rest-client 1.6.14 → 1.7.0.rc1

data/lib/restclient/response.rb

@@ -8,8 +8,6 @@ module RestClient
 
     attr_accessor :args, :net_http_res
 
-    attr_writer :body
-
     def body
       self
     end

data/lib/restclient/version.rb

@@ -1,5 +1,5 @@
 module RestClient
-  VERSION = '1.6.14' unless defined?(self::VERSION)
+  VERSION = '1.7.0.rc1' unless defined?(self::VERSION)
 
   def self.version
     VERSION

data/lib/restclient/windows.rb

@@ -0,0 +1,8 @@
+module RestClient
+  module Windows
+  end
+end
+
+if RestClient::Platform.windows?
+  require_relative './windows/root_certs'
+end

data/lib/restclient/windows/root_certs.rb

@@ -0,0 +1,105 @@
+require 'openssl'
+require 'ffi'
+
+# Adapted from Puppet, Copyright (c) Puppet Labs Inc,
+# licensed under the Apache License, Version 2.0.
+#
+# https://github.com/puppetlabs/puppet/blob/bbe30e0a/lib/puppet/util/windows/root_certs.rb
+
+# Represents a collection of trusted root certificates.
+#
+# @api public
+class RestClient::Windows::RootCerts
+  include Enumerable
+  extend FFI::Library
+
+  typedef :ulong, :dword
+  typedef :uintptr_t, :handle
+
+  def initialize(roots)
+    @roots = roots
+  end
+
+  # Enumerates each root certificate.
+  # @yieldparam cert [OpenSSL::X509::Certificate] each root certificate
+  # @api public
+  def each
+    @roots.each {|cert| yield cert}
+  end
+
+  # Returns a new instance.
+  # @return [RestClient::Windows::RootCerts] object constructed from current root certificates
+  def self.instance
+    new(self.load_certs)
+  end
+
+  # Returns an array of root certificates.
+  #
+  # @return [Array<[OpenSSL::X509::Certificate]>] an array of root certificates
+  # @api private
+  def self.load_certs
+    certs = []
+
+    # This is based on a patch submitted to openssl:
+    # http://www.mail-archive.com/openssl-dev@openssl.org/msg26958.html
+    ptr = FFI::Pointer::NULL
+    store = CertOpenSystemStoreA(nil, "ROOT")
+    begin
+      while (ptr = CertEnumCertificatesInStore(store, ptr)) and not ptr.null?
+        context = CERT_CONTEXT.new(ptr)
+        cert_buf = context[:pbCertEncoded].read_bytes(context[:cbCertEncoded])
+        begin
+          certs << OpenSSL::X509::Certificate.new(cert_buf)
+        rescue => detail
+          warn("Failed to import root certificate: #{detail.inspect}")
+        end
+      end
+    ensure
+      CertCloseStore(store, 0)
+    end
+
+    certs
+  end
+
+  private
+
+  # typedef ULONG_PTR HCRYPTPROV_LEGACY;
+  # typedef void *HCERTSTORE;
+
+  class CERT_CONTEXT < FFI::Struct
+    layout(
+      :dwCertEncodingType, :dword,
+      :pbCertEncoded,      :pointer,
+      :cbCertEncoded,      :dword,
+      :pCertInfo,          :pointer,
+      :hCertStore,         :handle
+    )
+  end
+
+  # HCERTSTORE
+  # WINAPI
+  # CertOpenSystemStoreA(
+  #   __in_opt HCRYPTPROV_LEGACY hProv,
+  #   __in LPCSTR szSubsystemProtocol
+  #   );
+  ffi_lib :crypt32
+  attach_function :CertOpenSystemStoreA, [:pointer, :string], :handle
+
+  # PCCERT_CONTEXT
+  # WINAPI
+  # CertEnumCertificatesInStore(
+  #   __in HCERTSTORE hCertStore,
+  #   __in_opt PCCERT_CONTEXT pPrevCertContext
+  #   );
+  ffi_lib :crypt32
+  attach_function :CertEnumCertificatesInStore, [:handle, :pointer], :pointer
+
+  # BOOL
+  # WINAPI
+  # CertCloseStore(
+  #   __in_opt HCERTSTORE hCertStore,
+  #   __in DWORD dwFlags
+  #   );
+  ffi_lib :crypt32
+  attach_function :CertCloseStore, [:handle, :dword], :bool
+end

data/rest-client.gemspec

@@ -1,6 +1,6 @@
 # -*- encoding: utf-8 -*-
 
-require File.expand_path("../lib/restclient/version", __FILE__)
+require File.expand_path('../lib/restclient/version', __FILE__)
 
