Make SSL support AWESOME #145

technoweenie opened this Issue Apr 21, 2012 · 2 comments

3 participants

lostisland member

First, @dlee brought up the point in #143 that we have zero tests. Sure, you can initialize a Connection object and assert that the :ssl hashes are there, but that's not enough. We should have an SSL test suite. If we can find a way to boot up a rack app with real SSL (not proxied through nginx), that'd be awesome.

Finally, how can we make managing certs easier? I work on github-services, and it pains me every time I see SSL verification being disabled (not to pick on any one service, most of them have it). I really wanted to make verified SSL the default, but it's really difficult to ensure it works on every hook. I have hooks hitting a wide variety of servers, and some even let the user enter their own for private installations.

People give ruby shit for being lax about HTTPS (and rightfully so), but the best advice I've seen is "Don't use VERIFY_NONE". What can we do to change that with "Use Faraday"?

  • Unit testable SSL verification. Let me specify what root certs a Faraday::Connection trusts, and confirm that easily.
  • Let me easily add custom root certs. For instance, maybe someone setup Redmine on a private server with a self-signed cert that only they use. I want to be able use that on a per-user/connection basis in GitHub Services.
  • Cross platform support. I was able to get some of this working locally with net/http, only to see the same code blow up on our production servers. It seemed very inconsistent.
  • Cross-adapter support. Is that even possible?
  • Human error messages!
@mislav mislav added a commit that referenced this issue Aug 16, 2012
@mislav mislav Merge branch 'ssl'
Closes #148, references #145

Closing this since our CI suite runs fully on SSL now with tests for proper cert verification. We've come a long way!

@mislav mislav closed this Jan 27, 2014
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment