diff --git a/lib/mcollective/util/choria.rb b/lib/mcollective/util/choria.rb index 1e7edd6..e7bd9d9 100644 --- a/lib/mcollective/util/choria.rb +++ b/lib/mcollective/util/choria.rb @@ -357,8 +357,8 @@ def valid_certificate?(pubcert, name, log=true) Log.debug("Verified certificate %s against CA %s" % [incoming[0].subject.to_s, incoming[0].issuer.to_s]) if log - if !OpenSSL::SSL::verify_certificate_identity(incoming[0], name) - raise("Could not parse certificate with subject %s as it has no CN part, or name %s invalid" % [incoming[0].subject.to_s, name]) + unless OpenSSL::SSL.verify_certificate_identity(incoming[0], name) + raise("Could not parse certificate with subject %s as it has no CN part, or name %s invalid" % [incoming[0].subject.to_s, name]) end name @@ -645,18 +645,20 @@ def ssl_context cert = OpenSSL::X509::Certificate.new(File.read(client_public_cert)) key = OpenSSL::PKey::RSA.new(File.read(client_private_key)) - extra_chain_cert = File.read(client_public_cert).lines.reject { |line| - line[0] == '#' - }.join('').scan(/(-----BEGIN CERTIFICATE-----.+?-----END CERTIFICATE-----)/m).drop(1).map {|cstr| OpenSSL::X509::Certificate.new(cstr[0])} + extra_chain_cert = File.read(client_public_cert).lines.reject { |line| line[0] == "#" } + .join("") + .scan(/(-----BEGIN CERTIFICATE-----.+?-----END CERTIFICATE-----)/m) + .drop(1) + .map {|cstr| OpenSSL::X509::Certificate.new(cstr[0])} - if OpenSSL::SSL::SSLContext.method_defined? :add_certificate + if OpenSSL::SSL::SSLContext.method_defined? :add_certificate context.add_certificate(cert, key, extra_chain_cert) else context.cert = OpenSSL::X509::Certificate.new(File.read(client_public_cert)) context.key = OpenSSL::PKey::RSA.new(File.read(client_private_key)) context.extra_chain_cert = extra_chain_cert end - + context.verify_mode = OpenSSL::SSL::VERIFY_PEER context