 Gem::Specification.new do |s|
   s.name = 'rest-client'
@@ -10,17 +10,21 @@ Gem::Specification.new do |s|
   s.license = 'MIT'
   s.email = 'rest.client@librelist.com'
   s.executables = ['restclient']
-  s.extra_rdoc_files = ["README.rdoc", "history.md"]
-  s.files = `git ls-files`.split("\n")
-  s.test_files = `git ls-files -- spec/*`.split("\n")
+  s.extra_rdoc_files = ['README.rdoc', 'history.md']
+  s.files = `git ls-files -z`.split("\0")
+  s.test_files = `git ls-files -z spec/`.split("\0")
   s.homepage = 'https://github.com/rest-client/rest-client'
   s.summary = 'Simple HTTP and REST client for Ruby, inspired by microframework syntax for specifying actions.'
 
-  s.add_dependency(%q<mime-types>, ["~> 1.16"])
-  s.add_development_dependency(%q<rdoc>, [">= 2.4.2"])
-  s.add_development_dependency(%q<rake>, ["~> 10.0"])
-  s.add_development_dependency(%q<webmock>, ["~> 1.4"])
-  s.add_development_dependency(%q<rspec>, ["~> 2.4"])
-  s.add_development_dependency(%q<pry>)
+  s.add_development_dependency('webmock', '~> 1.4')
+  s.add_development_dependency('rspec', '~> 2.4')
+  s.add_development_dependency('pry')
+  s.add_development_dependency('pry-doc')
+  s.add_development_dependency('rdoc', '>= 2.4.2', '< 5.0')
+
+  s.add_dependency('mime-types', '~> 2.0')
+  s.add_dependency('netrc', '~> 0.7')
+
+  s.required_ruby_version = '>= 1.9.2'
 end
 

data/rest-client.windows.gemspec

@@ -0,0 +1,19 @@
+#
+# Gemspec for Windows platforms. We can't put these in the main gemspec because
+# it results in bundler platform hell when trying to build the gem.
+#
+# Set $BUILD_PLATFORM when calling gem build with this gemspec to build for
+# Windows platforms like x86-mingw32.
+#
+s = eval(File.read(File.join(File.dirname(__FILE__), 'rest-client.gemspec')))
+
+platform = ENV['BUILD_PLATFORM'] || RUBY_PLATFORM
+
+case platform
+when /(mingw32|mswin32)/
+  # ffi is needed for RestClient::Windows::RootCerts
+  s.add_dependency('ffi', '~> 1.9')
+  s.platform = platform
+end
+
+s

data/spec/integration/capath_verisign/415660c1.0

@@ -0,0 +1,14 @@
+-----BEGIN CERTIFICATE-----
+MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG
+A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz
+cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2
+MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV
+BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt
+YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN
+ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE
+BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is
+I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G
+CSqGSIb3DQEBAgUAA4GBALtMEivPLCYATxQT3ab7/AoRhIzzKBxnki98tsX63/Do
+lbwdj2wsqFHMc9ikwFPwTtYmwHYBV4GSXiHx0bH/59AhWM1pF+NEHJwZRDmJXNyc
+AA9WjQKZ7aKQRUzkuxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2OmufTqj/ZA1k
+-----END CERTIFICATE-----

data/spec/integration/capath_verisign/7651b327.0

@@ -0,0 +1,14 @@
+-----BEGIN CERTIFICATE-----
+MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG
+A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz
+cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2
+MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV
+BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt
+YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN
+ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE
+BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is
+I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G
+CSqGSIb3DQEBAgUAA4GBALtMEivPLCYATxQT3ab7/AoRhIzzKBxnki98tsX63/Do
+lbwdj2wsqFHMc9ikwFPwTtYmwHYBV4GSXiHx0bH/59AhWM1pF+NEHJwZRDmJXNyc
+AA9WjQKZ7aKQRUzkuxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2OmufTqj/ZA1k
+-----END CERTIFICATE-----

data/spec/integration/capath_verisign/README

@@ -0,0 +1,8 @@
+The CA path symlinks can be created by c_rehash(1ssl).
+
+But in order for the tests to work on Windows, they have to be regular files.
+You can turn them all into regular files by running this on a GNU system:
+
+    for file in $(find . -type l); do
+        cp -iv --remove-destination $(readlink -e $file) $file
+    done

data/spec/integration/capath_verisign/verisign.crt

@@ -0,0 +1,14 @@
+-----BEGIN CERTIFICATE-----
+MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG
+A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz
+cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2
+MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV
+BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt
+YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN
+ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE
+BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is
+I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G
+CSqGSIb3DQEBAgUAA4GBALtMEivPLCYATxQT3ab7/AoRhIzzKBxnki98tsX63/Do
+lbwdj2wsqFHMc9ikwFPwTtYmwHYBV4GSXiHx0bH/59AhWM1pF+NEHJwZRDmJXNyc
+AA9WjQKZ7aKQRUzkuxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2OmufTqj/ZA1k
+-----END CERTIFICATE-----

data/spec/{integration_spec.rb → integration/integration_spec.rb}

@@ -1,7 +1,4 @@
-require File.join( File.dirname(File.expand_path(__FILE__)), 'base')
-
-require 'webmock/rspec'
-include WebMock::API
+require 'spec_helper'
 
 describe RestClient do
 
@@ -35,4 +32,4 @@ describe RestClient do
   end
 
 
-end
+end

data/spec/integration/request_spec.rb

@@ -1,37 +1,68 @@
-require File.join( File.dirname(File.expand_path(__FILE__)), '../base')
+require 'spec_helper'
 
 describe RestClient::Request do
+  before(:all) do
+    WebMock.disable!
+  end
+
+  after(:all) do
+    WebMock.enable!
+  end
+
   describe "ssl verification" do
     it "is successful with the correct ca_file" do
       request = RestClient::Request.new(
         :method => :get,
         :url => 'https://www.mozilla.org',
-        :verify_ssl => OpenSSL::SSL::VERIFY_PEER,
         :ssl_ca_file => File.join(File.dirname(__FILE__), "certs", "digicert.crt")
       )
       expect { request.execute }.to_not raise_error
     end
 
-    # I don' think this feature is useful anymore (under 1.9.3 at the very least).
-    #
-    # Exceptions in verify_callback are ignored; RestClient has to catch OpenSSL::SSL::SSLError
-    # and either re-throw it as is, or throw SSLCertificateNotVerified
-    # based on the contents of the message field of the original exception
-    #.
-    # The client has to handle OpenSSL::SSL::SSLError exceptions anyway,
-    # why make them handle both OpenSSL *AND* RestClient exceptions???
+    it "is successful with the correct ca_path" do
+      request = RestClient::Request.new(
+        :method => :get,
+        :url => 'https://www.mozilla.org',
+        :ssl_ca_path => File.join(File.dirname(__FILE__), "capath_digicert")
+      )
+      expect { request.execute }.to_not raise_error
+    end
+
+    # TODO: deprecate and remove RestClient::SSLCertificateNotVerified and just
+    # pass through OpenSSL::SSL::SSLError directly. See note in
+    # lib/restclient/request.rb.
     #
-    # also see https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl.c#L237
-    it "is unsuccessful with an incorrect ca_file" do
+    # On OS X, this test fails since Apple has patched OpenSSL to always fall
+    # back on the system CA store.
+    it "is unsuccessful with an incorrect ca_file", :unless => RestClient::Platform.mac? do
       request = RestClient::Request.new(
         :method => :get,
-        :url => 'https://www.mozilla.com',
-        :verify_ssl => OpenSSL::SSL::VERIFY_PEER,
+        :url => 'https://www.mozilla.org',
         :ssl_ca_file => File.join(File.dirname(__FILE__), "certs", "verisign.crt")
       )
       expect { request.execute }.to raise_error(RestClient::SSLCertificateNotVerified)
     end
 
+    # On OS X, this test fails since Apple has patched OpenSSL to always fall
+    # back on the system CA store.
+    it "is unsuccessful with an incorrect ca_path", :unless => RestClient::Platform.mac? do
+      request = RestClient::Request.new(
+        :method => :get,
+        :url => 'https://www.mozilla.org',
+        :ssl_ca_path => File.join(File.dirname(__FILE__), "capath_verisign")
+      )
+      expect { request.execute }.to raise_error(RestClient::SSLCertificateNotVerified)
+    end
+
+    it "is successful using the default system cert store" do
+      request = RestClient::Request.new(
+        :method => :get,
+        :url => 'https://www.mozilla.org',
+        :verify_ssl => true,
+      )
+      expect {request.execute }.to_not raise_error
+    end
+
     it "executes the verify_callback" do
       ran_callback = false
       request = RestClient::Request.new(
@@ -42,7 +73,6 @@ describe RestClient::Request do
           ran_callback = true
           preverify_ok
         },
-        :ssl_ca_file => File.join(File.dirname(__FILE__), "certs", "digicert.crt")
       )
       expect {request.execute }.to_not raise_error
       ran_callback.should eq(true)
@@ -55,7 +85,6 @@ describe RestClient::Request do
         :url => 'https://www.mozilla.org',
         :verify_ssl => true,
         :ssl_verify_callback => lambda { |preverify_ok, store_ctx| false },
-        :ssl_ca_file => File.join(File.dirname(__FILE__), "certs", "digicert.crt")
       )
       expect { request.execute }.to raise_error(RestClient::SSLCertificateNotVerified)
     end
@@ -67,7 +96,7 @@ describe RestClient::Request do
         :url => 'https://www.mozilla.org',
         :verify_ssl => true,
         :ssl_ca_file => File.join(File.dirname(__FILE__), "certs", "verisign.crt"),
-        :ssl_verify_callback => lambda { |preverify_ok, store_ctx| true }
+        :ssl_verify_callback => lambda { |preverify_ok, store_ctx| true },
       )
       expect { request.execute }.to_not raise_error
     end

