зеркало из https://github.com/github/ruby.git
* ext/openssl/lib/net/ssl.rb (OpenSSL::SSL::SSLContext.build): removed.
* ext/openssl/lib/net/ssl.rb (OpenSSL::SSL::SSLContext#set_params): new method to set suitable SSL parameters. * lib/net/pop.rb, lib/net/http.rb, lib/net/imap.rb, test/openssl/test_ssl.rb: follow above change. * test/net/http/test_https.rb: refine error case. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@14479 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This commit is contained in:
Родитель
0fc7dfedd3
Коммит
40aa32a0d7
14
ChangeLog
14
ChangeLog
|
@ -1,3 +1,15 @@
|
|||
Sat Dec 22 17:06:50 2007 GOTOU Yuuzou <gotoyuzo@notwork.org>
|
||||
|
||||
* ext/openssl/lib/net/ssl.rb (OpenSSL::SSL::SSLContext.build): removed.
|
||||
|
||||
* ext/openssl/lib/net/ssl.rb (OpenSSL::SSL::SSLContext#set_params):
|
||||
new method to set suitable SSL parameters.
|
||||
|
||||
* lib/net/pop.rb, lib/net/http.rb, lib/net/imap.rb,
|
||||
test/openssl/test_ssl.rb: follow above change.
|
||||
|
||||
* test/net/http/test_https.rb: refine error case.
|
||||
|
||||
Sat Dec 22 16:58:49 2007 Shugo Maeda <shugo@ruby-lang.org>
|
||||
|
||||
* lib/net/imap.rb (encode_utf7): accept UTF-8 strings.
|
||||
|
@ -19,7 +31,7 @@ Sat Dec 22 15:45:45 2007 Martin Duerst <duerst@it.aoyama.ac.jp>
|
|||
* transcode_data_japanese: new data file for EUC-JP and SHIFT_JIS
|
||||
(not yet optimized; tests to follow; data from
|
||||
http://nkf.sourceforge.jp/ucm/{SJIS|eucJP}-nkf.ucm)
|
||||
|
||||
|
||||
* common.mk, transcode.c: Adjusted for transcode_data_japanese
|
||||
|
||||
Sat Dec 22 15:30:13 2007 NAKAMURA Usaku <usa@ruby-lang.org>
|
||||
|
|
|
@ -21,30 +21,28 @@ require "fcntl"
|
|||
module OpenSSL
|
||||
module SSL
|
||||
class SSLContext
|
||||
class <<self
|
||||
def build(params={})
|
||||
default_params = {
|
||||
:ssl_version => "SSLv23",
|
||||
:verify_mode => OpenSSL::SSL::VERIFY_PEER,
|
||||
:ciphers => "ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW",
|
||||
:options => OpenSSL::SSL::OP_ALL,
|
||||
}
|
||||
params = default_params.merge(params)
|
||||
ctx = new()
|
||||
params.each{|name, value| ctx.__send__("#{name}=", value) }
|
||||
ctx.verify_mode ||= OpenSSL::SSL::VERIFY_NONE
|
||||
if ctx.verify_mode != OpenSSL::SSL::VERIFY_NONE
|
||||
unless ctx.ca_file or ctx.ca_path or
|
||||
ctx.cert_store or ctx.verify_callback
|
||||
ctx.cert_store = OpenSSL::X509::Store.new
|
||||
if defined?(OpenSSL::X509::V_FLAG_CRL_CHECK_ALL)
|
||||
ctx.cert_store.flags = OpenSSL::X509::V_FLAG_CRL_CHECK_ALL
|
||||
end
|
||||
ctx.cert_store.set_default_paths
|
||||
end
|
||||
DEFAULT_PARAMS = {
|
||||
:ssl_version => "SSLv23",
|
||||
:verify_mode => OpenSSL::SSL::VERIFY_PEER,
|
||||
:ciphers => "ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW",
|
||||
:options => OpenSSL::SSL::OP_ALL,
|
||||
}
|
||||
|
||||
DEFAULT_CERT_STORE = OpenSSL::X509::Store.new
|
||||
DEFAULT_CERT_STORE.set_default_paths
|
||||
if defined?(OpenSSL::X509::V_FLAG_CRL_CHECK_ALL)
|
||||
DEFAULT_CERT_STORE.flags = OpenSSL::X509::V_FLAG_CRL_CHECK_ALL
|
||||
end
|
||||
|
||||
def set_params(params={})
|
||||
params = DEFAULT_PARAMS.merge(params)
|
||||
params.each{|name, value| self.__send__("#{name}=", value) }
|
||||
if self.verify_mode != OpenSSL::SSL::VERIFY_NONE
|
||||
unless self.ca_file or self.ca_path or self.cert_store
|
||||
self.cert_store = DEFAULT_CERT_STORE
|
||||
end
|
||||
return ctx
|
||||
end
|
||||
return params
|
||||
end
|
||||
end
|
||||
|
||||
|
|
|
@ -581,7 +581,8 @@ module Net #:nodoc:
|
|||
ssl_parameters[name] = value
|
||||
end
|
||||
end
|
||||
@ssl_context = OpenSSL::SSL::SSLContext.build(ssl_parameters)
|
||||
@ssl_context = OpenSSL::SSL::SSLContext.new
|
||||
@ssl_context.set_params(ssl_parameters)
|
||||
s = OpenSSL::SSL::SSLSocket.new(s, @ssl_context)
