ssl_allow_cname 0.1.2 → 0.1.3

Sign up to get free protection for your applications and to get access to all the features.
Files changed (4) hide show
  1. checksums.yaml +4 -4
  2. data/lib/ssl_allow_cname.rb +31 -21
  3. data/lib/ssl_allow_cname/version.rb +1 -1
  4. metadata +1 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 94970aaf1f5def94d7513dd3cfc75a629b62bc37
4
- data.tar.gz: 1231561a89078951f38f22a70c69cba9d1cde2e4
3
+ metadata.gz: cd9a1a0a538978860ac3c85759c5b63e123353e1
4
+ data.tar.gz: 38374a3700d5292652387643fcc9ad404faed984
5
5
  SHA512:
6
- metadata.gz: 219e861ce7dd2a7f71998eaa62b7f387e66b123c4d23c0bd0dca6b8da248b4747dd40ad9f3713928602e1152a230b7892d0bf6b58efa2d9b8aff4b4f960f6b98
7
- data.tar.gz: 01d586e2c6c20c9a804a9f8db3a0baca695e6b9869fccfdc49b4615f247f4e78d60fe6a283c2bc8a3e7d9a7550fa3eabfe8687a62b95ba97dcfd8ddc95253331
6
+ metadata.gz: cbaa6fd49e2bd2d432e021726a31601e3a31d1e4c993784370230ce228142f2ed39c99120df3e8ef6ccc1bad93b370f654b8d70e1e0d37ae23de3550b5949aa1
7
+ data.tar.gz: 651865332f539e2aa1db220ff46eb45d58dc7eb9326bb8f92c5e55f961505d5e2608dcd8a68e67349f2ff88a65dd16681f3010e69609a3f10061332225a267cd
data/lib/ssl_allow_cname.rb CHANGED
@@ -2,33 +2,43 @@ require "ssl_allow_cname/version"
2
2
  require 'openssl'
3
3
 
4
4
  module SslAllowCname
5
- module MonkeyPatch
5
+ module SSLContext
6
+ attr_accessor :allow_cname
7
+ end
6
8
 
7
- module_function
8
- def verify_hostname(hostname, san)
9
- return @allow_cname ? verify_allow_cname(hostname, san)
10
- : super
11
- end
9
+ module SSLSocket
10
+ def post_connection_check(hostname)
11
+ return super if context.allow_cname.nil?
12
+
13
+ cname = peer_cert.subject.to_a.map do |oid, value|
14
+ oid == 'CN' ? value : nil
15
+ end.compact.first
12
16
 
13
- def verify_allow_cname(hostname, san)
14
- Array(@allow_cname).each do |test|
17
+ passed = Array(context.allow_cname).any? do |test|
15
18
  case test
16
- when String
17
- return true if san == test
18
- when Regexp
19
- return true if test.match(san)
20
- when Proc
21
- result = (test.arity == 1) ? test.call(san)
22
- : test.call(san, hostname)
23
- return true if result
19
+ when String, Regexp
20
+ test === cname
21
+ when Proc
22
+ (test.arity == 1) ? test.call(cname)
23
+ : test.call(cname, hostname)
24
+ when :match
25
+ begin
26
+ super
27
+ true
28
+ rescue SSLError
29
+ false
30
+ end
24
31
  end
25
32
  end
26
- return false
33
+
34
+ unless passed
35
+ fail OpenSSL::SSL::SSLError, "Peer certificate did not match any " +
36
+ "predicate in :allow_cname. Use :match " +
37
+ "to get normal CommonName/Host validation"
38
+ end
27
39
  end
28
40
  end
29
41
  end
30
42
 
31
- class OpenSSL::SSL::SSLContext
32
- attr_accessor :allow_cname
33
- prepend SslAllowCname::MonkeyPatch
34
- end
43
+ OpenSSL::SSL::SSLContext.prepend(SslAllowCname::SSLContext)
44
+ OpenSSL::SSL::SSLSocket.prepend(SslAllowCname::SSLSocket)
data/lib/ssl_allow_cname/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module SslAllowCname
2
- VERSION = "0.1.2"
2
+ VERSION = "0.1.3"
3
3
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: ssl_allow_cname
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.2
4
+ version: 0.1.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - Mike A. Owens