data/spec/{base.rb → spec_helper.rb}

@@ -2,12 +2,11 @@ def is_ruby_19?
   RUBY_VERSION > '1.9'
 end
 
-require 'rubygems'
-
 begin
   require "ruby-debug"
 rescue LoadError
   # NOP, ignore
 end
 
-require File.dirname(__FILE__) + '/../lib/restclient'
+require 'webmock/rspec'
+require 'restclient'

data/spec/{abstract_response_spec.rb → unit/abstract_response_spec.rb}

@@ -1,4 +1,4 @@
-require File.join( File.dirname(File.expand_path(__FILE__)), 'base')
+require 'spec_helper'
 
 describe RestClient::AbstractResponse do
 

data/spec/{exceptions_spec.rb → unit/exceptions_spec.rb}

@@ -1,7 +1,4 @@
-require File.join( File.dirname(File.expand_path(__FILE__)), 'base')
-
-require 'webmock/rspec'
-include WebMock::API
+require 'spec_helper'
 
 describe RestClient::Exception do
   it "returns a 'message' equal to the class name if the message is not set, because 'message' should not be nil" do

data/spec/{payload_spec.rb → unit/payload_spec.rb}

@@ -1,5 +1,6 @@
 # encoding: binary
-require File.join(File.dirname(File.expand_path(__FILE__)), 'base')
+
+require 'spec_helper'
 
 describe RestClient::Payload do
   context "A regular Payload" do

data/spec/{raw_response_spec.rb → unit/raw_response_spec.rb}

@@ -1,4 +1,4 @@
-require File.join( File.dirname(File.expand_path(__FILE__)), 'base')
+require 'spec_helper'
 
 describe RestClient::RawResponse do
   before do

data/spec/{request2_spec.rb → unit/request2_spec.rb}

@@ -1,7 +1,4 @@
-require File.join( File.dirname(File.expand_path(__FILE__)), 'base')
-
-require 'webmock/rspec'
-include WebMock::API
+require 'spec_helper'
 
 describe RestClient::Request do
 

data/spec/{request_spec.rb → unit/request_spec.rb}

@@ -1,7 +1,4 @@
-require File.join( File.dirname(File.expand_path(__FILE__)), 'base')
-
-require 'webmock/rspec'
-include WebMock::API
+require 'spec_helper'
 
 describe RestClient::Request do
   before do
@@ -18,6 +15,9 @@ describe RestClient::Request do
     @net.stub(:start).and_yield(@http)
     @net.stub(:use_ssl=)
     @net.stub(:verify_mode=)
+    @net.stub(:verify_callback=)
+    allow(@net).to receive(:ciphers=)
+    allow(@net).to receive(:cert_store=)
     RestClient.log = nil
   end
 
@@ -109,6 +109,57 @@ describe RestClient::Request do
     @request.make_headers({}).should eq({ 'Foo' => 'bar', 'Cookie' => 'session_id=1; user_id=someone'})
   end
 
