sensu-em 2.3.0 → 2.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/eventmachine.gemspec +1 -1
- data/ext/cmain.cpp +2 -2
- data/ext/ed.cpp +4 -2
- data/ext/ed.h +3 -2
- data/ext/eventmachine.h +1 -1
- data/ext/rubymain.cpp +3 -3
- data/ext/ssl.cpp +7 -4
- data/ext/ssl.h +2 -2
- data/java/src/com/rubyeventmachine/SslBox.java +2 -1
- data/lib/em/connection.rb +4 -2
- data/lib/jeventmachine.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: b4b0b14ffb2cc39b7058811db726fa9bef75b1ab
|
|
4
|
+
data.tar.gz: a981cef70f86fac70c68b8e38b35192c6cabe103
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: d4b774b0c1fd6c67ee7f60ef24aeddfd45b026877cd3280dd247b40afeff98e07fb5cbb64cbf3fcd29e8cb7268e3b3cfc442c509d43170b9cf7c370ef2c408ae
|
|
7
|
+
data.tar.gz: 7a3308c870c216b4572266afc7fe7b39ed045c96572ea777d6ab9a889253f61b265aa66cb9adf6e5645aafb682b9e0a8af95659bd9974084c9eb53ee12393690
|
data/eventmachine.gemspec
CHANGED
data/ext/cmain.cpp
CHANGED
|
@@ -443,12 +443,12 @@ extern "C" void evma_start_tls (const unsigned long binding)
|
|
|
443
443
|
evma_set_tls_parms
|
|
444
444
|
******************/
|
|
445
445
|
|
|
446
|
-
extern "C" void evma_set_tls_parms (const unsigned long binding, const char *privatekey_filename, const char *certchain_filename, int verify_peer, int use_tls)
|
|
446
|
+
extern "C" void evma_set_tls_parms (const unsigned long binding, const char *privatekey_filename, const char *certchain_filename, int verify_peer, int use_tls, const char *cipherlist)
|
|
447
447
|
{
|
|
448
448
|
ensure_eventmachine("evma_set_tls_parms");
|
|
449
449
|
EventableDescriptor *ed = dynamic_cast <EventableDescriptor*> (Bindable_t::GetObject (binding));
|
|
450
450
|
if (ed)
|
|
451
|
-
|
|
451
|
+
ed->SetTlsParms (privatekey_filename, certchain_filename, (verify_peer == 1 ? true : false), (use_tls == 1 ? true : false), cipherlist);
|
|
452
452
|
}
|
|
453
453
|
|
|
454
454
|
/******************
|
data/ext/ed.cpp
CHANGED
|
@@ -1142,7 +1142,7 @@ void ConnectionDescriptor::StartTls()
|
|
|
1142
1142
|
if (SslBox)
|
|
1143
1143
|
throw std::runtime_error ("SSL/TLS already running on connection");
|
|
1144
1144
|
|
|
1145
|
-
SslBox = new SslBox_t (bIsServer, PrivateKeyFilename, CertChainFilename, bSslVerifyPeer, bSslUseTls, GetBinding());
|
|
1145
|
+
SslBox = new SslBox_t (bIsServer, PrivateKeyFilename, CertChainFilename, bSslVerifyPeer, bSslUseTls, CipherList, GetBinding());
|
|
1146
1146
|
_DispatchCiphertext();
|
|
1147
1147
|
#endif
|
|
1148
1148
|
|
|
@@ -1156,7 +1156,7 @@ void ConnectionDescriptor::StartTls()
|
|
|
1156
1156
|
ConnectionDescriptor::SetTlsParms
|
|
1157
1157
|
*********************************/
|
|
1158
1158
|
|
|
1159
|
-
void ConnectionDescriptor::SetTlsParms (const char *privkey_filename, const char *certchain_filename, bool verify_peer, bool use_tls)
|
|
1159
|
+
void ConnectionDescriptor::SetTlsParms (const char *privkey_filename, const char *certchain_filename, bool verify_peer, bool use_tls, const char *cipherlist)
|
|
1160
1160
|
{
|
|
1161
1161
|
#ifdef WITH_SSL
|
|
1162
1162
|
if (SslBox)
|
|
@@ -1167,6 +1167,8 @@ void ConnectionDescriptor::SetTlsParms (const char *privkey_filename, const char
|
|
|
1167
1167
