sensu-em 2.3.0-java → 2.4.0-java

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: f09205f6fba5d147db5b27cfdfa77d645dd1228e
4
- data.tar.gz: 51a553a57bfc42b954a683618cc9831f4ed2149e
3
+ metadata.gz: 2ddbbdeebbaa9d14cbd2504fee0d59280a9f1244
4
+ data.tar.gz: 096108e026c9ec5c9fcc80b06056ae4c9621114b
5
5
  SHA512:
6
- metadata.gz: e1018edb1761ff8cc28bebcbac3f09c336501cca74ab0134aaac552e1ab7429ec4c0ee0f8cf3532a3c45d6a68efb66d4b0b8d9877be86d6a6a65bdd2b6f1840c
7
- data.tar.gz: 6bec10ce68ff077ae80474bf260a0fccf0187bd21a6c285199b45eeabe0768e66912e41595d2ab5234db20e6c13bd4f4283fe889f831d94538a457b6510552d6
6
+ metadata.gz: de8cfd2e3ed0647857304a113740bfea43a8e4f3309224bc24c7ccccbcf1d416050d1d1405f32515aa6c91a3a813fbc5b371b5926c64b87051ed5b33f67f0afd
7
+ data.tar.gz: 194a96db13c4a05cb3754dd5c52d59ab5aaba622573376b65dbbe12491d29c9e589e11077aa8eb45aed054a429c46065c3eb61ee7f35d621541cc97ec825107c
data/eventmachine.gemspec CHANGED
@@ -5,7 +5,7 @@ require "em/version"
5
5
 
6
6
  Gem::Specification.new do |s|
7
7
  s.name = 'sensu-em'
8
- s.version = '2.3.0'
8
+ s.version = '2.4.0'
9
9
  s.homepage = 'http://rubyeventmachine.com'
10
10
  s.rubyforge_project = 'eventmachine'
11
11
  s.licenses = ["Ruby", "GPL"]
data/ext/cmain.cpp CHANGED
@@ -443,12 +443,12 @@ extern "C" void evma_start_tls (const unsigned long binding)
443
443
  evma_set_tls_parms
444
444
  ******************/
445
445
 
446
- extern "C" void evma_set_tls_parms (const unsigned long binding, const char *privatekey_filename, const char *certchain_filename, int verify_peer, int use_tls)
446
+ extern "C" void evma_set_tls_parms (const unsigned long binding, const char *privatekey_filename, const char *certchain_filename, int verify_peer, int use_tls, const char *cipherlist)
447
447
  {
448
448
  ensure_eventmachine("evma_set_tls_parms");
449
449
  EventableDescriptor *ed = dynamic_cast <EventableDescriptor*> (Bindable_t::GetObject (binding));
450
450
  if (ed)
451
- ed->SetTlsParms (privatekey_filename, certchain_filename, (verify_peer == 1 ? true : false), (use_tls == 1 ? true : false));
451
+ ed->SetTlsParms (privatekey_filename, certchain_filename, (verify_peer == 1 ? true : false), (use_tls == 1 ? true : false), cipherlist);
452
452
  }
453
453
 
454
454
  /******************
data/ext/ed.cpp CHANGED
@@ -1142,7 +1142,7 @@ void ConnectionDescriptor::StartTls()
1142
1142
  if (SslBox)
1143
1143
  throw std::runtime_error ("SSL/TLS already running on connection");
1144
1144
 
1145
- SslBox = new SslBox_t (bIsServer, PrivateKeyFilename, CertChainFilename, bSslVerifyPeer, bSslUseTls, GetBinding());
1145
+ SslBox = new SslBox_t (bIsServer, PrivateKeyFilename, CertChainFilename, bSslVerifyPeer, bSslUseTls, CipherList, GetBinding());
1146
1146
  _DispatchCiphertext();
1147
1147
  #endif
1148
1148
 
@@ -1156,7 +1156,7 @@ void ConnectionDescriptor::StartTls()
1156
1156
  ConnectionDescriptor::SetTlsParms
1157
1157
  *********************************/
1158
1158
 
