Permalink
Browse files

more secure defaults (thanks jamesgolick)

  • Loading branch information...
1 parent ab7cc11 commit f84cbd8fd15fb3da13453d13c2a0164d62bef50b @geemus geemus committed Dec 10, 2010
Showing with 15 additions and 3 deletions.
  1. +15 −3 lib/excon/connection.rb
View
18 lib/excon/connection.rb
@@ -152,11 +152,23 @@ def connect
new_socket = TCPSocket.open(@connection[:host], @connection[:port])
if @connection[:scheme] == 'https'
- @ssl_context = OpenSSL::SSL::SSLContext.new
- @ssl_context.verify_mode = OpenSSL::SSL::VERIFY_NONE
- new_socket = OpenSSL::SSL::SSLSocket.new(new_socket, @ssl_context)
+ # create ssl context
+ ssl_context = OpenSSL::SSL::SSLContext.new
+ # turn verification on
+ ssl_context.verify_mode = OpenSSL::SSL::VERIFY_PEER
+
+ # use default cert store
+ store = OpenSSL::X509::Store.new
+ store.set_default_paths
+ ssl_context.cert_store = store
+
+ # open ssl socket
+ new_socket = OpenSSL::SSL::SSLSocket.new(new_socket, ssl_context)
new_socket.sync_close = true
new_socket.connect
+
+ # verify connection
+ new_socket.post_connection_check(@connection[:host])
end
new_socket

0 comments on commit f84cbd8

Please sign in to comment.