RubyGems - sensu-em - Versions diffs - 2.2.0 → 2.3.0 - Mend

sensu-em 2.2.0 → 2.3.0

Files changed (11) hide show

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 4514238191451ae65b7f7f4ada6474332de389f1
-  data.tar.gz: 1cbb86ac25130bced86eda66aae1e1aaaccc90c9
+  metadata.gz: 2b9342f1e51e48b95d70ae1d465dc97514bae0f8
+  data.tar.gz: e26917203b751e471244aa942811e8af54293bdb
 SHA512:
-  metadata.gz: 1de855fe1a32f794f90cd939480b88f9066435a4bf50f8179fef0f27676e3642ce2d8d2131ccfa82dbecde7b48bac1c75f3e519e1755bd2da1b486802f946ac0
-  data.tar.gz: d9cdc4d98c863915451040fc17e7935379d7c1a85c7b28885bd378f4b295e0a67f2123075471f6ebe614bcf1f53f5b6cd5d23e662aea6fc7c7ea26f3cfb01521
+  metadata.gz: 44aa0facf9b5e044887eb11e0f1646f7bf4865b2bf6430ccf13ce89e3a969543fe2cc4fdd6d9f3553282ad1e083a0104a028de4fde785dabbe84a6c66ff594d5
+  data.tar.gz: 54b19541a0df76c725eb54f2205ece40e4e04d17a0d142c028b8946a95bd705561a77fbeb1dbd22925a73500b20a1834408b6136080130b33c1b2478ca1a0245

data/eventmachine.gemspec CHANGED

@@ -5,7 +5,7 @@ require "em/version"
 Gem::Specification.new do |s|
   s.name = 'sensu-em'
-  s.version = '2.2.0'
+  s.version = '2.3.0'
   s.homepage = 'http://rubyeventmachine.com'
   s.rubyforge_project = 'eventmachine'
   s.licenses = ["Ruby", "GPL"]

data/ext/cmain.cpp CHANGED

@@ -443,12 +443,12 @@ extern "C" void evma_start_tls (const unsigned long binding)
 evma_set_tls_parms
 ******************/
-extern "C" void evma_set_tls_parms (const unsigned long binding, const char *privatekey_filename, const char *certchain_filename, int verify_peer)
+extern "C" void evma_set_tls_parms (const unsigned long binding, const char *privatekey_filename, const char *certchain_filename, int verify_peer, int use_tls)
 {
 	ensure_eventmachine("evma_set_tls_parms");
 	EventableDescriptor *ed = dynamic_cast <EventableDescriptor*> (Bindable_t::GetObject (binding));
 	if (ed)
-		ed->SetTlsParms (privatekey_filename, certchain_filename, (verify_peer == 1 ? true : false));
+		ed->SetTlsParms (privatekey_filename, certchain_filename, (verify_peer == 1 ? true : false), (use_tls == 1 ? true : false));
 }
 /******************

data/ext/ed.cpp CHANGED

@@ -383,6 +383,7 @@ ConnectionDescriptor::ConnectionDescriptor (int sd, EventMachine_t *em):
 	SslBox (NULL),
 	bHandshakeSignaled (false),
 	bSslVerifyPeer (false),
+	bSslUseTls (false),
 	bSslPeerAccepted(false),
 	#endif
 	#ifdef HAVE_KQUEUE
@@ -1141,7 +1142,7 @@ void ConnectionDescriptor::StartTls()
 	if (SslBox)
 		throw std::runtime_error ("SSL/TLS already running on connection");
-	SslBox = new SslBox_t (bIsServer, PrivateKeyFilename, CertChainFilename, bSslVerifyPeer, GetBinding());
+	SslBox = new SslBox_t (bIsServer, PrivateKeyFilename, CertChainFilename, bSslVerifyPeer, bSslUseTls, GetBinding());
 	_DispatchCiphertext();
 	#endif
@@ -1155,7 +1156,7 @@ void ConnectionDescriptor::StartTls()
 ConnectionDescriptor::SetTlsParms
 *********************************/
-void ConnectionDescriptor::SetTlsParms (const char *privkey_filename, const char *certchain_filename, bool verify_peer)
+void ConnectionDescriptor::SetTlsParms (const char *privkey_filename, const char *certchain_filename, bool verify_peer, bool use_tls)
 {
 	#ifdef WITH_SSL
 	if (SslBox)
@@ -1165,6 +1166,7 @@ void ConnectionDescriptor::SetTlsParms (const char *privkey_filename, const char
 	if (certchain_filename && *certchain_filename)
 		CertChainFilename = certchain_filename;
 	bSslVerifyPeer = verify_peer;
+       bSslUseTls = use_tls;
 	#endif
 	#ifdef WITHOUT_SSL

