* ext/openssl/lib/net/ssl.rb (OpenSSL::SSL::SSLContext.build): removed.

* ext/openssl/lib/net/ssl.rb (OpenSSL::SSL::SSLContext#set_params):
  new method to set suitable SSL parameters.

* lib/net/pop.rb, lib/net/http.rb, lib/net/imap.rb, 
  test/openssl/test_ssl.rb: follow above change.

* test/net/http/test_https.rb: refine error case.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@14479 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This commit is contained in:
gotoyuzo 2007-12-22 08:31:53 +00:00
Родитель 0fc7dfedd3
Коммит 40aa32a0d7
7 изменённых файлов: 52 добавлений и 35 удалений

Просмотреть файл

@ -1,3 +1,15 @@
Sat Dec 22 17:06:50 2007 GOTOU Yuuzou <gotoyuzo@notwork.org>
* ext/openssl/lib/net/ssl.rb (OpenSSL::SSL::SSLContext.build): removed.
* ext/openssl/lib/net/ssl.rb (OpenSSL::SSL::SSLContext#set_params):
new method to set suitable SSL parameters.
* lib/net/pop.rb, lib/net/http.rb, lib/net/imap.rb,
test/openssl/test_ssl.rb: follow above change.
* test/net/http/test_https.rb: refine error case.
Sat Dec 22 16:58:49 2007 Shugo Maeda <shugo@ruby-lang.org>
* lib/net/imap.rb (encode_utf7): accept UTF-8 strings.
@ -19,7 +31,7 @@ Sat Dec 22 15:45:45 2007 Martin Duerst <duerst@it.aoyama.ac.jp>
* transcode_data_japanese: new data file for EUC-JP and SHIFT_JIS
(not yet optimized; tests to follow; data from
http://nkf.sourceforge.jp/ucm/{SJIS|eucJP}-nkf.ucm)
* common.mk, transcode.c: Adjusted for transcode_data_japanese
Sat Dec 22 15:30:13 2007 NAKAMURA Usaku <usa@ruby-lang.org>

Просмотреть файл

@ -21,30 +21,28 @@ require "fcntl"
module OpenSSL
module SSL
class SSLContext
class <<self
def build(params={})
default_params = {
:ssl_version => "SSLv23",
:verify_mode => OpenSSL::SSL::VERIFY_PEER,
:ciphers => "ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW",
:options => OpenSSL::SSL::OP_ALL,
}
params = default_params.merge(params)
ctx = new()
params.each{|name, value| ctx.__send__("#{name}=", value) }
ctx.verify_mode ||= OpenSSL::SSL::VERIFY_NONE
if ctx.verify_mode != OpenSSL::SSL::VERIFY_NONE
unless ctx.ca_file or ctx.ca_path or
ctx.cert_store or ctx.verify_callback
ctx.cert_store = OpenSSL::X509::Store.new
if defined?(OpenSSL::X509::V_FLAG_CRL_CHECK_ALL)
ctx.cert_store.flags = OpenSSL::X509::V_FLAG_CRL_CHECK_ALL
end
ctx.cert_store.set_default_paths
end
DEFAULT_PARAMS = {
:ssl_version => "SSLv23",
:verify_mode => OpenSSL::SSL::VERIFY_PEER,
:ciphers => "ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW",
:options => OpenSSL::SSL::OP_ALL,
}
DEFAULT_CERT_STORE = OpenSSL::X509::Store.new
DEFAULT_CERT_STORE.set_default_paths
if defined?(OpenSSL::X509::V_FLAG_CRL_CHECK_ALL)
DEFAULT_CERT_STORE.flags = OpenSSL::X509::V_FLAG_CRL_CHECK_ALL
end
def set_params(params={})
params = DEFAULT_PARAMS.merge(params)
params.each{|name, value| self.__send__("#{name}=", value) }
if self.verify_mode != OpenSSL::SSL::VERIFY_NONE
unless self.ca_file or self.ca_path or self.cert_store
self.cert_store = DEFAULT_CERT_STORE
end
return ctx
end
return params
end
end

Просмотреть файл

@ -581,7 +581,8 @@ module Net #:nodoc:
ssl_parameters[name] = value
end
end
@ssl_context = OpenSSL::SSL::SSLContext.build(ssl_parameters)
@ssl_context = OpenSSL::SSL::SSLContext.new
@ssl_context.set_params(ssl_parameters)
s = OpenSSL::SSL::SSLSocket.new(s, @ssl_context)
s.sync_close = true
end