+  it "does not escape or unescape cookies" do
+    cookie = 'Foo%20:Bar%0A~'
+    @request = RestClient::Request.new(:method => 'get', :url => 'example.com',
+                                       :cookies => {:test => cookie})
+    @request.should_receive(:default_headers).and_return({'Foo' => 'bar'})
+    @request.make_headers({}).should eq({
+      'Foo' => 'bar',
+      'Cookie' => "test=#{cookie}"
+    })
+  end
+
+  it "rejects cookie names containing invalid characters" do
+    # Cookie validity is something of a mess, but we should reject the worst of
+    # the RFC 6265 (4.1.1) prohibited characters such as control characters.
+
+    ['', 'foo=bar', 'foo;bar', "foo\nbar"].each do |cookie_name|
+      lambda {
+        RestClient::Request.new(:method => 'get', :url => 'example.com',
+                                :cookies => {cookie_name => 'value'})
+      }.should raise_error(ArgumentError, /\AInvalid cookie name/)
+    end
+  end
+
+  it "rejects cookie values containing invalid characters" do
+    # Cookie validity is something of a mess, but we should reject the worst of
+    # the RFC 6265 (4.1.1) prohibited characters such as control characters.
+
+    ['foo,bar', 'foo;bar', "foo\nbar"].each do |cookie_value|
+      lambda {
+        RestClient::Request.new(:method => 'get', :url => 'example.com',
+                                :cookies => {'test' => cookie_value})
+      }.should raise_error(ArgumentError, /\AInvalid cookie value/)
+    end
+  end
+
+  it "uses netrc credentials" do
+    URI.stub(:parse).and_return(double('uri', :user => nil, :password => nil, :host => 'example.com'))
+    Netrc.stub(:read).and_return('example.com' => ['a', 'b'])
+    @request.parse_url_with_auth('http://example.com/resource')
+    @request.user.should eq 'a'
+    @request.password.should eq 'b'
+  end
+
+  it "uses credentials in the url in preference to netrc" do
+    URI.stub(:parse).and_return(double('uri', :user => 'joe%20', :password => 'pass1', :host => 'example.com'))
+    Netrc.stub(:read).and_return('example.com' => ['a', 'b'])
+    @request.parse_url_with_auth('http://joe%20:pass1@example.com/resource')
+    @request.user.should eq 'joe '
+    @request.password.should eq 'pass1'
+  end
+
   it "determines the Net::HTTP class to instantiate by the method name" do
     @request.net_http_request_class(:put).should eq Net::HTTP::Put
   end
@@ -129,6 +180,13 @@ describe RestClient::Request do
       headers.should have_key('1')
       headers['1'].should eq '3'
     end
+
+    it "converts user headers to string before calling CGI::unescape which fails on non string values" do
+      @request.should_receive(:default_headers).and_return({ '1' => '2' })
+      headers = @request.make_headers('1' => 3)
+      headers.should have_key('1')
+      headers['1'].should eq '3'
+    end
   end
 
   describe "header symbols" do
@@ -218,6 +276,7 @@ describe RestClient::Request do
   describe "credentials" do
     it "sets up the credentials prior to the request" do
       @http.stub(:request)
+
       @request.stub(:process_result)
       @request.stub(:response_log)
 
@@ -249,6 +308,21 @@ describe RestClient::Request do
     lambda { @request.transmit(@uri, 'req', nil) }.should raise_error(RestClient::ServerBrokeConnection)
   end
 
+  it "catches OpenSSL::SSL::SSLError and raise it back without more informative message" do
+    @http.stub(:request).and_raise(OpenSSL::SSL::SSLError)
+    lambda { @request.transmit(@uri, 'req', nil) }.should raise_error(OpenSSL::SSL::SSLError)
+  end
+
+  it "catches Timeout::Error and raise the more informative RequestTimeout" do
+    @http.stub(:request).and_raise(Timeout::Error)
+    lambda { @request.transmit(@uri, 'req', nil) }.should raise_error(RestClient::RequestTimeout)
+  end
+
+  it "catches Timeout::Error and raise the more informative RequestTimeout" do
+    @http.stub(:request).and_raise(Errno::ETIMEDOUT)
+    lambda { @request.transmit(@uri, 'req', nil) }.should raise_error(RestClient::RequestTimeout)
+  end
+
   it "class method execute wraps constructor" do
     req = double("rest request")
     RestClient::Request.should_receive(:new).with(1 => 2).and_return(req)
@@ -351,6 +425,18 @@ describe RestClient::Request do
   end
 
   describe "timeout" do
+    it "does not set timeouts if not specified" do
+      @request = RestClient::Request.new(:method => :put, :url => 'http://some/resource', :payload => 'payload')
+      @http.stub(:request)
+      @request.stub(:process_result)
+      @request.stub(:response_log)
+
+      @net.should_not_receive(:read_timeout=)
+      @net.should_not_receive(:open_timeout=)
+
+      @request.transmit(@uri, 'req', nil)
+    end
+
     it "set read_timeout" do
       @request = RestClient::Request.new(:method => :put, :url => 'http://some/resource', :payload => 'payload', :timeout => 123)
       @http.stub(:request)
@@ -372,6 +458,33 @@ describe RestClient::Request do
 
