sensu-em 2.3.0 → 2.4.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/eventmachine.gemspec +1 -1
- data/ext/cmain.cpp +2 -2
- data/ext/ed.cpp +4 -2
- data/ext/ed.h +3 -2
- data/ext/eventmachine.h +1 -1
- data/ext/rubymain.cpp +3 -3
- data/ext/ssl.cpp +7 -4
- data/ext/ssl.h +2 -2
- data/java/src/com/rubyeventmachine/SslBox.java +2 -1
- data/lib/em/connection.rb +4 -2
- data/lib/jeventmachine.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: b4b0b14ffb2cc39b7058811db726fa9bef75b1ab
|
|
4
|
+
data.tar.gz: a981cef70f86fac70c68b8e38b35192c6cabe103
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: d4b774b0c1fd6c67ee7f60ef24aeddfd45b026877cd3280dd247b40afeff98e07fb5cbb64cbf3fcd29e8cb7268e3b3cfc442c509d43170b9cf7c370ef2c408ae
|
|
7
|
+
data.tar.gz: 7a3308c870c216b4572266afc7fe7b39ed045c96572ea777d6ab9a889253f61b265aa66cb9adf6e5645aafb682b9e0a8af95659bd9974084c9eb53ee12393690
|
data/eventmachine.gemspec
CHANGED
data/ext/cmain.cpp
CHANGED
|
@@ -443,12 +443,12 @@ extern "C" void evma_start_tls (const unsigned long binding)
|
|
|
443
443
|
evma_set_tls_parms
|
|
444
444
|
******************/
|
|
445
445
|
|
|
446
|
-
extern "C" void evma_set_tls_parms (const unsigned long binding, const char *privatekey_filename, const char *certchain_filename, int verify_peer, int use_tls)
|
|
446
|
+
extern "C" void evma_set_tls_parms (const unsigned long binding, const char *privatekey_filename, const char *certchain_filename, int verify_peer, int use_tls, const char *cipherlist)
|
|
447
447
|
{
|
|
448
448
|
ensure_eventmachine("evma_set_tls_parms");
|
|
449
449
|
EventableDescriptor *ed = dynamic_cast <EventableDescriptor*> (Bindable_t::GetObject (binding));
|
|
450
450
|
if (ed)
|
|
451
|
-
|
|
451
|
+
ed->SetTlsParms (privatekey_filename, certchain_filename, (verify_peer == 1 ? true : false), (use_tls == 1 ? true : false), cipherlist);
|
|
452
452
|
}
|
|
453
453
|
|
|
454
454
|
/******************
|
data/ext/ed.cpp
CHANGED
|
@@ -1142,7 +1142,7 @@ void ConnectionDescriptor::StartTls()
|
|
|
1142
1142
|
if (SslBox)
|
|
1143
1143
|
throw std::runtime_error ("SSL/TLS already running on connection");
|
|
1144
1144
|
|
|
1145
|
-
SslBox = new SslBox_t (bIsServer, PrivateKeyFilename, CertChainFilename, bSslVerifyPeer, bSslUseTls, GetBinding());
|
|
1145
|
+
SslBox = new SslBox_t (bIsServer, PrivateKeyFilename, CertChainFilename, bSslVerifyPeer, bSslUseTls, CipherList, GetBinding());
|
|
1146
1146
|
_DispatchCiphertext();
|
|
1147
1147
|
#endif
|
|
1148
1148
|
|
|
@@ -1156,7 +1156,7 @@ void ConnectionDescriptor::StartTls()
|
|
|
1156
1156
|
ConnectionDescriptor::SetTlsParms
|
|
1157
1157
|
*********************************/
|
|
1158
1158
|
|
|
1159
|
-
void ConnectionDescriptor::SetTlsParms (const char *privkey_filename, const char *certchain_filename, bool verify_peer, bool use_tls)
|
|
1159
|
+
void ConnectionDescriptor::SetTlsParms (const char *privkey_filename, const char *certchain_filename, bool verify_peer, bool use_tls, const char *cipherlist)
|
|
1160
1160
|
{
|
|
1161
1161
|
#ifdef WITH_SSL
|
|
1162
1162
|
if (SslBox)
|
|
@@ -1167,6 +1167,8 @@ void ConnectionDescriptor::SetTlsParms (const char *privkey_filename, const char
|
|
|
1167
1167