1159
- void ConnectionDescriptor::SetTlsParms (const char *privkey_filename, const char *certchain_filename, bool verify_peer, bool use_tls)
1159
+ void ConnectionDescriptor::SetTlsParms (const char *privkey_filename, const char *certchain_filename, bool verify_peer, bool use_tls, const char *cipherlist)
1160
1160
  {
1161
1161
  #ifdef WITH_SSL
1162
1162
  if (SslBox)
@@ -1167,6 +1167,8 @@ void ConnectionDescriptor::SetTlsParms (const char *privkey_filename, const char
1167
1167
  CertChainFilename = certchain_filename;
1168
1168
  bSslVerifyPeer = verify_peer;
1169
1169
  bSslUseTls = use_tls;
1170
+ if (cipherlist && *cipherlist)
1171
+ CipherList = cipherlist;
1170
1172
  #endif
1171
1173
 
1172
1174
  #ifdef WITHOUT_SSL
data/ext/ed.h CHANGED
@@ -69,7 +69,7 @@ class EventableDescriptor: public Bindable_t
69
69
  virtual bool GetSubprocessPid (pid_t*) {return false;}
70
70
 
71
71
  virtual void StartTls() {}
72
- virtual void SetTlsParms (const char *privkey_filename, const char *certchain_filename, bool verify_peer, bool use_tls) {}
72
+ virtual void SetTlsParms (const char *privkey_filename, const char *certchain_filename, bool verify_peer, bool use_tls, const char *cipherlist) {}
73
73
 
74
74
  #ifdef WITH_SSL
75
75
  virtual X509 *GetPeerCert() {return NULL;}
@@ -193,7 +193,7 @@ class ConnectionDescriptor: public EventableDescriptor
193
193
  virtual int GetOutboundDataSize() {return OutboundDataSize;}
194
194
 
195
195
  virtual void StartTls();
196
- virtual void SetTlsParms (const char *privkey_filename, const char *certchain_filename, bool verify_peer, bool use_tls);
196
+ virtual void SetTlsParms (const char *privkey_filename, const char *certchain_filename, bool verify_peer, bool use_tls, const char *cipherlist);
197
197
 
198
198
  #ifdef WITH_SSL
199
199
  virtual X509 *GetPeerCert();
@@ -240,6 +240,7 @@ class ConnectionDescriptor: public EventableDescriptor
240
240
  bool bHandshakeSignaled;
241
241
  bool bSslVerifyPeer;
242
242
  bool bSslUseTls;
243
+ std::string CipherList;
243
244
  bool bSslPeerAccepted;
244
245
  #endif
245
246
 
data/ext/eventmachine.h CHANGED
@@ -67,7 +67,7 @@ extern "C" {
67
67
  const unsigned long evma_attach_sd (int sd);
68
68
  const unsigned long evma_open_datagram_socket (const char *server, int port);
69
69
  const unsigned long evma_open_keyboard();
70
- void evma_set_tls_parms (const unsigned long binding, const char *privatekey_filename, const char *certchain_filenane, int verify_peer, int use_tls);
70
+ void evma_set_tls_parms (const unsigned long binding, const char *privatekey_filename, const char *certchain_filenane, int verify_peer, int use_tls, const char *cipherlist);
71
71
  void evma_start_tls (const unsigned long binding);
72
72
 
73
73
  #ifdef WITH_SSL
data/ext/rubymain.cpp CHANGED
@@ -311,14 +311,14 @@ static VALUE t_start_tls (VALUE self, VALUE signature)
311
311
  t_set_tls_parms
312
312
  ***************/
313
313
 
314
- static VALUE t_set_tls_parms (VALUE self, VALUE signature, VALUE privkeyfile, VALUE certchainfile, VALUE verify_peer, VALUE use_tls)
314
+ static VALUE t_set_tls_parms (VALUE self, VALUE signature, VALUE privkeyfile, VALUE certchainfile, VALUE verify_peer, VALUE use_tls, VALUE cipherlist)
315
315
  {
316
316
  /* set_tls_parms takes a series of positional arguments for specifying such things
317
317
  * as private keys and certificate chains.
318
318
  * It's expected that the parameter list will grow as we add more supported features.
319
319
  * ALL of these parameters are optional, and can be specified as empty or NULL strings.
320
320
  */
321
- evma_set_tls_parms (NUM2ULONG (signature), StringValuePtr (privkeyfile), StringValuePtr (certchainfile), (verify_peer == Qtrue ? 1 : 0), (use_tls == Qtrue ? 1 : 0));
321
+ evma_set_tls_parms (NUM2ULONG (signature), StringValuePtr (privkeyfile), StringValuePtr (certchainfile), (verify_peer == Qtrue ? 1 : 0), (use_tls == Qtrue ? 1 : 0), StringValuePtr(cipherlist));
322
322
  return Qnil;
323
323
  }
324
324
 