|
CertChainFilename = certchain_filename;
|
|
1168
1168
|
bSslVerifyPeer = verify_peer;
|
|
1169
1169
|
bSslUseTls = use_tls;
|
|
1170
|
+
if (cipherlist && *cipherlist)
|
|
1171
|
+
CipherList = cipherlist;
|
|
1170
1172
|
#endif
|
|
1171
1173
|
|
|
1172
1174
|
#ifdef WITHOUT_SSL
|
data/ext/ed.h
CHANGED
|
@@ -69,7 +69,7 @@ class EventableDescriptor: public Bindable_t
|
|
|
69
69
|
virtual bool GetSubprocessPid (pid_t*) {return false;}
|
|
70
70
|
|
|
71
71
|
virtual void StartTls() {}
|
|
72
|
-
virtual void SetTlsParms (const char *privkey_filename, const char *certchain_filename, bool verify_peer, bool use_tls) {}
|
|
72
|
+
virtual void SetTlsParms (const char *privkey_filename, const char *certchain_filename, bool verify_peer, bool use_tls, const char *cipherlist) {}
|
|
73
73
|
|
|
74
74
|
#ifdef WITH_SSL
|
|
75
75
|
virtual X509 *GetPeerCert() {return NULL;}
|
|
@@ -193,7 +193,7 @@ class ConnectionDescriptor: public EventableDescriptor
|
|
|
193
193
|
virtual int GetOutboundDataSize() {return OutboundDataSize;}
|
|
194
194
|
|
|
195
195
|
virtual void StartTls();
|
|
196
|
-
virtual void SetTlsParms (const char *privkey_filename, const char *certchain_filename, bool verify_peer, bool use_tls);
|
|
196
|
+
virtual void SetTlsParms (const char *privkey_filename, const char *certchain_filename, bool verify_peer, bool use_tls, const char *cipherlist);
|
|
197
197
|
|
|
198
198
|
#ifdef WITH_SSL
|
|
199
199
|
virtual X509 *GetPeerCert();
|
|
@@ -240,6 +240,7 @@ class ConnectionDescriptor: public EventableDescriptor
|
|
|
240
240
|
bool bHandshakeSignaled;
|
|
241
241
|
bool bSslVerifyPeer;
|
|
242
242
|
bool bSslUseTls;
|
|
243
|
+
std::string CipherList;
|
|
243
244
|
bool bSslPeerAccepted;
|
|
244
245
|
#endif
|
|
245
246
|
|
data/ext/eventmachine.h
CHANGED
|
@@ -67,7 +67,7 @@ extern "C" {
|
|
|
67
67
|
const unsigned long evma_attach_sd (int sd);
|
|
68
68
|
const unsigned long evma_open_datagram_socket (const char *server, int port);
|
|
69
69
|
const unsigned long evma_open_keyboard();
|
|
70
|
-
|
|
70
|
+
void evma_set_tls_parms (const unsigned long binding, const char *privatekey_filename, const char *certchain_filenane, int verify_peer, int use_tls, const char *cipherlist);
|
|
71
71
|
void evma_start_tls (const unsigned long binding);
|
|
72
72
|
|
|
73
73
|
#ifdef WITH_SSL
|
data/ext/rubymain.cpp
CHANGED
|
@@ -311,14 +311,14 @@ static VALUE t_start_tls (VALUE self, VALUE signature)
|
|
|
311
311
|
t_set_tls_parms
|
|
312
312
|
***************/
|
|
313
313
|
|
|
314
|
-
static VALUE t_set_tls_parms (VALUE self, VALUE signature, VALUE privkeyfile, VALUE certchainfile, VALUE verify_peer, VALUE use_tls)
|
|
314
|
+
static VALUE t_set_tls_parms (VALUE self, VALUE signature, VALUE privkeyfile, VALUE certchainfile, VALUE verify_peer, VALUE use_tls, VALUE cipherlist)
|
|
315
315
|
{
|
|
316
316
|
/* set_tls_parms takes a series of positional arguments for specifying such things
|
|
317
317
|
* as private keys and certificate chains.
|
|
318
318
|
* It's expected that the parameter list will grow as we add more supported features.
|
|
319
319
|
* ALL of these parameters are optional, and can be specified as empty or NULL strings.