|
CertChainFilename = certchain_filename;
|
|
1168
1168
|
bSslVerifyPeer = verify_peer;
|
|
1169
1169
|
bSslUseTls = use_tls;
|
|
1170
|
+
if (cipherlist && *cipherlist)
|
|
1171
|
+
CipherList = cipherlist;
|
|
1170
1172
|
#endif
|
|
1171
1173
|
|
|
1172
1174
|
#ifdef WITHOUT_SSL
|
data/ext/ed.h
CHANGED
|
@@ -69,7 +69,7 @@ class EventableDescriptor: public Bindable_t
|
|
|
69
69
|
virtual bool GetSubprocessPid (pid_t*) {return false;}
|
|
70
70
|
|
|
71
71
|
virtual void StartTls() {}
|
|
72
|
-
virtual void SetTlsParms (const char *privkey_filename, const char *certchain_filename, bool verify_peer, bool use_tls) {}
|
|
72
|
+
virtual void SetTlsParms (const char *privkey_filename, const char *certchain_filename, bool verify_peer, bool use_tls, const char *cipherlist) {}
|
|
73
73
|
|
|
74
74
|
#ifdef WITH_SSL
|
|
75
75
|
virtual X509 *GetPeerCert() {return NULL;}
|
|
@@ -193,7 +193,7 @@ class ConnectionDescriptor: public EventableDescriptor
|
|
|
193
193
|
virtual int GetOutboundDataSize() {return OutboundDataSize;}
|
|
194
194
|
|
|
195
195
|
virtual void StartTls();
|
|
196
|
-
virtual void SetTlsParms (const char *privkey_filename, const char *certchain_filename, bool verify_peer, bool use_tls);
|
|
196
|
+
virtual void SetTlsParms (const char *privkey_filename, const char *certchain_filename, bool verify_peer, bool use_tls, const char *cipherlist);
|
|
197
197
|
|
|
198
198
|
#ifdef WITH_SSL
|
|
199
199
|
virtual X509 *GetPeerCert();
|
|
@@ -240,6 +240,7 @@ class ConnectionDescriptor: public EventableDescriptor
|
|
|
240
240
|
bool bHandshakeSignaled;
|
|
241
241
|
bool bSslVerifyPeer;
|
|
242
242
|
bool bSslUseTls;
|
|
243
|
+
std::string CipherList;
|
|
243
244
|
bool bSslPeerAccepted;
|
|
244
245
|
#endif
|
|
245
246
|
|
data/ext/eventmachine.h
CHANGED
|
@@ -67,7 +67,7 @@ extern "C" {
|
|
|
67
67
|
const unsigned long evma_attach_sd (int sd);
|
|
68
68
|
const unsigned long evma_open_datagram_socket (const char *server, int port);
|
|
69
69
|
const unsigned long evma_open_keyboard();
|
|
70
|
-
|
|
70
|
+
void evma_set_tls_parms (const unsigned long binding, const char *privatekey_filename, const char *certchain_filenane, int verify_peer, int use_tls, const char *cipherlist);
|
|
71
71
|
void evma_start_tls (const unsigned long binding);
|
|
72
72
|
|
|
73
73
|
#ifdef WITH_SSL
|
data/ext/rubymain.cpp
CHANGED
|
@@ -311,14 +311,14 @@ static VALUE t_start_tls (VALUE self, VALUE signature)
|
|
|
311
311
|
t_set_tls_parms
|
|
312
312
|
***************/
|
|
313
313
|
|
|
314
|
-
static VALUE t_set_tls_parms (VALUE self, VALUE signature, VALUE privkeyfile, VALUE certchainfile, VALUE verify_peer, VALUE use_tls)
|
|
314
|
+
static VALUE t_set_tls_parms (VALUE self, VALUE signature, VALUE privkeyfile, VALUE certchainfile, VALUE verify_peer, VALUE use_tls, VALUE cipherlist)
|
|
315
315
|
{
|
|
316
316
|
/* set_tls_parms takes a series of positional arguments for specifying such things
|
|
317
317
|
* as private keys and certificate chains.
|
|
318
318
|
* It's expected that the parameter list will grow as we add more supported features.
|
|
319
319
|
* ALL of these parameters are optional, and can be specified as empty or NULL strings.
