Permalink
Browse files

more secure defaults (thanks jamesgolick)

  • Loading branch information...
geemus committed Dec 10, 2010
1 parent ab7cc11 commit f84cbd8fd15fb3da13453d13c2a0164d62bef50b
Showing with 15 additions and 3 deletions.
  1. +15 −3 lib/excon/connection.rb
View
@@ -152,11 +152,23 @@ def connect
new_socket = TCPSocket.open(@connection[:host], @connection[:port])
if @connection[:scheme] == 'https'
@ssl_context = OpenSSL::SSL::SSLContext.new
@ssl_context.verify_mode = OpenSSL::SSL::VERIFY_NONE
new_socket = OpenSSL::SSL::SSLSocket.new(new_socket, @ssl_context)
# create ssl context
ssl_context = OpenSSL::SSL::SSLContext.new
# turn verification on
ssl_context.verify_mode = OpenSSL::SSL::VERIFY_PEER
# use default cert store
store = OpenSSL::X509::Store.new
store.set_default_paths
ssl_context.cert_store = store
# open ssl socket
new_socket = OpenSSL::SSL::SSLSocket.new(new_socket, ssl_context)
new_socket.sync_close = true
new_socket.connect
# verify connection
new_socket.post_connection_check(@connection[:host])
end
new_socket

0 comments on commit f84cbd8

Please sign in to comment.