Skip to content

Commit

Permalink
Merge pull request #109 from mikecmpbll/ssl_version_fix
Browse files Browse the repository at this point in the history 
ssl_version was only being set if SSL auth settings were present
  • Loading branch information
@rogerleite
rogerleite committed Mar 26, 2014
2 parents 222497b + b857bdd commit 2a306de
Show file tree
Hide file tree
Showing 5 changed files with 83 additions and 53 deletions.
21 changes: 12 additions & 9 deletions lib/httpi/adapter/curb.rb
View file
Expand Up @@ -65,7 +65,7 @@ def setup_client

setup_http_auth if @request.auth.http?
setup_gssnegotiate_auth if @request.auth.gssnegotiate?
setup_ssl_auth if @request.auth.ssl?
setup_ssl_auth if @request.auth.ssl? || @request.ssl?
end

def basic_setup
Expand Down Expand Up @@ -93,16 +93,19 @@ def setup_gssnegotiate_auth
def setup_ssl_auth
ssl = @request.auth.ssl

unless ssl.verify_mode == :none
@client.cacert = ssl.ca_cert_file if ssl.ca_cert_file
@client.certtype = ssl.cert_type.to_s.upcase
end
if @request.auth.ssl?
unless ssl.verify_mode == :none
@client.cacert = ssl.ca_cert_file if ssl.ca_cert_file
@client.certtype = ssl.cert_type.to_s.upcase
end

# Send client-side certificate regardless of state of SSL verify mode
@client.cert_key = ssl.cert_key_file
@client.cert = ssl.cert_file
# Send client-side certificate regardless of state of SSL verify mode
@client.cert_key = ssl.cert_key_file
@client.cert = ssl.cert_file

@client.ssl_verify_peer = ssl.verify_mode == :peer
@client.ssl_verify_peer = ssl.verify_mode == :peer
end

@client.ssl_version = case ssl.ssl_version
when :TLSv1 then 1
when :SSLv2 then 2
Expand Down
19 changes: 11 additions & 8 deletions lib/httpi/adapter/httpclient.rb
View file
Expand Up @@ -41,7 +41,7 @@ def setup_client
end

setup_auth if @request.auth.http?
setup_ssl_auth if @request.auth.ssl?
setup_ssl_auth if @request.auth.ssl? || @request.ssl?
end

def basic_setup
Expand All @@ -57,15 +57,18 @@ def setup_auth
def setup_ssl_auth
ssl = @request.auth.ssl

if ssl.ca_cert_file && ssl.verify_mode != :none
@client.ssl_config.add_trust_ca(ssl.ca_cert_file)
end
if @request.auth.ssl?
if ssl.ca_cert_file && ssl.verify_mode != :none
@client.ssl_config.add_trust_ca(ssl.ca_cert_file)
end

# Send client-side certificate regardless of state of SSL verify mode
@client.ssl_config.client_cert = ssl.cert
@client.ssl_config.client_key = ssl.cert_key
# Send client-side certificate regardless of state of SSL verify mode
@client.ssl_config.client_cert = ssl.cert
@client.ssl_config.client_key = ssl.cert_key

@client.ssl_config.verify_mode = ssl.openssl_verify_mode
end

@client.ssl_config.verify_mode = ssl.openssl_verify_mode
@client.ssl_config.ssl_version = ssl.ssl_version.to_s if ssl.ssl_version
end

Expand Down
19 changes: 11 additions & 8 deletions lib/httpi/adapter/net_http.rb
View file
Expand Up @@ -81,7 +81,7 @@ def do_request(type, &requester)

def setup
setup_client
setup_ssl_auth if @request.auth.ssl?
setup_ssl_auth if @request.auth.ssl? || @request.ssl?
end

def negotiate_ntlm_auth(http, &requester)
Expand Down Expand Up @@ -146,15 +146,18 @@ def setup_client
def setup_ssl_auth
ssl = @request.auth.ssl

unless ssl.verify_mode == :none
@client.ca_file = ssl.ca_cert_file if ssl.ca_cert_file
end
if @request.auth.ssl?
unless ssl.verify_mode == :none
@client.ca_file = ssl.ca_cert_file if ssl.ca_cert_file
end

# Send client-side certificate regardless of state of SSL verify mode
@client.key = ssl.cert_key
@client.cert = ssl.cert
# Send client-side certificate regardless of state of SSL verify mode
@client.key = ssl.cert_key
@client.cert = ssl.cert

@client.verify_mode = ssl.openssl_verify_mode
end

@client.verify_mode = ssl.openssl_verify_mode
@client.ssl_version = ssl.ssl_version if ssl.ssl_version
end

Expand Down
64 changes: 36 additions & 28 deletions spec/httpi/adapter/curb_spec.rb
View file
Expand Up @@ -218,6 +218,42 @@
end
end

context "(for SSL without auth)" do
let(:request) do
request = HTTPI::Request.new("http://example.com")
request.ssl = true
request
end

context 'sets ssl_version' do
it 'defaults to nil when no ssl_version is specified' do
curb.expects(:ssl_version=).with(nil)
adapter.request(:get)
end

it 'to 1 when ssl_version is specified as TLSv1' do
request.auth.ssl.ssl_version = :TLSv1
curb.expects(:ssl_version=).with(1)

adapter.request(:get)
end

it 'to 2 when ssl_version is specified as SSLv2' do
request.auth.ssl.ssl_version = :SSLv2
curb.expects(:ssl_version=).with(2)

adapter.request(:get)
end

it 'to 3 when ssl_version is specified as SSLv3' do
request.auth.ssl.ssl_version = :SSLv3
curb.expects(:ssl_version=).with(3)

adapter.request(:get)
end
end
end

context "(for SSL client auth)" do
let(:request) do
request = HTTPI::Request.new("http://example.com")
Expand Down Expand Up @@ -261,34 +297,6 @@

adapter.request(:get)
end

context 'sets ssl_version' do
it 'defaults to nil when no ssl_version is specified' do
curb.expects(:ssl_version=).with(nil)
adapter.request(:get)
end

it 'to 1 when ssl_version is specified as TLSv1' do
request.auth.ssl.ssl_version = :TLSv1
curb.expects(:ssl_version=).with(1)

adapter.request(:get)
end

it 'to 2 when ssl_version is specified as SSLv2' do
request.auth.ssl.ssl_version = :SSLv2
curb.expects(:ssl_version=).with(2)

adapter.request(:get)
end

it 'to 3 when ssl_version is specified as SSLv3' do
request.auth.ssl.ssl_version = :SSLv3
curb.expects(:ssl_version=).with(3)

adapter.request(:get)
end
end
end
end

Expand Down
13 changes: 13 additions & 0 deletions spec/httpi/adapter/httpclient_spec.rb
View file
Expand Up @@ -107,6 +107,19 @@
end
end

context "(for SSL without auth)" do
before do
request.ssl = true
end

it 'should set the ssl_version if specified' do
request.auth.ssl.ssl_version = :SSLv3
ssl_config.expects(:ssl_version=).with('SSLv3')

adapter.request(:get)
end
end

context "(for SSL client auth)" do
before do
request.auth.ssl.cert_key_file = "spec/fixtures/client_key.pem"
Expand Down

0 comments on commit 2a306de

Please sign in to comment.