|
|
320
320
|
*/
|
|
321
|
-
|
|
321
|
+
evma_set_tls_parms (NUM2ULONG (signature), StringValuePtr (privkeyfile), StringValuePtr (certchainfile), (verify_peer == Qtrue ? 1 : 0), (use_tls == Qtrue ? 1 : 0), StringValuePtr(cipherlist));
|
|
322
322
|
return Qnil;
|
|
323
323
|
}
|
|
324
324
|
|
|
@@ -1224,7 +1224,7 @@ extern "C" void Init_rubyeventmachine()
|
|
|
1224
1224
|
rb_define_module_function (EmModule, "stop_tcp_server", (VALUE(*)(...))t_stop_server, 1);
|
|
1225
1225
|
rb_define_module_function (EmModule, "start_unix_server", (VALUE(*)(...))t_start_unix_server, 1);
|
|
1226
1226
|
rb_define_module_function (EmModule, "attach_sd", (VALUE(*)(...))t_attach_sd, 1);
|
|
1227
|
-
rb_define_module_function (EmModule, "set_tls_parms", (VALUE(*)(...))t_set_tls_parms,
|
|
1227
|
+
rb_define_module_function (EmModule, "set_tls_parms", (VALUE(*)(...))t_set_tls_parms, 6);
|
|
1228
1228
|
rb_define_module_function (EmModule, "start_tls", (VALUE(*)(...))t_start_tls, 1);
|
|
1229
1229
|
rb_define_module_function (EmModule, "get_peer_cert", (VALUE(*)(...))t_get_peer_cert, 1);
|
|
1230
1230
|
rb_define_module_function (EmModule, "send_data", (VALUE(*)(...))t_send_data, 3);
|
data/ext/ssl.cpp
CHANGED
|
@@ -120,7 +120,7 @@ static void InitializeDefaultCredentials()
|
|
|
120
120
|
SslContext_t::SslContext_t
|
|
121
121
|
**************************/
|
|
122
122
|
|
|
123
|
-
SslContext_t::SslContext_t (bool is_server, const string &privkeyfile, const string &certchainfile, bool use_tls):
|
|
123
|
+
SslContext_t::SslContext_t (bool is_server, const string &privkeyfile, const string &certchainfile, bool use_tls, const string &cipherlist):
|
|
124
124
|
pCtx (NULL),
|
|
125
125
|
PrivateKey (NULL),
|
|
126
126
|
Certificate (NULL)
|
|
@@ -177,7 +177,10 @@ SslContext_t::SslContext_t (bool is_server, const string &privkeyfile, const str
|
|
|
177
177
|
assert (e > 0);
|
|
178
178
|
}
|
|
179
179
|
|
|
180
|
-
|
|
180
|
+
if (cipherlist.length() > 0)
|
|
181
|
+
SSL_CTX_set_cipher_list (pCtx, cipherlist.c_str());
|
|
182
|
+
else
|
|
183
|
+
SSL_CTX_set_cipher_list (pCtx, "ALL:!ADH:!LOW:!EXP:!DES-CBC3-SHA:@STRENGTH");
|
|
181
184
|
|
|
182
185
|
if (is_server) {
|
|
183
186
|
SSL_CTX_sess_set_cache_size (pCtx, 128);
|
|
@@ -220,7 +223,7 @@ SslContext_t::~SslContext_t()
|
|
|
220
223
|
SslBox_t::SslBox_t
|
|
221
224
|
******************/
|
|
222
225
|
|
|
223
|
-
SslBox_t::SslBox_t (bool is_server, const string &privkeyfile, const string &certchainfile, bool verify_peer, bool use_tls, const unsigned long binding):
|
|
226
|
+
SslBox_t::SslBox_t (bool is_server, const string &privkeyfile, const string &certchainfile, bool verify_peer, bool use_tls, const string &cipherlist, const unsigned long binding):
|
|
224
227
|
bIsServer (is_server),
|
|
225
228
|
bHandshakeCompleted (false),
|
|
226
229
|
bVerifyPeer (verify_peer),
|
|
@@ -233,7 +236,7 @@ SslBox_t::SslBox_t (bool is_server, const string &privkeyfile, const string &cer
|
|
|
233
236
|
* a new one every time we come here.