@@ -1224,7 +1224,7 @@ extern "C" void Init_rubyeventmachine()
1224
1224
  rb_define_module_function (EmModule, "stop_tcp_server", (VALUE(*)(...))t_stop_server, 1);
1225
1225
  rb_define_module_function (EmModule, "start_unix_server", (VALUE(*)(...))t_start_unix_server, 1);
1226
1226
  rb_define_module_function (EmModule, "attach_sd", (VALUE(*)(...))t_attach_sd, 1);
1227
- rb_define_module_function (EmModule, "set_tls_parms", (VALUE(*)(...))t_set_tls_parms, 5);
1227
+ rb_define_module_function (EmModule, "set_tls_parms", (VALUE(*)(...))t_set_tls_parms, 6);
1228
1228
  rb_define_module_function (EmModule, "start_tls", (VALUE(*)(...))t_start_tls, 1);
1229
1229
  rb_define_module_function (EmModule, "get_peer_cert", (VALUE(*)(...))t_get_peer_cert, 1);
1230
1230
  rb_define_module_function (EmModule, "send_data", (VALUE(*)(...))t_send_data, 3);
data/ext/ssl.cpp CHANGED
@@ -120,7 +120,7 @@ static void InitializeDefaultCredentials()
120
120
  SslContext_t::SslContext_t
121
121
  **************************/
122
122
 
123
- SslContext_t::SslContext_t (bool is_server, const string &privkeyfile, const string &certchainfile, bool use_tls):
123
+ SslContext_t::SslContext_t (bool is_server, const string &privkeyfile, const string &certchainfile, bool use_tls, const string &cipherlist):
124
124
  pCtx (NULL),
125
125
  PrivateKey (NULL),
126
126
  Certificate (NULL)
@@ -177,7 +177,10 @@ SslContext_t::SslContext_t (bool is_server, const string &privkeyfile, const str
177
177
  assert (e > 0);
178
178
  }
179
179
 
180
- SSL_CTX_set_cipher_list (pCtx, "ALL:!ADH:!LOW:!EXP:!DES-CBC3-SHA:@STRENGTH");
180
+ if (cipherlist.length() > 0)
181
+ SSL_CTX_set_cipher_list (pCtx, cipherlist.c_str());
182
+ else
183
+ SSL_CTX_set_cipher_list (pCtx, "ALL:!ADH:!LOW:!EXP:!DES-CBC3-SHA:@STRENGTH");
181
184
 
182
185
  if (is_server) {
183
186
  SSL_CTX_sess_set_cache_size (pCtx, 128);
@@ -220,7 +223,7 @@ SslContext_t::~SslContext_t()
220
223
  SslBox_t::SslBox_t
221
224
  ******************/
222
225
 
223
- SslBox_t::SslBox_t (bool is_server, const string &privkeyfile, const string &certchainfile, bool verify_peer, bool use_tls, const unsigned long binding):
226
+ SslBox_t::SslBox_t (bool is_server, const string &privkeyfile, const string &certchainfile, bool verify_peer, bool use_tls, const string &cipherlist, const unsigned long binding):
224
227
  bIsServer (is_server),
225
228
  bHandshakeCompleted (false),
226
229
  bVerifyPeer (verify_peer),
@@ -233,7 +236,7 @@ SslBox_t::SslBox_t (bool is_server, const string &privkeyfile, const string &cer
233
236
  * a new one every time we come here.
234
237
  */
235
238
 
236
- Context = new SslContext_t (bIsServer, privkeyfile, certchainfile, use_tls);
239
+ Context = new SslContext_t (bIsServer, privkeyfile, certchainfile, use_tls, cipherlist);
237
240
  assert (Context);
238
241
 
