diff options
author | hsbt <hsbt@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2017-11-01 23:29:38 +0000 |
---|---|---|
committer | hsbt <hsbt@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2017-11-01 23:29:38 +0000 |
commit | be7b5929126cb3e696ef222339237faba9b8fe5a (patch) | |
tree | 51eae376f93c09bc82dde5a657a91df2c89062e4 /lib/bundler/vendored_persistent.rb | |
parent | ae49dbd392083f69026f2a0fff4a1d5f42d172a7 (diff) |
Update bundled bundler to 1.16.0.
* lib/bundler, spec/bundler: Merge bundler-1.16.0.
* common.mk: rspec examples of bundler-1.16.0 needs require option.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@60603 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'lib/bundler/vendored_persistent.rb')
-rw-r--r-- | lib/bundler/vendored_persistent.rb | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/lib/bundler/vendored_persistent.rb b/lib/bundler/vendored_persistent.rb index 729ac6b6f5..de9c42fcc1 100644 --- a/lib/bundler/vendored_persistent.rb +++ b/lib/bundler/vendored_persistent.rb @@ -1,4 +1,5 @@ # frozen_string_literal: true + # We forcibly require OpenSSL, because net/http/persistent will only autoload # it. On some Rubies, autoload fails but explicit require succeeds. begin @@ -15,3 +16,37 @@ module Bundler end end require "bundler/vendor/net-http-persistent/lib/net/http/persistent" + +module Bundler + class PersistentHTTP < Persistent::Net::HTTP::Persistent + def connection_for(uri) + connection = super + warn_old_tls_version_rubygems_connection(uri, connection) + connection + end + + def warn_old_tls_version_rubygems_connection(uri, connection) + return unless connection.use_ssl? + return unless (uri.host || "").end_with?("rubygems.org") + + socket = connection.instance_variable_get(:@socket) + return unless socket + socket_io = socket.io + return unless socket_io.respond_to?(:ssl_version) + ssl_version = socket_io.ssl_version + + case ssl_version + when /TLSv([\d\.]+)/ + version = Gem::Version.new($1) + if version < Gem::Version.new("1.2") + Bundler.ui.warn \ + "Warning: Your Ruby version is compiled against a copy of OpenSSL that is very old. " \ + "Starting in January 2018, RubyGems.org will refuse connection requests from these " \ + "very old versions of OpenSSL. If you will need to continue installing gems after " \ + "January 2018, please follow this guide to upgrade: http://ruby.to/tls-outdated.", + :wrap => true + end + end + end + end +end |