|
|
320
320
|
*/
|
|
321
|
-
|
|
321
|
+
evma_set_tls_parms (NUM2ULONG (signature), StringValuePtr (privkeyfile), StringValuePtr (certchainfile), (verify_peer == Qtrue ? 1 : 0), (use_tls == Qtrue ? 1 : 0), StringValuePtr(cipherlist));
|
|
322
322
|
return Qnil;
|
|
323
323
|
}
|
|
324
324
|
|
|
@@ -1224,7 +1224,7 @@ extern "C" void Init_rubyeventmachine()
|
|
|
1224
1224
|
rb_define_module_function (EmModule, "stop_tcp_server", (VALUE(*)(...))t_stop_server, 1);
|
|
1225
1225
|
rb_define_module_function (EmModule, "start_unix_server", (VALUE(*)(...))t_start_unix_server, 1);
|
|
1226
1226
|
rb_define_module_function (EmModule, "attach_sd", (VALUE(*)(...))t_attach_sd, 1);
|
|
1227
|
-
rb_define_module_function (EmModule, "set_tls_parms", (VALUE(*)(...))t_set_tls_parms,
|
|
1227
|
+
rb_define_module_function (EmModule, "set_tls_parms", (VALUE(*)(...))t_set_tls_parms, 6);
|
|
1228
1228
|
rb_define_module_function (EmModule, "start_tls", (VALUE(*)(...))t_start_tls, 1);
|
|
1229
1229
|
rb_define_module_function (EmModule, "get_peer_cert", (VALUE(*)(...))t_get_peer_cert, 1);
|
|
1230
1230
|
rb_define_module_function (EmModule, "send_data", (VALUE(*)(...))t_send_data, 3);
|
data/ext/ssl.cpp
CHANGED
|
@@ -120,7 +120,7 @@ static void InitializeDefaultCredentials()
|
|
|
120
120
|
SslContext_t::SslContext_t
|
|
121
121
|
**************************/
|
|
122
122
|
|
|
123
|
-
SslContext_t::SslContext_t (bool is_server, const string &privkeyfile, const string &certchainfile, bool use_tls):
|
|
123
|
+
SslContext_t::SslContext_t (bool is_server, const string &privkeyfile, const string &certchainfile, bool use_tls, const string &cipherlist):
|
|
124
124
|
pCtx (NULL),
|
|
125
125
|
PrivateKey (NULL),
|
|
126
126
|
Certificate (NULL)
|
|
@@ -177,7 +177,10 @@ SslContext_t::SslContext_t (bool is_server, const string &privkeyfile, const str
|
|
|
177
177
|
assert (e > 0);
|
|
178
178
|
}
|
|
179
179
|
|
|
180
|
-
|
|
180
|
+
if (cipherlist.length() > 0)
|
|
181
|
+
SSL_CTX_set_cipher_list (pCtx, cipherlist.c_str());
|
|
182
|
+
else
|
|
183
|
+
SSL_CTX_set_cipher_list (pCtx, "ALL:!ADH:!LOW:!EXP:!DES-CBC3-SHA:@STRENGTH");
|
|
181
184
|
|
|
182
185
|
if (is_server) {
|
|
183
186
|
SSL_CTX_sess_set_cache_size (pCtx, 128);
|
|
@@ -220,7 +223,7 @@ SslContext_t::~SslContext_t()
|
|
|
220
223
|
SslBox_t::SslBox_t
|
|
221
224
|
******************/
|
|
222
225
|
|
|
223
|
-
SslBox_t::SslBox_t (bool is_server, const string &privkeyfile, const string &certchainfile, bool verify_peer, bool use_tls, const unsigned long binding):
|
|
226
|
+
SslBox_t::SslBox_t (bool is_server, const string &privkeyfile, const string &certchainfile, bool verify_peer, bool use_tls, const string &cipherlist, const unsigned long binding):
|
|
224
227
|
bIsServer (is_server),
|
|
225
228
|
bHandshakeCompleted (false),
|
|
226
229
|
bVerifyPeer (verify_peer),
|
|
@@ -233,7 +236,7 @@ SslBox_t::SslBox_t (bool is_server, const string &privkeyfile, const string &cer
|
|
|
233
236
|
* a new one every time we come here.
