
- - "~>"
|
|
32
32
|
- !ruby/object:Gem::Version
|
|
33
|
-
version: 0.
|
|
33
|
+
version: 0.11.0
|
|
34
34
|
type: :runtime
|
|
35
35
|
prerelease: false
|
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
|
37
37
|
requirements:
|
|
38
|
-
- -
|
|
38
|
+
- - "~>"
|
|
39
39
|
- !ruby/object:Gem::Version
|
|
40
|
-
version: 0.
|
|
40
|
+
version: 0.11.0
|
|
41
41
|
- !ruby/object:Gem::Dependency
|
|
42
42
|
name: rschema
|
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|