       @request.transmit(@uri, 'req', nil)
     end
+
+    it "disable timeout by setting it to nil" do
+      @request = RestClient::Request.new(:method => :put, :url => 'http://some/resource', :payload => 'payload', :timeout => nil, :open_timeout => nil)
+      @http.stub(:request)
+      @request.stub(:process_result)
+      @request.stub(:response_log)
+
+      @net.should_receive(:read_timeout=).with(nil)
+      @net.should_receive(:open_timeout=).with(nil)
+
+      @request.transmit(@uri, 'req', nil)
+    end
+
+    it "deprecated: disable timeout by setting it to -1" do
+      @request = RestClient::Request.new(:method => :put, :url => 'http://some/resource', :payload => 'payload', :timeout => -1, :open_timeout => -1)
+      @http.stub(:request)
+      @request.stub(:process_result)
+      @request.stub(:response_log)
+
+      @request.should_receive(:warn)
+      @net.should_receive(:read_timeout=).with(nil)
+
+      @request.should_receive(:warn)
+      @net.should_receive(:open_timeout=).with(nil)
+
+      @request.transmit(@uri, 'req', nil)
+    end
   end
 
   describe "ssl" do
@@ -384,11 +497,17 @@ describe RestClient::Request do
       @request.transmit(@uri, 'req', 'payload')
     end
 
-    it "should default to not verifying ssl certificates" do
-      @request.verify_ssl.should eq false
+    it "should default to verifying ssl certificates" do
+      @request.verify_ssl.should eq OpenSSL::SSL::VERIFY_PEER
+    end
+
+    it "should have expected values for VERIFY_PEER and VERIFY_NONE" do
+      OpenSSL::SSL::VERIFY_NONE.should eq(0)
+      OpenSSL::SSL::VERIFY_PEER.should eq(1)
     end
 
     it "should set net.verify_mode to OpenSSL::SSL::VERIFY_NONE if verify_ssl is false" do
+      @request = RestClient::Request.new(:method => :put, :verify_ssl => false, :url => 'http://some/resource', :payload => 'payload')
       @net.should_receive(:verify_mode=).with(OpenSSL::SSL::VERIFY_NONE)
       @http.stub(:request)
       @request.stub(:process_result)
@@ -405,6 +524,24 @@ describe RestClient::Request do
       @request.transmit(@uri, 'req', 'payload')
     end
 
+    it "should set net.verify_mode to OpenSSL::SSL::VERIFY_PEER if verify_ssl is true" do
+      @request = RestClient::Request.new(:method => :put, :url => 'https://some/resource', :payload => 'payload', :verify_ssl => true)
+      @net.should_receive(:verify_mode=).with(OpenSSL::SSL::VERIFY_PEER)
+      @http.stub(:request)
+      @request.stub(:process_result)
+      @request.stub(:response_log)
+      @request.transmit(@uri, 'req', 'payload')
+    end
+
+    it "should set net.verify_mode to OpenSSL::SSL::VERIFY_PEER if verify_ssl is not given" do
+      @request = RestClient::Request.new(:method => :put, :url => 'https://some/resource', :payload => 'payload')
+      @net.should_receive(:verify_mode=).with(OpenSSL::SSL::VERIFY_PEER)
+      @http.stub(:request)
+      @request.stub(:process_result)
+      @request.stub(:response_log)
+      @request.transmit(@uri, 'req', 'payload')
+    end
+
     it "should set net.verify_mode to the passed value if verify_ssl is an OpenSSL constant" do
       mode = OpenSSL::SSL::VERIFY_PEER | OpenSSL::SSL::VERIFY_FAIL_IF_NO_PEER_CERT
       @request = RestClient::Request.new( :method => :put,
@@ -422,6 +559,112 @@ describe RestClient::Request do
       @request.ssl_client_cert.should be(nil)
     end
 
