smart_proxy_dynflow_core 0.2.4 → 0.2.5
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 1e605170d98b043dbebe0199fa07878a479c49517398b76b9ea8763b3f11a944
|
4
|
+
data.tar.gz: 3ca809db6838f8922b523c05b9009f7c06f6f3b7b225f708c0250dab92ee42e5
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 83e7a7cefc7149bbdd9ea1fe75e10abcf3b3264aff1831e64aa87ac9e136404e35c5caf18d376e40be6d7ea845815f30aaa7a3a654d25236d437d7db84472f95
|
7
|
+
data.tar.gz: f748d215cca4ddf825b5f692568f162afdaf16aa394efb776df551365eaf1a09a925f9698a30f16e68c249865976a3aa8115ce5149e845403d1a7598f5de6380
|
@@ -1,11 +1,13 @@
|
|
1
1
|
require 'webrick/https'
|
2
2
|
require 'smart_proxy_dynflow_core/bundler_helper'
|
3
3
|
require 'smart_proxy_dynflow_core/settings'
|
4
|
-
# mute Ruby redefinition warnings when running embedded
|
5
|
-
require 'smart_proxy_dynflow_core/webrick-patch' unless defined?(::Proxy::Launcher)
|
6
4
|
|
7
5
|
module SmartProxyDynflowCore
|
8
6
|
class Launcher
|
7
|
+
CIPHERS = ['ECDHE-RSA-AES128-GCM-SHA256', 'ECDHE-RSA-AES256-GCM-SHA384',
|
8
|
+
'AES128-GCM-SHA256', 'AES256-GCM-SHA384', 'AES128-SHA256',
|
9
|
+
'AES256-SHA256', 'AES128-SHA', 'AES256-SHA'].freeze
|
10
|
+
|
9
11
|
def self.launch!(options)
|
10
12
|
self.new.start options
|
11
13
|
end
|
@@ -93,6 +95,7 @@ module SmartProxyDynflowCore
|
|
93
95
|
ssl_options |= OpenSSL::SSL::OP_NO_SSLv2 if defined?(OpenSSL::SSL::OP_NO_SSLv2)
|
94
96
|
ssl_options |= OpenSSL::SSL::OP_NO_SSLv3 if defined?(OpenSSL::SSL::OP_NO_SSLv3)
|
95
97
|
ssl_options |= OpenSSL::SSL::OP_NO_TLSv1 if defined?(OpenSSL::SSL::OP_NO_TLSv1)
|
98
|
+
ssl_options |= OpenSSL::SSL::OP_NO_TLSv1_1 if defined?(OpenSSL::SSL::OP_NO_TLSv1_1)
|
96
99
|
|
97
100
|
if Settings.instance.tls_disabled_versions
|
98
101
|
Settings.instance.tls_disabled_versions.each do |version|
|
@@ -113,6 +116,7 @@ module SmartProxyDynflowCore
|
|
113
116
|
:SSLPrivateKey => ssl_private_key,
|
114
117
|
:SSLCertificate => ssl_certificate,
|
115
118
|
:SSLCACertificateFile => Settings.instance.ssl_ca_file,
|
119
|
+
:SSLCiphers => CIPHERS - SmartProxyDynflowCore::Settings.instance.ssl_disabled_ciphers,
|
116
120
|
:SSLOptions => ssl_options
|
117
121
|
}
|
118
122
|
end
|
@@ -22,7 +22,7 @@ Gem::Specification.new do |gem|
|
|
22
22
|
gem.require_paths = ["lib"]
|
23
23
|
gem.license = 'GPL-3.0'
|
24
24
|
|
25
|
-
gem.add_development_dependency "bundler", "
|
25
|
+
gem.add_development_dependency "bundler", ">= 1.7"
|
26
26
|
gem.add_development_dependency('minitest')
|
27
27
|
gem.add_development_dependency('mocha', '~> 1')
|
28
28
|
gem.add_development_dependency('rack-test', '~> 0')
|
metadata
CHANGED
@@ -1,27 +1,27 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: smart_proxy_dynflow_core
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.2.
