pcp-client 0.5.2 → 0.5.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/pcp-client/version.rb +1 -1
- data/lib/pcp/client.rb +1 -51
- metadata +6 -6
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: c8712776d17a4fffc25f012a1471bb56de3af9db2edbfe9c770cae53fc6de82c
|
4
|
+
data.tar.gz: 7e53fc42f88e35bf7d2d2051188d9672d39ac82ed568d3fab0ddacc666666a00
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: ccc042e29255ca1d5c3d4951d35126bbb7383c87c966c62c23beaee21e15fcc507784a900c09b7cf6b77e4833f2116f636eca468e263379dd5c73dca5c71a92c
|
7
|
+
data.tar.gz: cfa9f803edb4339b4ab5d9fbc77c64c2c13fe669920391f5f63b0876dcf073d0f8105a7be4079a72a683e7f79c96e63da8ab9f7e0a8ab9188bd4a22e72da3892
|
data/lib/pcp-client/version.rb
CHANGED
data/lib/pcp/client.rb
CHANGED
@@ -4,52 +4,6 @@ require 'pcp/message'
|
|
4
4
|
require 'logger'
|
5
5
|
require 'openssl'
|
6
6
|
|
7
|
-
# So EventMachine when you specify :verify_peer => true in the TLS
|
8
|
-
# options decides what that means is it should just fire off a
|
9
|
-
# #ssl_verify_peer(cert) on the Connection object; which is expected
|
10
|
-
# to be user-supplied. In this case the user is
|
11
|
-
# Faye::Websocket::Client::Connection, so we monkey-patch it to have a
|
12
|
-
# #ssl_verify_peer method.
|
13
|
-
|
14
|
-
module Faye
|
15
|
-
class WebSocket
|
16
|
-
class Client
|
17
|
-
module Connection
|
18
|
-
def ssl_verify_peer(cert)
|
19
|
-
# The :@socket_tls instance variable of
|
20
|
-
# Faye::Websocket::Client is passed to tls_start, so we can
|
21
|
-
# get parameters from there.
|
22
|
-
start_tls_options = parent.instance_variable_get(:@socket_tls)
|
23
|
-
logger = start_tls_options[:xxx_logger]
|
24
|
-
logger.debug { [:ssl_verify_peer] }
|
25
|
-
|
26
|
-
peer_cert = OpenSSL::X509::Certificate.new cert
|
27
|
-
|
28
|
-
hostname = start_tls_options[:xxx_hostname]
|
29
|
-
if !OpenSSL::SSL.verify_certificate_identity(peer_cert, hostname)
|
30
|
-
logger.error { [:ssl_verify_peer, :fail,
|
31
|
-
"Certificate presented does not match '#{hostname}'"] }
|
32
|
-
return false
|
33
|
-
end
|
34
|
-
|
35
|
-
ssl_ca_cert = start_tls_options[:xxx_ssl_ca_cert]
|
36
|
-
cert_store = OpenSSL::X509::Store.new
|
37
|
-
cert_store.add_file ssl_ca_cert
|
38
|
-
|
39
|
-
if !cert_store.verify(peer_cert)
|
40
|
-
logger.error { [:ssl_verify_peer, :ca_verify_failed,
|
41
|
-
"Peer certificate not verified by ca"] }
|
42
|
-
return false
|
43
|
-
end
|
44
|
-
|
45
|
-
logger.debug { [:ssl_verify_peer, :success] }
|
46
|
-
return true
|
47
|
-
end
|
48
|
-
end
|
49
|
-
end
|
50
|
-
end
|
51
|
-
end
|
52
|
-
|
53
7
|
module PCP
|
54
8
|
# Manages a client connection to a pcp broker
|
55
9
|
class Client
|
@@ -107,13 +61,9 @@ module PCP
|
|
107
61
|
:ssl_version => ["TLSv1", "TLSv1_1", "TLSv1_2"],
|
108
62
|
:private_key_file => @ssl_key,
|
109
63
|
:cert_chain_file => @ssl_cert,
|
64
|
+
:root_cert_file => @ssl_ca_cert,
|
110
65
|
:verify_peer => true,
|
111
66
|
:fail_if_no_peer_cert => true,
|
112
|
-
# side-channeled properties we want around during ssl
|
113
|
-
# verification are prefixed with xxx_.
|
114
|
-
:xxx_logger => @logger,
|
115
|
-
:xxx_ssl_ca_cert => @ssl_ca_cert,
|
116
|
-
:xxx_hostname => URI.parse(@server).host,
|
117
67
|
}
|
118
68
|
|
119
69
|
@connection = Faye::WebSocket::Client.new(@server, nil, {:tls => start_tls_options,
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: pcp-client
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.5.
|
4
|
+
version: 0.5.3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Puppet Labs
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2021-06-17 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: eventmachine
|
@@ -28,16 +28,16 @@ dependencies:
|
|
28
28
|
name: faye-websocket
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
30
30
|
requirements:
|
31
|
-
- -
|
31
|
+
- - "~>"
|
32
32
|
- !ruby/object:Gem::Version
|
33
|
-
version: 0.
|
33
|
+
version: 0.11.0
|
34
34
|
type: :runtime
|
35
35
|
prerelease: false
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
37
37
|
requirements:
|
38
|
-
- -
|
38
|
+
- - "~>"
|
39
39
|
- !ruby/object:Gem::Version
|
40
|
-
version: 0.
|
40
|
+
version: 0.11.0
|
41
41
|
- !ruby/object:Gem::Dependency
|
42
42
|
name: rschema
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|