+    it "should set the ssl_version if provided" do
+      @request = RestClient::Request.new(
+        :method => :put,
+        :url => 'https://some/resource',
+        :payload => 'payload',
+        :ssl_version => "TLSv1"
+      )
+      @net.should_receive(:ssl_version=).with("TLSv1")
+      @http.stub(:request)
+      @request.stub(:process_result)
+      @request.stub(:response_log)
+      @request.transmit(@uri, 'req', 'payload')
+    end
+
+    it "should not set the ssl_version if not provided" do
+      @request = RestClient::Request.new(
+        :method => :put,
+        :url => 'https://some/resource',
+        :payload => 'payload'
+      )
+      @net.should_not_receive(:ssl_version=).with("TLSv1")
+      @http.stub(:request)
+      @request.stub(:process_result)
+      @request.stub(:response_log)
+      @request.transmit(@uri, 'req', 'payload')
+    end
+
+    it "should set the ssl_ciphers if provided" do
+      ciphers = 'AESGCM:HIGH:!aNULL:!eNULL:RC4+RSA'
+      @request = RestClient::Request.new(
+        :method => :put,
+        :url => 'https://some/resource',
+        :payload => 'payload',
+        :ssl_ciphers => ciphers
+      )
+      @net.should_receive(:ciphers=).with(ciphers)
+      @http.stub(:request)
+      @request.stub(:process_result)
+      @request.stub(:response_log)
+      @request.transmit(@uri, 'req', 'payload')
+    end
+
+    it "should not set the ssl_ciphers if set to nil" do
+      @request = RestClient::Request.new(
+        :method => :put,
+        :url => 'https://some/resource',
+        :payload => 'payload',
+        :ssl_ciphers => nil,
+      )
+      @net.should_not_receive(:ciphers=)
+      @http.stub(:request)
+      @request.stub(:process_result)
+      @request.stub(:response_log)
+      @request.transmit(@uri, 'req', 'payload')
+    end
+
+    it "should override ssl_ciphers with better defaults with weak default ciphers" do
+      stub_const(
+        '::OpenSSL::SSL::SSLContext::DEFAULT_PARAMS',
+        {
+          :ssl_version=>"SSLv23",
+          :verify_mode=>1,
+          :ciphers=>"ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW",
+          :options=>-2147480577,
+        }
+      )
+
+      @request = RestClient::Request.new(
+        :method => :put,
+        :url => 'https://some/resource',
+        :payload => 'payload',
+      )
+
+      @net.should_receive(:ciphers=).with(RestClient::Request::DefaultCiphers)
+
+      @http.stub(:request)
+      @request.stub(:process_result)
+      @request.stub(:response_log)
+      @request.transmit(@uri, 'req', 'payload')
+    end
+
+    it "should not override ssl_ciphers with better defaults with different default ciphers" do
+      stub_const(
+        '::OpenSSL::SSL::SSLContext::DEFAULT_PARAMS',
+        {
+          :ssl_version=>"SSLv23",
+          :verify_mode=>1,
+          :ciphers=>"HIGH:!aNULL:!eNULL:!EXPORT:!LOW:!MEDIUM:!SSLv2",
+          :options=>-2147480577,
+        }
+      )
+
+      @request = RestClient::Request.new(
+        :method => :put,
+        :url => 'https://some/resource',
+        :payload => 'payload',
+      )
+
+      @net.should_not_receive(:ciphers=)
+
+      @http.stub(:request)
+      @request.stub(:process_result)
+      @request.stub(:response_log)
+      @request.transmit(@uri, 'req', 'payload')
+    end
+
     it "should set the ssl_client_cert if provided" do
       @request = RestClient::Request.new(
               :method => :put,
@@ -442,7 +685,7 @@ describe RestClient::Request do
               :url => 'https://some/resource',
               :payload => 'payload'
       )
-      @net.should_not_receive(:cert=).with("whatsupdoc!")
+      @net.should_not_receive(:cert=)
       @http.stub(:request)
       @request.stub(:process_result)
       @request.stub(:response_log)
@@ -473,7 +716,7 @@ describe RestClient::Request do
               :url => 'https://some/resource',
               :payload => 'payload'
       )
-      @net.should_not_receive(:key=).with("whatsupdoc!")
+      @net.should_not_receive(:key=)
       @http.stub(:request)
       @request.stub(:process_result)
       @request.stub(:response_log)
@@ -492,6 +735,7 @@ describe RestClient::Request do
               :ssl_ca_file => "Certificate Authority File"
       )
       @net.should_receive(:ca_file=).with("Certificate Authority File")
+      @net.should_not_receive(:cert_store=)
       @http.stub(:request)
       @request.stub(:process_result)
       @request.stub(:response_log)
@@ -504,12 +748,129 @@ describe RestClient::Request do
               :url => 'https://some/resource',
               :payload => 'payload'
       )
-      @net.should_not_receive(:ca_file=).with("Certificate Authority File")
+      @net.should_not_receive(:ca_file=)
+      @http.stub(:request)
+      @request.stub(:process_result)
