uninterruptible 2.1.1 → 2.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +4 -0
- data/README.md +2 -0
- data/lib/uninterruptible/configuration.rb +14 -1
- data/lib/uninterruptible/tls_server_factory.rb +6 -0
- data/lib/uninterruptible/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 42e77ed731e5fa9282a2ae7976a81c8cebf3ca30
|
|
4
|
+
data.tar.gz: 7914f883f7209fabae8fb8a0e7309b76506f0e16
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 1c9d0f312b9d34745710d1c930bd275b633eb20d8b85ad387cf3b3bca75fa551189ac6a2291624a2f308a8cfcab70016411af6eccc7884cabf6ad3ff689e1990
|
|
7
|
+
data.tar.gz: 7ad3f76b3eb6fca1399aac4c9ba8554bf1677967ba5942d0917444eb0e6249ec44b198253a1d94dafe36419787d8a0ae5857863a7739c202b9aa8fd27c9692b0
|
data/CHANGELOG.md
CHANGED
data/README.md
CHANGED
|
@@ -67,6 +67,8 @@ echo_server.configure do |config|
|
|
|
67
67
|
config.tls_version = 'TLSv1_2' # TLS version to use, defaults to TLSv1_2, falls back to ENV['TLS_VERSION']
|
|
68
68
|
config.tls_key = nil # Private key to use for TLS, reads file from ENV['TLS_KEY'] if set
|
|
69
69
|
config.tls_certificate = nil # Certificate to use for TLS, reads file from ENV['TLS_CERTIFICATE'] if set
|
|
70
|
+
config.verify_client_tls_certificate = false # Should client TLS certificates be required and verifiyed? Falls back to ENV['VERIFY_CLIENT_TLS_CERTIFICATE']
|
|
71
|
+
config.client_tls_certificate_ca = nil # Path to a trusted CA for client certificates. Implies `config.verify_client_tls_certificate = true`. Falls back to ENV['CLIENT_TLS_CERTIFICATE_CA']
|
|
70
72
|
end
|
|
71
73
|
```
|
|
72
74
|
|
|
@@ -6,7 +6,7 @@ module Uninterruptible
|
|
|
6
6
|
AVAILABLE_SSL_VERSIONS = %w[TLSv1_1 TLSv1_2].freeze
|
|
7
7
|
|
|
8
8
|
attr_writer :bind, :bind_port, :bind_address, :pidfile_path, :start_command, :log_path, :log_level, :tls_version,
|
|
9
|
-
:tls_key, :tls_certificate
|
|
9
|
+
:tls_key, :tls_certificate, :verify_client_tls_certificate, :client_tls_certificate_ca
|
|
10
10
|
|
|
11
11
|
# Available TCP Port for the server to bind to (required). Falls back to environment variable PORT if set.
|
|
12
12
|
#
|
|
@@ -81,5 +81,18 @@ module Uninterruptible
|
|
|
81
81
|
def tls_certificate
|
|
82
82
|
@tls_certificate || (ENV['TLS_CERTIFICATE'] ? File.read(ENV['TLS_CERTIFICATE']) : nil)
|
|
83
83
|
end
|
|
84
|
+
|
|
85
|
+
# Should the client be required to present it's own SSL Certificate? Set #verify_client_tls_certificate to true,
|
|
86
|
+
# or environment variable VERIFY_CLIENT_TLS_CERTIFICATE to enable
|
|
87
|
+
def verify_client_tls_certificate?
|
|
88
|
+
@verify_client_tls_certificate == true || !ENV['VERIFY_CLIENT_TLS_CERTIFICATE'].nil? ||
|
|
89
|
+
!client_tls_certificate_ca.nil?
|
|
90
|
+
end
|
|
91
|
+
|
|
92
|
+
# Validate any connecting clients against a specific CA. If environment variable CLIENT_TLS_CERTIFICATE_CA is set,
|
|
93
|
+
# attempt to read from that file. Setting this enables #verify_client_tls_certificate?
|
|
94
|
+
def client_tls_certificate_ca
|
|
95
|
+
@client_tls_certificate_ca || ENV['CLIENT_TLS_CERTIFICATE_CA']
|
|
96
|
+
end
|
|
84
97
|
end
|
|
85
98
|
end
|
|
@@ -33,6 +33,12 @@ module Uninterruptible
|
|
|
33
33
|
context.cert = OpenSSL::X509::Certificate.new(configuration.tls_certificate)
|
|
34
34
|
context.key = OpenSSL::PKey::RSA.new(configuration.tls_key)
|
|
35
35
|
context.ssl_version = configuration.tls_version.to_sym
|
|
36
|
+
|
|
37
|
+
if configuration.verify_client_tls_certificate?
|
|
38
|
+
context.verify_mode = OpenSSL::SSL::VERIFY_PEER | OpenSSL::SSL::VERIFY_FAIL_IF_NO_PEER_CERT
|
|
39
|
+
end
|
|
40
|
+
context.ca_file = configuration.client_tls_certificate_ca if configuration.client_tls_certificate_ca
|
|
41
|
+
|
|
36
42
|
context
|
|
37
43
|
end
|
|
38
44
|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: uninterruptible
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.
|
|
4
|
+
version: 2.2.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dan Wentworth
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2017-
|
|
11
|
+
date: 2017-09-01 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|