summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog6
-rw-r--r--lib/net/pop.rb105
2 files changed, 61 insertions, 50 deletions
diff --git a/ChangeLog b/ChangeLog
index 029b65c768a..50a7d44fd22 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+Sat Dec 22 15:01:16 2007 Shugo Maeda <shugo@ruby-lang.org>
+
+ * lib/net/pop.rb (enable_ssl): use OpenSSL::SSL::SSLContext.build
+ instead of SSLContext.new (default verify mode is now
+ OpenSSL::SSL::VERIFY_PEER).
+
Sat Dec 22 14:45:21 2007 Tadayoshi Funaba <tadf@dotrb.org>
* lib/date.rb: shouldn't freeze nil. [ruby-dev:32677]
diff --git a/lib/net/pop.rb b/lib/net/pop.rb
index ff6f65bb4ac..6b21da189c6 100644
--- a/lib/net/pop.rb
+++ b/lib/net/pop.rb
@@ -25,7 +25,7 @@ require 'digest/md5'
require 'timeout'
begin
- require "openssl"
+ require "openssl/ssl"
rescue LoadError
end
@@ -322,38 +322,53 @@ module Net
# SSL
#
- @use_ssl = false
- @verify = nil
- @certs = nil
+ @ssl_params = nil
+ # call-seq:
+ # Net::POP.enable_ssl(params = {})
+ #
# Enable SSL for all new instances.
- # +verify+ is the type of verification to do on the Server Cert; Defaults
- # to OpenSSL::SSL::VERIFY_NONE.
- # +certs+ is a file or directory holding CA certs to use to verify the
- # server cert; Defaults to nil.
- def POP3.enable_ssl(verify = OpenSSL::SSL::VERIFY_NONE, certs = nil)
- @use_ssl = true
- @verify = verify
- @certs = certs
+ # +params+ is passed to OpenSSL::SSLContext.build.
+ def POP3.enable_ssl(*args)
+ @ssl_params = create_ssl_params(*args)
+ end
+
+ def POP3.create_ssl_params(verify_or_params = {}, certs = nil)
+ begin
+ params = verify_or_params.to_hash
+ rescue NoMethodError
+ params = {}
+ params[:verify_mode] = verify_or_params
+ if certs
+ if File.file?(certs)
+ params[:ca_file] = certs
+ elsif File.directory?(certs)
+ params[:ca_path] = certs
+ end
+ end
+ end
+ return params
end
# Disable SSL for all new instances.
def POP3.disable_ssl
- @use_ssl = nil
- @verify = nil
- @certs = nil
+ @ssl_params = nil
+ end
+
+ def POP3.ssl_params
+ return @ssl_params
end
def POP3.use_ssl?
- @use_ssl
+ return !@ssl_params.nil?
end
def POP3.verify
- @verify
+ return @ssl_params[:verify_mode]
end
def POP3.certs
- @certs
+ return @ssl_params[:ca_file] || @ssl_params[:ca_path]
end
#
@@ -394,11 +409,9 @@ module Net
# This method does *not* open the TCP connection.
def initialize(addr, port = nil, isapop = false)
@address = addr
- @use_ssl = POP3.use_ssl?
- @port = port || (POP3.use_ssl? ? POP3.default_pop3s_port : POP3.default_pop3_port)
+ @ssl_params = POP3.ssl_params
+ @port = port
@apop = isapop
- @certs = POP3.certs
- @verify = POP3.verify
@command = nil
@socket = nil
@@ -419,28 +432,28 @@ module Net
# does this instance use SSL?
def use_ssl?
- @use_ssl
+ return !@ssl_params.nil?
end
+ # call-seq:
+ # Net::POP#enable_ssl(params = {})
+ #
# Enables SSL for this instance. Must be called before the connection is
# established to have any effect.
- # +verify+ is the type of verification to do on the Server Cert; Defaults
- # to OpenSSL::SSL::VERIFY_NONE.
- # +certs+ is a file or directory holding CA certs to use to verify the
- # server cert; Defaults to nil.
- # +port+ is port to establish the SSL connection on; Defaults to 995.
- def enable_ssl(verify = OpenSSL::SSL::VERIFY_NONE, certs = nil,
- port = POP3.default_pop3s_port)
- @use_ssl = true
- @verify = verify
- @certs = certs
- @port = port
+ # +params[:port]+ is port to establish the SSL connection on; Defaults to 995.
+ # +params+ (except :port) is passed to OpenSSL::SSLContext.build.
+ def enable_ssl(verify_or_params = {}, certs = nil, port = nil)
+ begin
+ @ssl_params = verify_or_params.to_hash.dup
+ @port = @ssl_params.delete(:port) || @port
+ rescue NoMethodError
+ @ssl_params = POP3.create_ssl_params(verify_or_params, certs)
+ @port = port || @port
+ end
end
def disable_ssl
- @use_ssl = false
- @verify = nil
- @certs = nil
+ @ssl_params = nil
end
# Provide human-readable stringification of class state.
@@ -469,7 +482,9 @@ module Net
attr_reader :address
# The port number to connect to.
- attr_reader :port
+ def port
+ return @port || (use_ssl? ? POP3.default_pop3s_port : POP3.default_pop3_port)
+ end
# Seconds to wait until a connection is opened.
# If the POP3 object cannot open a connection within this time,
@@ -516,20 +531,10 @@ module Net
end
def do_start(account, password)
- s = timeout(@open_timeout) { TCPSocket.open(@address, @port) }
+ s = timeout(@open_timeout) { TCPSocket.open(@address, port) }
if use_ssl?
raise 'openssl library not installed' unless defined?(OpenSSL)
- context = OpenSSL::SSL::SSLContext.new
- context.verify_mode = @verify
- if @certs
- if File.file?(@certs)
- context.ca_file = @certs
- elsif File.directory?(@certs)
- context.ca_path = @certs
- else
- raise ArgumentError, "certs path is not file/directory: #{@certs}"
- end
- end
+ context = OpenSSL::SSL::SSLContext.build(@ssl_params)
s = OpenSSL::SSL::SSLSocket.new(s, context)
s.sync_close = true
s.connect