|
|
234
237
|
*/
|
|
235
238
|
|
|
236
|
-
|
|
239
|
+
Context = new SslContext_t (bIsServer, privkeyfile, certchainfile, use_tls, cipherlist);
|
|
237
240
|
assert (Context);
|
|
238
241
|
|
|
239
242
|
pbioRead = BIO_new (BIO_s_mem());
|
data/ext/ssl.h
CHANGED
|
@@ -33,7 +33,7 @@ class SslContext_t
|
|
|
33
33
|
class SslContext_t
|
|
34
34
|
{
|
|
35
35
|
public:
|
|
36
|
-
|
|
36
|
+
SslContext_t (bool is_server, const string &privkeyfile, const string &certchainfile, bool use_tls, const string &cipherlist);
|
|
37
37
|
virtual ~SslContext_t();
|
|
38
38
|
|
|
39
39
|
private:
|
|
@@ -57,7 +57,7 @@ class SslBox_t
|
|
|
57
57
|
class SslBox_t
|
|
58
58
|
{
|
|
59
59
|
public:
|
|
60
|
-
|
|
60
|
+
SslBox_t (bool is_server, const string &privkeyfile, const string &certchainfile, bool verify_peer, bool use_tls, const string &cipherlist, const unsigned long binding);
|
|
61
61
|
virtual ~SslBox_t();
|
|
62
62
|
|
|
63
63
|
int PutPlaintext (const char*, int);
|
|
@@ -49,6 +49,7 @@ public class SslBox {
|
|
|
49
49
|
|
|
50
50
|
sslContext.init(keyManagers, new TrustManager[] { tm }, null);
|
|
51
51
|
sslEngine = sslContext.createSSLEngine(host, port);
|
|
52
|
+
sslEngine.setEnabledCipherSuites(sslEngine.getSupportedCipherSuites());
|
|
52
53
|
sslEngine.setUseClientMode(!isServer);
|
|
53
54
|
sslEngine.setNeedClientAuth(verifyPeer);
|
|
54
55
|
|
|
@@ -307,4 +308,4 @@ public class SslBox {
|
|
|
307
308
|
return (read);
|
|
308
309
|
}
|
|
309
310
|
|
|
310
|
-
}
|
|
311
|
+
}
|
data/lib/em/connection.rb
CHANGED
|
@@ -382,6 +382,8 @@ module EventMachine
|
|
|
382
382
|
#
|
|
383
383
|
# @option args [Boolean] :use_tls (false) indicates whether TLS or SSL must be offered to the peer. If true TLS is used, SSL otherwise.
|
|
384
384
|
#
|
|
385
|
+
# @option args [String] :cipher_list ("ALL:!ADH:!LOW:!EXP:!DES-CBC3-SHA:@STRENGTH") indicates the available SSL cipher values.
|
|
386
|
+
#
|
|
385
387
|
# @example Using TLS with EventMachine
|
|
386
388
|
#
|
|
387
389
|
# require 'rubygems'
|
|
@@ -406,7 +408,7 @@ module EventMachine
|
|
|
406
408
|
#
|
|
407
409
|
# @see #ssl_verify_peer
|
|
408
410
|
def start_tls args={}
|
|
409
|
-
priv_key, cert_chain, verify_peer, use_tls = args.values_at(:private_key_file, :cert_chain_file, :verify_peer, :use_tls)
|
|
411
|
+
priv_key, cert_chain, verify_peer, use_tls, cipher_list = args.values_at(:private_key_file, :cert_chain_file, :verify_peer, :use_tls, :cipher_list)
|
|
410
412
|
|
|
411
413
|
[priv_key, cert_chain].each do |file|
|
|
412
414
|
next if file.nil? or file.empty?
|
|
@@ -414,7 +416,7 @@ module EventMachine
|
|
|
414
416
|
"Could not find #{file} for start_tls" unless File.exists? file
|
|
415
417
|
end
|
|
416
418
|
|
|
417
|
-
EventMachine::set_tls_parms(@signature, priv_key || '', cert_chain || '', verify_peer, (use_tls ? true : false))
|
|
419
|
+
EventMachine::set_tls_parms(@signature, priv_key || '', cert_chain || '', verify_peer, (use_tls ? true : false), cipher_list || '')
|
|
418
420
|
EventMachine::start_tls @signature
|
|
419
421
|
end
|
|
420
422
|
|
data/lib/jeventmachine.rb
CHANGED
|
@@ -269,7 +269,7 @@ module EventMachine
|
|
|
269
269
|
@em.getConnectionCount
|
|
270
270
|
end
|
|
271
271
|
|
|
272
|
-
def self.set_tls_parms(sig, privkeyfile, certchainfile, verify_peer)
|
|
272
|
+
def self.set_tls_parms(sig, privkeyfile, certchainfile, verify_peer, use_tls, cipher_list)
|
|
273
273
|
keystore = KeyStoreBuilder.create privkeyfile, certchainfile unless (privkeyfile.empty? or certchainfile.empty?)
|
|
274
274
|
@em.setTlsParms(sig, keystore, (!!verify_peer))
|
|
275
275
|
end
|