|
||||
s.sync_close = true
|
||||
end
|
||||
|
|
|
@ -892,7 +892,7 @@ module Net
|
|||
# OpenSSL [OSSL] and the Ruby OpenSSL [RSSL] extensions need to
|
||||
# be installed.
|
||||
# if options[:ssl] is a hash, it's passed to
|
||||
# OpenSSL::SSL::SSLContext.build as parameters.
|
||||
# OpenSSL::SSL::SSLContext#set_params as parameters.
|
||||
#
|
||||
# The most common errors are:
|
||||
#
|
||||
|
@ -1263,7 +1263,8 @@ module Net
|
|||
rescue NoMethodError
|
||||
params = {}
|
||||
end
|
||||
context = SSLContext.build(params)
|
||||
context = SSLContext.new
|
||||
context.set_params(params)
|
||||
if defined?(VerifyCallbackProc)
|
||||
context.verify_callback = VerifyCallbackProc
|
||||
end
|
||||
|
|
|
@ -328,7 +328,7 @@ module Net
|
|||
# Net::POP.enable_ssl(params = {})
|
||||
#
|
||||
# Enable SSL for all new instances.
|
||||
# +params+ is passed to OpenSSL::SSLContext.build.
|
||||
# +params+ is passed to OpenSSL::SSLContext#set_params.
|
||||
def POP3.enable_ssl(*args)
|
||||
@ssl_params = create_ssl_params(*args)
|
||||
end
|
||||
|
@ -441,7 +441,7 @@ module Net
|
|||
# Enables SSL for this instance. Must be called before the connection is
|
||||
# established to have any effect.
|
||||
# +params[:port]+ is port to establish the SSL connection on; Defaults to 995.
|
||||
# +params+ (except :port) is passed to OpenSSL::SSLContext.build.
|
||||
# +params+ (except :port) is passed to OpenSSL::SSLContext#set_params.
|
||||
def enable_ssl(verify_or_params = {}, certs = nil, port = nil)
|
||||
begin
|
||||
@ssl_params = verify_or_params.to_hash.dup
|
||||
|
@ -534,7 +534,8 @@ module Net
|
|||
s = timeout(@open_timeout) { TCPSocket.open(@address, port) }
|
||||
if use_ssl?
|
||||
raise 'openssl library not installed' unless defined?(OpenSSL)
|
||||
context = OpenSSL::SSL::SSLContext.build(@ssl_params)
|
||||
context = OpenSSL::SSL::SSLContext.new
|
||||
context.set_params(@ssl_params)
|
||||
s = OpenSSL::SSL::SSLSocket.new(s, context)
|
||||
s.sync_close = true
|
||||
s.connect
|
||||
|
|
|
@ -59,7 +59,7 @@ class TestNetHTTPS < Test::Unit::TestCase
|
|||
http = Net::HTTP.new("ssl.netlab.jp", 443)
|
||||
http.use_ssl = true
|
||||
assert(
|
||||
http.request_head("/"){|res| },
|
||||
(http.request_head("/"){|res| } rescue false),
|
||||
"The system may not have default CA certificate store."
|
||||
)
|
||||
end
|
||||
|
|
|
@ -245,13 +245,15 @@ class OpenSSL::TestSSL < Test::Unit::TestCase
|
|||
def test_verify_result
|
||||
start_server(PORT, OpenSSL::SSL::VERIFY_NONE, true){|server, port|
|
||||
sock = TCPSocket.new("127.0.0.1", port)
|
||||
ctx = OpenSSL::SSL::SSLContext.build
|
||||
ctx = OpenSSL::SSL::SSLContext.new
|
||||
ctx.set_params
|
||||
ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
|
||||
assert_raise(OpenSSL::SSL::SSLError){ ssl.connect }
|
||||
assert_equal(OpenSSL::X509::V_ERR_SELF_SIGNED_CERT_IN_CHAIN, ssl.verify_result)
|
||||
|
||||
sock = TCPSocket.new("127.0.0.1", port)
|
||||
ctx = OpenSSL::SSL::SSLContext.build(
|
||||
ctx = OpenSSL::SSL::SSLContext.new
|
||||
ctx.set_params(
|
||||
:verify_callback => Proc.new do |preverify_ok, store_ctx|
|
||||
store_ctx.error = OpenSSL::X509::V_OK
|
||||
true
|
||||
|
@ -262,7 +264,8 @@ class OpenSSL::TestSSL < Test::Unit::TestCase
|
|||
assert_equal(OpenSSL::X509::V_OK, ssl.verify_result)
|
||||
|
||||
sock = TCPSocket.new("127.0.0.1", port)
|
||||
ctx = OpenSSL::SSL::SSLContext.build(
|
||||
ctx = OpenSSL::SSL::SSLContext.new
|
||||
ctx.set_params(
|
||||
:verify_callback => Proc.new do |preverify_ok, store_ctx|
|
||||
store_ctx.error = OpenSSL::X509::V_ERR_APPLICATION_VERIFICATION
|
||||
false
|
||||
|
@ -274,10 +277,11 @@ class OpenSSL::TestSSL < Test::Unit::TestCase
|
|||
}
|
||||
end
|
||||
|
||||
def test_sslctx_build
|
||||
def test_sslctx_set_params
|
||||
start_server(PORT, OpenSSL::SSL::VERIFY_NONE, true){|server, port|
|
||||
sock = TCPSocket.new("127.0.0.1", port)
|
||||
ctx = OpenSSL::SSL::SSLContext.build
|
||||
ctx = OpenSSL::SSL::SSLContext.new
|
||||
ctx.set_params
|
||||
assert_equal(OpenSSL::SSL::VERIFY_PEER, ctx.verify_mode)
|
||||
assert_equal(OpenSSL::SSL::OP_ALL, ctx.options)
|
||||
ciphers = ctx.ciphers
|
||||
|
|
Загрузка…
Ссылка в новой задаче