|
4
|
+
version: 0.2.5
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Ivan Nečas
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2020-05-06 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|
15
15
|
requirement: !ruby/object:Gem::Requirement
|
16
16
|
requirements:
|
17
|
-
- - "
|
17
|
+
- - ">="
|
18
18
|
- !ruby/object:Gem::Version
|
19
19
|
version: '1.7'
|
20
20
|
type: :development
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
|
-
- - "
|
24
|
+
- - ">="
|
25
25
|
- !ruby/object:Gem::Version
|
26
26
|
version: '1.7'
|
27
27
|
- !ruby/object:Gem::Dependency
|
@@ -218,7 +218,6 @@ files:
|
|
218
218
|
- lib/smart_proxy_dynflow_core/task_launcher_registry.rb
|
219
219
|
- lib/smart_proxy_dynflow_core/testing.rb
|
220
220
|
- lib/smart_proxy_dynflow_core/version.rb
|
221
|
-
- lib/smart_proxy_dynflow_core/webrick-patch.rb
|
222
221
|
- smart_proxy_dynflow_core.gemspec
|
223
222
|
homepage: https://github.com/theforeman/smart_proxy_dynflow
|
224
223
|
licenses:
|
@@ -1,38 +0,0 @@
|
|
1
|
-
require 'webrick/https'
|
2
|
-
|
3
|
-
CIPHERS = ['ECDHE-RSA-AES128-GCM-SHA256', 'ECDHE-RSA-AES256-GCM-SHA384',
|
4
|
-
'AES128-GCM-SHA256', 'AES256-GCM-SHA384', 'AES128-SHA256',
|
5
|
-
'AES256-SHA256', 'AES128-SHA', 'AES256-SHA'].freeze
|
6
|
-
|
7
|
-
module WEBrick
|
8
|
-
class GenericServer
|
9
|
-
# rubocop:disable Metrics/AbcSize
|
10
|
-
def setup_ssl_context(config) # :nodoc:
|
11
|
-
unless config[:SSLCertificate]
|
12
|
-
cn = config[:SSLCertName]
|
13
|
-
comment = config[:SSLCertComment]
|
14
|
-
cert, key = Utils.create_self_signed_cert(1024, cn, comment)
|
15
|
-
config[:SSLCertificate] = cert
|
16
|
-
config[:SSLPrivateKey] = key
|
17
|
-
end
|
18
|
-
ctx = OpenSSL::SSL::SSLContext.new
|
19
|
-
ctx.set_params
|
20
|
-
ctx.ciphers = (CIPHERS - SmartProxyDynflowCore::Settings.instance.ssl_disabled_ciphers).join(':')
|
21
|
-
ctx.key = config[:SSLPrivateKey]
|
22
|
-
ctx.cert = config[:SSLCertificate]
|
23
|
-
ctx.client_ca = config[:SSLClientCA]
|
24
|
-
ctx.extra_chain_cert = config[:SSLExtraChainCert]
|
25
|
-
ctx.ca_file = config[:SSLCACertificateFile]
|
26
|
-
ctx.ca_path = config[:SSLCACertificatePath]
|
27
|
-
ctx.cert_store = config[:SSLCertificateStore]
|
28
|
-
ctx.tmp_dh_callback = config[:SSLTmpDhCallback]
|
29
|
-
ctx.verify_mode = config[:SSLVerifyClient]
|
30
|
-
ctx.verify_depth = config[:SSLVerifyDepth]
|
31
|
-
ctx.verify_callback = config[:SSLVerifyCallback]
|
32
|
-
ctx.timeout = config[:SSLTimeout]
|
33
|
-
ctx.options |= config[:SSLOptions] unless config[:SSLOptions].nil?
|
34
|
-
ctx
|
35
|
-
end
|
36
|
-
# rubocop:enable Metrics/AbcSize
|
37
|
-
end
|
38
|
-
end
|