From c6920177f3e561f779f54534e511f0c9f0de6edd Mon Sep 17 00:00:00 2001
From: gotoyuzo <gotoyuzo@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Thu, 20 Dec 2007 16:21:22 +0000
Subject: * lib/net/http.rb (Net::HTTP#connect): use  
 OpenSSL::SSL::SSLContext.build instead of SSLContext.new (default   verify
 mode is now OpenSSL::SSL::VERIFY_PEER).

* lib/net/https.rb: SSL parameters are defined by attr_accessor.

* test/net/http/test_https.rb: add test for HTTPS features.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@14371 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 lib/net/http.rb  |  9 ++++++---
 lib/net/https.rb | 55 ++++++++++---------------------------------------------
 2 files changed, 16 insertions(+), 48 deletions(-)

(limited to 'lib')

diff --git a/lib/net/http.rb b/lib/net/http.rb
index 4a16e118dd..9e2aeee2c4 100644
--- a/lib/net/http.rb
+++ b/lib/net/http.rb
@@ -575,10 +575,13 @@ module Net   #:nodoc:
       s = timeout(@open_timeout) { TCPSocket.open(conn_address(), conn_port()) }
       D "opened"
       if use_ssl?
-        unless @ssl_context.verify_mode
-          warn "warning: peer certificate won't be verified in this SSL session"
-          @ssl_context.verify_mode = OpenSSL::SSL::VERIFY_NONE
+        ssl_parameters = Hash.new
+        SSL_ATTRIBUTES.each do |name|
+          if value = instance_variable_get("@#{name}")
+            ssl_parameters[name] = value
+          end
         end
+        @ssl_context = OpenSSL::SSL::SSLContext.build(ssl_parameters)
         s = OpenSSL::SSL::SSLSocket.new(s, @ssl_context)
         s.sync_close = true
       end
diff --git a/lib/net/https.rb b/lib/net/https.rb
index fb329df43d..8a9245ea0e 100644
--- a/lib/net/https.rb
+++ b/lib/net/https.rb
@@ -102,70 +102,35 @@ require 'net/http'
 require 'openssl'
 
 module Net
-
   class HTTP
     remove_method :use_ssl?
     def use_ssl?
       @use_ssl
     end
 
-    alias use_ssl use_ssl?   # for backward compatibility
-
     # Turn on/off SSL.
     # This flag must be set before starting session.
     # If you change use_ssl value after session started,
     # a Net::HTTP object raises IOError.
     def use_ssl=(flag)
       flag = (flag ? true : false)
-      raise IOError, "use_ssl value changed, but session already started" \
-          if started? and @use_ssl != flag
-      if flag and not @ssl_context
-        @ssl_context = OpenSSL::SSL::SSLContext.new
+      if started? and @use_ssl != flag
+        raise IOError, "use_ssl value changed, but session already started"
       end
       @use_ssl = flag
     end
 
-    def self.ssl_context_accessor(name)
-      module_eval(<<-End, __FILE__, __LINE__ + 1)
-        def #{name}
-          return nil unless @ssl_context
-          @ssl_context.#{name}
-        end
-
-        def #{name}=(val)
-          @ssl_context ||= OpenSSL::SSL::SSLContext.new
-          @ssl_context.#{name} = val
-        end
-      End
-    end
-
-    ssl_context_accessor :key
-    ssl_context_accessor :cert
-    ssl_context_accessor :ca_file
-    ssl_context_accessor :ca_path
-    ssl_context_accessor :verify_mode
-    ssl_context_accessor :verify_callback
-    ssl_context_accessor :verify_depth
-    ssl_context_accessor :cert_store
-
-    def ssl_timeout
-      return nil unless @ssl_context
-      @ssl_context.timeout
-    end
-
-    def ssl_timeout=(sec)
-      raise ArgumentError, 'Net::HTTP#ssl_timeout= called but use_ssl=false' \
-          unless use_ssl?
-      @ssl_context ||= OpenSSL::SSL::SSLContext.new
-      @ssl_context.timeout = sec
-    end
-
-    alias timeout= ssl_timeout=   # for backward compatibility
+    SSL_ATTRIBUTES = %w(
+      ssl_version key cert ca_file ca_path cert_store ciphers
+      verify_mode verify_callback verify_depth ssl_timeout
+    )
+    attr_accessor *SSL_ATTRIBUTES
 
     def peer_cert
-      return nil if not use_ssl? or not @socket
+      if not use_ssl? or not @socket
+        return nil
+      end
       @socket.io.peer_cert
     end
   end
-
 end
-- 
cgit v1.2.3