|
|
234
237
|
*/
|
|
235
238
|
|
|
236
|
-
|
|
239
|
+
Context = new SslContext_t (bIsServer, privkeyfile, certchainfile, use_tls, cipherlist);
|
|
237
240
|
assert (Context);
|
|
238
241
|
|
|
239
242
|
pbioRead = BIO_new (BIO_s_mem());
|
data/ext/ssl.h
CHANGED
|
@@ -33,7 +33,7 @@ class SslContext_t
|
|
|
33
33
|
class SslContext_t
|
|
34
34
|
{
|
|
35
35
|
public:
|
|
36
|
-
|
|
36
|
+
SslContext_t (bool is_server, const string &privkeyfile, const string &certchainfile, bool use_tls, const string &cipherlist);
|
|
37
37
|
virtual ~SslContext_t();
|
|
38
38
|
|
|
39
39
|
private:
|
|
@@ -57,7 +57,7 @@ class SslBox_t
|
|
|
57
57
|
class SslBox_t
|
|
58
58
|
{
|
|
59
59
|
public:
|
|
60
|
-
|
|
60
|
+
SslBox_t (bool is_server, const string &privkeyfile, const string &certchainfile, bool verify_peer, bool use_tls, const string &cipherlist, const unsigned long binding);
|
|
61
61
|
virtual ~SslBox_t();
|
|
62
62
|
|
|
63
63
|
int PutPlaintext (const char*, int);
|
|
@@ -49,6 +49,7 @@ public class SslBox {
|
|
|
49
49
|
|
|
50
50
|
sslContext.init(keyManagers, new TrustManager[] { tm }, null);
|
|
51
51
|
sslEngine = sslContext.createSSLEngine(host, port);
|
|
52
|
+
sslEngine.setEnabledCipherSuites(sslEngine.getSupportedCipherSuites());
|
|
52
53
|
sslEngine.setUseClientMode(!isServer);
|
|
53
54
|
sslEngine.setNeedClientAuth(verifyPeer);
|
|
54
55
|
|
|
@@ -307,4 +308,4 @@ public class SslBox {
|
|
|
307
308
|
return (read);
|
|
308
309
|
}
|
|
309
310
|
|
|
310
|
-
}
|
|
311
|
+
}
|
data/lib/em/connection.rb
CHANGED
|
@@ -382,6 +382,8 @@ module EventMachine
|
|
|
382
382
|
#
|
|
383
383
|
# @option args [Boolean] :use_tls (false) indicates whether TLS or SSL must be offered to the peer. If true TLS is used, SSL otherwise.
|
|
384
384
|
#
|
|
385
|
+
# @option args [String] :cipher_list ("ALL:!ADH:!LOW:!EXP:!DES-CBC3-SHA:@STRENGTH") indicates the available SSL cipher values.
|
|
386
|
+
#
|
|
385
387
|
# @example Using TLS with EventMachine
|
|
386
388
|
#
|
|
387
389
|
# require 'rubygems'
|
|
@@ -406,7 +408,7 @@ module EventMachine
|
|
|
406
408
|
#
|
|
407
409
|
# @see #ssl_verify_peer
|
|
408
410
|
def start_tls args={}
|
|
409
|
-
priv_key, cert_chain, verify_peer, use_tls = args.values_at(:private_key_file, :cert_chain_file, :verify_peer, :use_tls)
|
|
411
|
+
priv_key, cert_chain, verify_peer, use_tls, cipher_list = args.values_at(:private_key_file, :cert_chain_file, :verify_peer, :use_tls, :cipher_list)
|
|
410
412
|
|
|
411
413
|
[priv_key, cert_chain].each do |file|
|
|
412
414
|
next if file.nil? or file.empty?
|
|
@@ -414,7 +416,7 @@ module EventMachine
|
|
|
414
416
|
"Could not find #{file} for start_tls" unless File.exists? file
|
|
415
417
|
end
|
|
416
418
|
|
|
417
|
-
EventMachine::set_tls_parms(@signature, priv_key || '', cert_chain || '', verify_peer, (use_tls ? true : false))
|
|
419
|
+
EventMachine::set_tls_parms(@signature, priv_key || '', cert_chain || '', verify_peer, (use_tls ? true : false), cipher_list || '')
|
|
418
420
|
EventMachine::start_tls @signature
|
|
419
421
|
end
|
|
420
422
|
|
data/lib/jeventmachine.rb
CHANGED
|
@@ -269,7 +269,7 @@ module EventMachine
|
|
|
269
269
|
@em.getConnectionCount
|
|
270
270
|
end
|
|
271
271
|
|
|
272
|
-
def self.set_tls_parms(sig, privkeyfile, certchainfile, verify_peer)
|
|
272
|
+
def self.set_tls_parms(sig, privkeyfile, certchainfile, verify_peer, use_tls, cipher_list)
|
|
273
273
|
keystore = KeyStoreBuilder.create privkeyfile, certchainfile unless (privkeyfile.empty? or certchainfile.empty?)
|
|
274
274
|
@em.setTlsParms(sig, keystore, (!!verify_peer))
|
|
275
275
|
end
|