239
242
  pbioRead = BIO_new (BIO_s_mem());
data/ext/ssl.h CHANGED
@@ -33,7 +33,7 @@ class SslContext_t
33
33
  class SslContext_t
34
34
  {
35
35
  public:
36
- SslContext_t (bool is_server, const string &privkeyfile, const string &certchainfile, bool use_tls);
36
+ SslContext_t (bool is_server, const string &privkeyfile, const string &certchainfile, bool use_tls, const string &cipherlist);
37
37
  virtual ~SslContext_t();
38
38
 
39
39
  private:
@@ -57,7 +57,7 @@ class SslBox_t
57
57
  class SslBox_t
58
58
  {
59
59
  public:
60
- SslBox_t (bool is_server, const string &privkeyfile, const string &certchainfile, bool verify_peer, bool use_tls, const unsigned long binding);
60
+ SslBox_t (bool is_server, const string &privkeyfile, const string &certchainfile, bool verify_peer, bool use_tls, const string &cipherlist, const unsigned long binding);
61
61
  virtual ~SslBox_t();
62
62
 
63
63
  int PutPlaintext (const char*, int);
@@ -49,6 +49,7 @@ public class SslBox {
49
49
 
50
50
  sslContext.init(keyManagers, new TrustManager[] { tm }, null);
51
51
  sslEngine = sslContext.createSSLEngine(host, port);
52
+ sslEngine.setEnabledCipherSuites(sslEngine.getSupportedCipherSuites());
52
53
  sslEngine.setUseClientMode(!isServer);
53
54
  sslEngine.setNeedClientAuth(verifyPeer);
54
55
 
@@ -307,4 +308,4 @@ public class SslBox {
307
308
  return (read);
308
309
  }
309
310
 
310
- }
311
+ }
data/lib/em/connection.rb CHANGED
@@ -382,6 +382,8 @@ module EventMachine
382
382
  #
383
383
  # @option args [Boolean] :use_tls (false) indicates whether TLS or SSL must be offered to the peer. If true TLS is used, SSL otherwise.
384
384
  #
385
+ # @option args [String] :cipher_list ("ALL:!ADH:!LOW:!EXP:!DES-CBC3-SHA:@STRENGTH") indicates the available SSL cipher values.
386
+ #
385
387
  # @example Using TLS with EventMachine
386
388
  #
387
389
  # require 'rubygems'
@@ -406,7 +408,7 @@ module EventMachine
406
408
  #
407
409
  # @see #ssl_verify_peer
408
410
  def start_tls args={}
409
- priv_key, cert_chain, verify_peer, use_tls = args.values_at(:private_key_file, :cert_chain_file, :verify_peer, :use_tls)
411
+ priv_key, cert_chain, verify_peer, use_tls, cipher_list = args.values_at(:private_key_file, :cert_chain_file, :verify_peer, :use_tls, :cipher_list)
410
412
 
411
413
  [priv_key, cert_chain].each do |file|
412
414
  next if file.nil? or file.empty?
@@ -414,7 +416,7 @@ module EventMachine
414
416
  "Could not find #{file} for start_tls" unless File.exists? file
415
417
  end
416
418
 
417
- EventMachine::set_tls_parms(@signature, priv_key || '', cert_chain || '', verify_peer, (use_tls ? true : false))
419
+ EventMachine::set_tls_parms(@signature, priv_key || '', cert_chain || '', verify_peer, (use_tls ? true : false), cipher_list || '')
418
420
  EventMachine::start_tls @signature
419
421
  end
420
422
 
data/lib/jeventmachine.rb CHANGED
@@ -269,7 +269,7 @@ module EventMachine
269
269
  @em.getConnectionCount
270
270
  end
271
271
 
272
- def self.set_tls_parms(sig, privkeyfile, certchainfile, verify_peer)
272
+ def self.set_tls_parms(sig, privkeyfile, certchainfile, verify_peer, use_tls, cipher_list)
273
273
  keystore = KeyStoreBuilder.create privkeyfile, certchainfile unless (privkeyfile.empty? or certchainfile.empty?)
274
274
  @em.setTlsParms(sig, keystore, (!!verify_peer))
275
275
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: sensu-em
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.3.0
4
+ version: 2.4.0
5
5
  platform: java
6
6
  authors:
7
7
  - Francis Cianfrocca