diff options
| author | gotoyuzo <gotoyuzo@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2007-12-20 16:21:22 +0000 |
|---|---|---|
| committer | gotoyuzo <gotoyuzo@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2007-12-20 16:21:22 +0000 |
| commit | c6920177f3e561f779f54534e511f0c9f0de6edd (patch) | |
| tree | 3e7fe138ecb67bb2e2a9e520b373d420b315e147 /lib/net | |
| parent | d86caf318820ebcebf981b822a65d5a4cfab6364 (diff) | |
* lib/net/http.rb (Net::HTTP#connect): use
OpenSSL::SSL::SSLContext.build instead of SSLContext.new (default
verify mode is now OpenSSL::SSL::VERIFY_PEER).
* lib/net/https.rb: SSL parameters are defined by attr_accessor.
* test/net/http/test_https.rb: add test for HTTPS features.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@14371 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'lib/net')
| -rw-r--r-- | lib/net/http.rb | 9 | ||||
| -rw-r--r-- | lib/net/https.rb | 55 |
2 files changed, 16 insertions, 48 deletions
diff --git a/lib/net/http.rb b/lib/net/http.rb index 4a16e118dd..9e2aeee2c4 100644 --- a/lib/net/http.rb +++ b/lib/net/http.rb @@ -575,10 +575,13 @@ module Net #:nodoc: s = timeout(@open_timeout) { TCPSocket.open(conn_address(), conn_port()) } D "opened" if use_ssl? - unless @ssl_context.verify_mode - warn "warning: peer certificate won't be verified in this SSL session" - @ssl_context.verify_mode = OpenSSL::SSL::VERIFY_NONE + ssl_parameters = Hash.new + SSL_ATTRIBUTES.each do |name| + if value = instance_variable_get("@#{name}") + ssl_parameters[name] = value + end end + @ssl_context = OpenSSL::SSL::SSLContext.build(ssl_parameters) s = OpenSSL::SSL::SSLSocket.new(s, @ssl_context) s.sync_close = true end diff --git a/lib/net/https.rb b/lib/net/https.rb index fb329df43d..8a9245ea0e 100644 --- a/lib/net/https.rb +++ b/lib/net/https.rb @@ -102,70 +102,35 @@ require 'net/http' require 'openssl' module Net - class HTTP remove_method :use_ssl? def use_ssl? @use_ssl end - alias use_ssl use_ssl? # for backward compatibility - # Turn on/off SSL. # This flag must be set before starting session. # If you change use_ssl value after session started, # a Net::HTTP object raises IOError. def use_ssl=(flag) flag = (flag ? true : false) - raise IOError, "use_ssl value changed, but session already started" \ - if started? and @use_ssl != flag - if flag and not @ssl_context - @ssl_context = OpenSSL::SSL::SSLContext.new + if started? and @use_ssl != flag + raise IOError, "use_ssl value changed, but session already started" end @use_ssl = flag end - def self.ssl_context_accessor(name) - module_eval(<<-End, __FILE__, __LINE__ + 1) - def #{name} - return nil unless @ssl_context - @ssl_context.#{name} - end - - def #{name}=(val) - @ssl_context ||= OpenSSL::SSL::SSLContext.new - @ssl_context.#{name} = val - end - End - end - - ssl_context_accessor :key - ssl_context_accessor :cert - ssl_context_accessor :ca_file - ssl_context_accessor :ca_path - ssl_context_accessor :verify_mode - ssl_context_accessor :verify_callback - ssl_context_accessor :verify_depth - ssl_context_accessor :cert_store - - def ssl_timeout - return nil unless @ssl_context - @ssl_context.timeout - end - - def ssl_timeout=(sec) - raise ArgumentError, 'Net::HTTP#ssl_timeout= called but use_ssl=false' \ - unless use_ssl? - @ssl_context ||= OpenSSL::SSL::SSLContext.new - @ssl_context.timeout = sec - end - - alias timeout= ssl_timeout= # for backward compatibility + SSL_ATTRIBUTES = %w( + ssl_version key cert ca_file ca_path cert_store ciphers + verify_mode verify_callback verify_depth ssl_timeout + ) + attr_accessor *SSL_ATTRIBUTES def peer_cert - return nil if not use_ssl? or not @socket + if not use_ssl? or not @socket + return nil + end @socket.io.peer_cert end end - end |