data/ext/ed.h CHANGED

@@ -69,7 +69,7 @@ class EventableDescriptor: public Bindable_t
 		virtual bool GetSubprocessPid (pid_t*) {return false;}
 		virtual void StartTls() {}
-		virtual void SetTlsParms (const char *, const char *, bool) {}
+		virtual void SetTlsParms (const char *privkey_filename, const char *certchain_filename, bool verify_peer, bool use_tls) {}
 		#ifdef WITH_SSL
 		virtual X509 *GetPeerCert() {return NULL;}
@@ -193,7 +193,7 @@ class ConnectionDescriptor: public EventableDescriptor
 		virtual int GetOutboundDataSize() {return OutboundDataSize;}
 		virtual void StartTls();
-		virtual void SetTlsParms (const char *privkey_filename, const char *certchain_filename, bool verify_peer);
+		virtual void SetTlsParms (const char *privkey_filename, const char *certchain_filename, bool verify_peer, bool use_tls);
 		#ifdef WITH_SSL
 		virtual X509 *GetPeerCert();
@@ -239,6 +239,7 @@ class ConnectionDescriptor: public EventableDescriptor
 		std::string PrivateKeyFilename;
 		bool bHandshakeSignaled;
 		bool bSslVerifyPeer;
+               bool bSslUseTls;
 		bool bSslPeerAccepted;
 		#endif

data/ext/eventmachine.h CHANGED

@@ -67,7 +67,7 @@ extern "C" {
 	const unsigned long evma_attach_sd (int sd);
 	const unsigned long evma_open_datagram_socket (const char *server, int port);
 	const unsigned long evma_open_keyboard();
-	void evma_set_tls_parms (const unsigned long binding, const char *privatekey_filename, const char *certchain_filenane, int verify_peer);
+	void evma_set_tls_parms (const unsigned long binding, const char *privatekey_filename, const char *certchain_filenane, int verify_peer, int use_tls);
 	void evma_start_tls (const unsigned long binding);
 	#ifdef WITH_SSL

data/ext/rubymain.cpp CHANGED

@@ -311,14 +311,14 @@ static VALUE t_start_tls (VALUE self, VALUE signature)
 t_set_tls_parms
 ***************/
-static VALUE t_set_tls_parms (VALUE self, VALUE signature, VALUE privkeyfile, VALUE certchainfile, VALUE verify_peer)
+static VALUE t_set_tls_parms (VALUE self, VALUE signature, VALUE privkeyfile, VALUE certchainfile, VALUE verify_peer, VALUE use_tls)
 {
 	/* set_tls_parms takes a series of positional arguments for specifying such things
 	 * as private keys and certificate chains.
 	 * It's expected that the parameter list will grow as we add more supported features.
 	 * ALL of these parameters are optional, and can be specified as empty or NULL strings.
 	 */
-	evma_set_tls_parms (NUM2ULONG (signature), StringValuePtr (privkeyfile), StringValuePtr (certchainfile), (verify_peer == Qtrue ? 1 : 0));
+	evma_set_tls_parms (NUM2ULONG (signature), StringValuePtr (privkeyfile), StringValuePtr (certchainfile), (verify_peer == Qtrue ? 1 : 0), (use_tls == Qtrue ? 1 : 0));
 	return Qnil;
 }
@@ -1224,7 +1224,7 @@ extern "C" void Init_rubyeventmachine()
 	rb_define_module_function (EmModule, "stop_tcp_server", (VALUE(*)(...))t_stop_server, 1);
 	rb_define_module_function (EmModule, "start_unix_server", (VALUE(*)(...))t_start_unix_server, 1);
 	rb_define_module_function (EmModule, "attach_sd", (VALUE(*)(...))t_attach_sd, 1);
-	rb_define_module_function (EmModule, "set_tls_parms", (VALUE(*)(...))t_set_tls_parms, 4);
+	rb_define_module_function (EmModule, "set_tls_parms", (VALUE(*)(...))t_set_tls_parms, 5);
 	rb_define_module_function (EmModule, "start_tls", (VALUE(*)(...))t_start_tls, 1);
 	rb_define_module_function (EmModule, "get_peer_cert", (VALUE(*)(...))t_get_peer_cert, 1);
 	rb_define_module_function (EmModule, "send_data", (VALUE(*)(...))t_send_data, 3);