+      @request.stub(:response_log)
+      @request.transmit(@uri, 'req', 'payload')
+    end
+
+    it "should default to not having an ssl_ca_path" do
+      @request.ssl_ca_path.should be(nil)
+    end
+
+    it "should set the ssl_ca_path if provided" do
+      @request = RestClient::Request.new(
+              :method => :put,
+              :url => 'https://some/resource',
+              :payload => 'payload',
+              :ssl_ca_path => "Certificate Authority Path"
+      )
+      @net.should_receive(:ca_path=).with("Certificate Authority Path")
+      @net.should_not_receive(:cert_store=)
+      @http.stub(:request)
+      @request.stub(:process_result)
+      @request.stub(:response_log)
+      @request.transmit(@uri, 'req', 'payload')
+    end
+
+    it "should not set the ssl_ca_path if it is not provided" do
+      @request = RestClient::Request.new(
+              :method => :put,
+              :url => 'https://some/resource',
+              :payload => 'payload'
+      )
+      @net.should_not_receive(:ca_path=)
+      @http.stub(:request)
+      @request.stub(:process_result)
+      @request.stub(:response_log)
+      @request.transmit(@uri, 'req', 'payload')
+    end
+
+    it "should set the ssl_cert_store if provided" do
+      store = OpenSSL::X509::Store.new
+      store.set_default_paths
+
+      @request = RestClient::Request.new(
+              :method => :put,
+              :url => 'https://some/resource',
+              :payload => 'payload',
+              :ssl_cert_store => store
+      )
+      @net.should_receive(:cert_store=).with(store)
+      @net.should_not_receive(:ca_path=)
+      @net.should_not_receive(:ca_file=)
+      @http.stub(:request)
+      @request.stub(:process_result)
+      @request.stub(:response_log)
+      @request.transmit(@uri, 'req', 'payload')
+    end
+
+    it "should by default set the ssl_cert_store if no CA info is provided" do
+      @request = RestClient::Request.new(
+              :method => :put,
+              :url => 'https://some/resource',
+              :payload => 'payload'
+      )
+      @net.should_receive(:cert_store=)
+      @net.should_not_receive(:ca_path=)
+      @net.should_not_receive(:ca_file=)
       @http.stub(:request)
       @request.stub(:process_result)
       @request.stub(:response_log)
       @request.transmit(@uri, 'req', 'payload')
     end
+
+    it "should not set the ssl_cert_store if it is set falsy" do
+      @request = RestClient::Request.new(
+              :method => :put,
+              :url => 'https://some/resource',
+              :payload => 'payload',
+              :ssl_cert_store => nil,
+      )
+      @net.should_not_receive(:cert_store=)
+      @http.stub(:request)
+      @request.stub(:process_result)
+      @request.stub(:response_log)
+      @request.transmit(@uri, 'req', 'payload')
+    end
+
+    it "should not set the ssl_verify_callback by default" do
+      @request = RestClient::Request.new(
+              :method => :put,
+              :url => 'https://some/resource',
+              :payload => 'payload',
+      )
+      @net.should_not_receive(:verify_callback=)
+      @http.stub(:request)
+      @request.stub(:process_result)
+      @request.stub(:response_log)
+      @request.transmit(@uri, 'req', 'payload')
+    end
+
+    it "should set the ssl_verify_callback if passed" do
+      callback = lambda {}
+      @request = RestClient::Request.new(
+              :method => :put,
+              :url => 'https://some/resource',
+              :payload => 'payload',
+              :ssl_verify_callback => callback,
+      )
+      @net.should_receive(:verify_callback=).with(callback)
+
+      # we'll read cert_store on jruby
+      # https://github.com/jruby/jruby/issues/597
+      if RestClient::Platform.jruby?
+        allow(@net).to receive(:cert_store)
+      end
+
+      @http.stub(:request)
+      @request.stub(:process_result)
+      @request.stub(:response_log)
+      @request.transmit(@uri, 'req', 'payload')
+    end
+
+    # </ssl>
   end
 
   it "should still return a response object for 204 No Content responses" do
@@ -525,4 +886,20 @@ describe RestClient::Request do
     response.should_not be_nil
     response.code.should eq 204
   end
+
+  describe "raw response" do
+    it "should read the response into a binary-mode tempfile" do
+      @request = RestClient::Request.new(:method => "get", :url => "example.com", :raw_response => true)
+
+      tempfile = double("tempfile")
+      tempfile.should_receive(:binmode)
+      tempfile.stub(:open)
+      tempfile.stub(:close)
+      Tempfile.should_receive(:new).with("rest-client").and_return(tempfile)
+
+      net_http_res = Net::HTTPOK.new(nil, "200", "body")
+      net_http_res.stub(:read_body).and_return("body")
+      @request.fetch_body(net_http_res)
+    end
+  end
 end