Просмотреть файл

@ -892,7 +892,7 @@ module Net
# OpenSSL [OSSL] and the Ruby OpenSSL [RSSL] extensions need to
# be installed.
# if options[:ssl] is a hash, it's passed to
# OpenSSL::SSL::SSLContext.build as parameters.
# OpenSSL::SSL::SSLContext#set_params as parameters.
#
# The most common errors are:
#
@ -1263,7 +1263,8 @@ module Net
rescue NoMethodError
params = {}
end
context = SSLContext.build(params)
context = SSLContext.new
context.set_params(params)
if defined?(VerifyCallbackProc)
context.verify_callback = VerifyCallbackProc
end

Просмотреть файл

@ -328,7 +328,7 @@ module Net
# Net::POP.enable_ssl(params = {})
#
# Enable SSL for all new instances.
# +params+ is passed to OpenSSL::SSLContext.build.
# +params+ is passed to OpenSSL::SSLContext#set_params.
def POP3.enable_ssl(*args)
@ssl_params = create_ssl_params(*args)
end
@ -441,7 +441,7 @@ module Net
# Enables SSL for this instance. Must be called before the connection is
# established to have any effect.
# +params[:port]+ is port to establish the SSL connection on; Defaults to 995.
# +params+ (except :port) is passed to OpenSSL::SSLContext.build.
# +params+ (except :port) is passed to OpenSSL::SSLContext#set_params.
def enable_ssl(verify_or_params = {}, certs = nil, port = nil)
begin
@ssl_params = verify_or_params.to_hash.dup
@ -534,7 +534,8 @@ module Net
s = timeout(@open_timeout) { TCPSocket.open(@address, port) }
if use_ssl?
raise 'openssl library not installed' unless defined?(OpenSSL)
context = OpenSSL::SSL::SSLContext.build(@ssl_params)
context = OpenSSL::SSL::SSLContext.new
context.set_params(@ssl_params)
s = OpenSSL::SSL::SSLSocket.new(s, context)
s.sync_close = true
s.connect

Просмотреть файл

@ -59,7 +59,7 @@ class TestNetHTTPS < Test::Unit::TestCase
http = Net::HTTP.new("ssl.netlab.jp", 443)
http.use_ssl = true
assert(
http.request_head("/"){|res| },
(http.request_head("/"){|res| } rescue false),
"The system may not have default CA certificate store."
)
end

Просмотреть файл

@ -245,13 +245,15 @@ class OpenSSL::TestSSL < Test::Unit::TestCase
def test_verify_result
start_server(PORT, OpenSSL::SSL::VERIFY_NONE, true){|server, port|
sock = TCPSocket.new("127.0.0.1", port)
ctx = OpenSSL::SSL::SSLContext.build
ctx = OpenSSL::SSL::SSLContext.new
ctx.set_params
ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
assert_raise(OpenSSL::SSL::SSLError){ ssl.connect }
assert_equal(OpenSSL::X509::V_ERR_SELF_SIGNED_CERT_IN_CHAIN, ssl.verify_result)
sock = TCPSocket.new("127.0.0.1", port)
ctx = OpenSSL::SSL::SSLContext.build(
ctx = OpenSSL::SSL::SSLContext.new
ctx.set_params(
:verify_callback => Proc.new do |preverify_ok, store_ctx|
store_ctx.error = OpenSSL::X509::V_OK
true
@ -262,7 +264,8 @@ class OpenSSL::TestSSL < Test::Unit::TestCase
assert_equal(OpenSSL::X509::V_OK, ssl.verify_result)
sock = TCPSocket.new("127.0.0.1", port)
ctx = OpenSSL::SSL::SSLContext.build(
ctx = OpenSSL::SSL::SSLContext.new
ctx.set_params(
:verify_callback => Proc.new do |preverify_ok, store_ctx|
store_ctx.error = OpenSSL::X509::V_ERR_APPLICATION_VERIFICATION
false
@ -274,10 +277,11 @@ class OpenSSL::TestSSL < Test::Unit::TestCase
}
end
def test_sslctx_build
def test_sslctx_set_params
start_server(PORT, OpenSSL::SSL::VERIFY_NONE, true){|server, port|
sock = TCPSocket.new("127.0.0.1", port)
ctx = OpenSSL::SSL::SSLContext.build
ctx = OpenSSL::SSL::SSLContext.new
ctx.set_params
assert_equal(OpenSSL::SSL::VERIFY_PEER, ctx.verify_mode)
assert_equal(OpenSSL::SSL::OP_ALL, ctx.options)
ciphers = ctx.ciphers