data/ext/ssl.cpp CHANGED

@@ -120,7 +120,7 @@ static void InitializeDefaultCredentials()
 SslContext_t::SslContext_t
 **************************/
-SslContext_t::SslContext_t (bool is_server, const string &privkeyfile, const string &certchainfile):
+SslContext_t::SslContext_t (bool is_server, const string &privkeyfile, const string &certchainfile, bool use_tls):
 	pCtx (NULL),
 	PrivateKey (NULL),
 	Certificate (NULL)
@@ -145,7 +145,11 @@ SslContext_t::SslContext_t (bool is_server, const string &privkeyfile, const str
 	}
 	bIsServer = is_server;
-	pCtx = SSL_CTX_new (is_server ? SSLv23_server_method() : SSLv23_client_method());
+       if (use_tls)
+         pCtx = SSL_CTX_new (is_server ? TLSv1_server_method() : TLSv1_client_method());
+       else
+         pCtx = SSL_CTX_new (is_server ? SSLv23_server_method() : SSLv23_client_method());
 	if (!pCtx)
 		throw std::runtime_error ("no SSL context");
@@ -216,10 +220,11 @@ SslContext_t::~SslContext_t()
 SslBox_t::SslBox_t
 ******************/
-SslBox_t::SslBox_t (bool is_server, const string &privkeyfile, const string &certchainfile, bool verify_peer, const unsigned long binding):
+SslBox_t::SslBox_t (bool is_server, const string &privkeyfile, const string &certchainfile, bool verify_peer, bool use_tls, const unsigned long binding):
 	bIsServer (is_server),
 	bHandshakeCompleted (false),
 	bVerifyPeer (verify_peer),
+	bUseTls (use_tls),
 	pSSL (NULL),
 	pbioRead (NULL),
 	pbioWrite (NULL)
@@ -228,7 +233,7 @@ SslBox_t::SslBox_t (bool is_server, const string &privkeyfile, const string &cer
 	 * a new one every time we come here.
 	 */
-	Context = new SslContext_t (bIsServer, privkeyfile, certchainfile);
+	Context = new SslContext_t (bIsServer, privkeyfile, certchainfile, use_tls);
 	assert (Context);
 	pbioRead = BIO_new (BIO_s_mem());

data/ext/ssl.h CHANGED

@@ -33,7 +33,7 @@ class SslContext_t
 class SslContext_t
 {
 	public:
-		SslContext_t (bool is_server, const string &privkeyfile, const string &certchainfile);
+		SslContext_t (bool is_server, const string &privkeyfile, const string &certchainfile, bool use_tls);
 		virtual ~SslContext_t();
 	private:
@@ -57,7 +57,7 @@ class SslBox_t
 class SslBox_t
 {
 	public:
-		SslBox_t (bool is_server, const string &privkeyfile, const string &certchainfile, bool verify_peer, const unsigned long binding);
+		SslBox_t (bool is_server, const string &privkeyfile, const string &certchainfile, bool verify_peer, bool use_tls, const unsigned long binding);
 		virtual ~SslBox_t();
 		int PutPlaintext (const char*, int);
@@ -78,6 +78,7 @@ class SslBox_t
 		bool bIsServer;
 		bool bHandshakeCompleted;
 		bool bVerifyPeer;
+               bool bUseTls;
 		SSL *pSSL;
 		BIO *pbioRead;
 		BIO *pbioWrite;

data/lib/em/connection.rb CHANGED

@@ -376,10 +376,12 @@ module EventMachine
     #
     # @option args [String] :private_key_file (nil) local path of a readable file that must contain a private key in the [PEM format](http://en.wikipedia.org/wiki/Privacy_Enhanced_Mail).
     #
-    # @option args [String] :verify_peer (false)    indicates whether a server should request a certificate from a peer, to be verified by user code.
+    # @option args [Boolean] :verify_peer (false)    indicates whether a server should request a certificate from a peer, to be verified by user code.
     #                                               If true, the {#ssl_verify_peer} callback on the {EventMachine::Connection} object is called with each certificate
     #                                               in the certificate chain provided by the peer. See documentation on {#ssl_verify_peer} for how to use this.
     #
+    # @option args [Boolean] :use_tls (false)       indicates whether TLS or SSL must be offered to the peer. If true TLS is used, SSL otherwise.
+    #
     # @example Using TLS with EventMachine
     #
     #  require 'rubygems'
@@ -404,7 +406,7 @@ module EventMachine
     #
     # @see #ssl_verify_peer
     def start_tls args={}
-      priv_key, cert_chain, verify_peer = args.values_at(:private_key_file, :cert_chain_file, :verify_peer)
+      priv_key, cert_chain, verify_peer, use_tls = args.values_at(:private_key_file, :cert_chain_file, :verify_peer, :use_tls)
       [priv_key, cert_chain].each do |file|
         next if file.nil? or file.empty?
@@ -412,7 +414,7 @@ module EventMachine
         "Could not find #{file} for start_tls" unless File.exists? file
       end
-      EventMachine::set_tls_parms(@signature, priv_key || '', cert_chain || '', verify_peer)
+      EventMachine::set_tls_parms(@signature, priv_key || '', cert_chain || '', verify_peer, (use_tls ? true : false))
       EventMachine::start_tls @signature
     end

metadata CHANGED

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: sensu-em
 version: !ruby/object:Gem::Version
-  version: 2.2.0
+  version: 2.3.0
 platform: ruby
 authors:
 - Francis Cianfrocca
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2014-06-02 00:00:00.000000000 Z
+date: 2014-06-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake-compiler