uninterruptible 2.1.1 → 2.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +4 -0
- data/README.md +2 -0
- data/lib/uninterruptible/configuration.rb +14 -1
- data/lib/uninterruptible/tls_server_factory.rb +6 -0
- data/lib/uninterruptible/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 42e77ed731e5fa9282a2ae7976a81c8cebf3ca30
|
4
|
+
data.tar.gz: 7914f883f7209fabae8fb8a0e7309b76506f0e16
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 1c9d0f312b9d34745710d1c930bd275b633eb20d8b85ad387cf3b3bca75fa551189ac6a2291624a2f308a8cfcab70016411af6eccc7884cabf6ad3ff689e1990
|
7
|
+
data.tar.gz: 7ad3f76b3eb6fca1399aac4c9ba8554bf1677967ba5942d0917444eb0e6249ec44b198253a1d94dafe36419787d8a0ae5857863a7739c202b9aa8fd27c9692b0
|
data/CHANGELOG.md
CHANGED
data/README.md
CHANGED
@@ -67,6 +67,8 @@ echo_server.configure do |config|
|
|
67
67
|
config.tls_version = 'TLSv1_2' # TLS version to use, defaults to TLSv1_2, falls back to ENV['TLS_VERSION']
|
68
68
|
config.tls_key = nil # Private key to use for TLS, reads file from ENV['TLS_KEY'] if set
|
69
69
|
config.tls_certificate = nil # Certificate to use for TLS, reads file from ENV['TLS_CERTIFICATE'] if set
|
70
|
+
config.verify_client_tls_certificate = false # Should client TLS certificates be required and verifiyed? Falls back to ENV['VERIFY_CLIENT_TLS_CERTIFICATE']
|
71
|
+
config.client_tls_certificate_ca = nil # Path to a trusted CA for client certificates. Implies `config.verify_client_tls_certificate = true`. Falls back to ENV['CLIENT_TLS_CERTIFICATE_CA']
|
70
72
|
end
|
71
73
|
```
|
72
74
|
|
@@ -6,7 +6,7 @@ module Uninterruptible
|
|
6
6
|
AVAILABLE_SSL_VERSIONS = %w[TLSv1_1 TLSv1_2].freeze
|
7
7
|
|
8
8
|
attr_writer :bind, :bind_port, :bind_address, :pidfile_path, :start_command, :log_path, :log_level, :tls_version,
|
9
|
-
:tls_key, :tls_certificate
|
9
|
+
:tls_key, :tls_certificate, :verify_client_tls_certificate, :client_tls_certificate_ca
|
10
10
|
|
11
11
|
# Available TCP Port for the server to bind to (required). Falls back to environment variable PORT if set.
|
12
12
|
#
|
@@ -81,5 +81,18 @@ module Uninterruptible
|
|
81
81
|
def tls_certificate
|
82
82
|
@tls_certificate || (ENV['TLS_CERTIFICATE'] ? File.read(ENV['TLS_CERTIFICATE']) : nil)
|
83
83
|
end
|
84
|
+
|
85
|
+
# Should the client be required to present it's own SSL Certificate? Set #verify_client_tls_certificate to true,
|
86
|
+
# or environment variable VERIFY_CLIENT_TLS_CERTIFICATE to enable
|
87
|
+
def verify_client_tls_certificate?
|
88
|
+
@verify_client_tls_certificate == true || !ENV['VERIFY_CLIENT_TLS_CERTIFICATE'].nil? ||
|
89
|
+
!client_tls_certificate_ca.nil?
|
90
|
+
end
|
91
|
+
|
92
|
+
# Validate any connecting clients against a specific CA. If environment variable CLIENT_TLS_CERTIFICATE_CA is set,
|
93
|
+
# attempt to read from that file. Setting this enables #verify_client_tls_certificate?
|
94
|
+
def client_tls_certificate_ca
|
95
|
+
@client_tls_certificate_ca || ENV['CLIENT_TLS_CERTIFICATE_CA']
|
96
|
+
end
|
84
97
|
end
|
85
98
|
end
|
@@ -33,6 +33,12 @@ module Uninterruptible
|
|
33
33
|
context.cert = OpenSSL::X509::Certificate.new(configuration.tls_certificate)
|
34
34
|
context.key = OpenSSL::PKey::RSA.new(configuration.tls_key)
|
35
35
|
context.ssl_version = configuration.tls_version.to_sym
|
36
|
+
|
37
|
+
if configuration.verify_client_tls_certificate?
|
38
|
+
context.verify_mode = OpenSSL::SSL::VERIFY_PEER | OpenSSL::SSL::VERIFY_FAIL_IF_NO_PEER_CERT
|
39
|
+
end
|
40
|
+
context.ca_file = configuration.client_tls_certificate_ca if configuration.client_tls_certificate_ca
|
41
|
+
|
36
42
|
context
|
37
43
|
end
|
38
44
|
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: uninterruptible
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.
|
4
|
+
version: 2.2.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dan Wentworth
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2017-
|
11
|
+
date: 2017-09-01 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|