Conversation
Generated by 🚫 danger |
| self.user_agent = "Slack Ruby Client/#{Slack::VERSION}" | ||
| self.ca_path = `openssl version -a | grep OPENSSLDIR | awk '{print $2}'|sed -e 's/\"//g'` | ||
| self.ca_file = "#{ca_path}/ca-certificates.crt" | ||
| self.ca_path = openssl_ca_path if ca_path.nil? |
There was a problem hiding this comment.
Can't this be just using OpenSSL::X509::DEFAULT_CERT_DIR and OpenSSL::X509::DEFAULT_CERT_FILE ?
There was a problem hiding this comment.
You are right. OpenSSL::X509::DEFAULT_CERT_DIR points to the correct ca-folder.
However, OpenSSL::X509::DEFAULT_CERT_FILE points to cert.pem and not to ca-certificates.crt Not sure if .pem or .crt is the correct to use here. ?
Looking closer at this `openssl version -a | grep OPENSSLDIR | awk '{print $2}'|sed -e 's/\"//g'` returns /usr/lib/ssl on *nix, which is results in ca_file to be /usr/lib/ssl/ca-certificates.crt, which both are wrong paths/files.
There was a problem hiding this comment.
This (openssl version -a) does not work on MacOS Sierra (10.12) also.
My OPENSSLDIR is /System/Library/OpenSSL.
But /System/Library/OpenSSL/ca-certificates.crt does not exist.
When using system ruby then OpenSSL::X509::DEFAULT_CERT_FILE points to /System/Library/OpenSSL/cert.pem which also does not exist.
But at least it works with own compiled ruby.
Also it is reasonable to use SSL_CERT_DIR and SSL_CERT_FILE env variables before the openssl default. (like https://github.com/mikz/httpclient/blob/ba21d0d44c9f5f4602c7fc151f7c24f827480361/lib/httpclient/ssl_config.rb#L418-L419)
As those are used by OpenSSL to set custom cert dir/path.
There was a problem hiding this comment.
I'll change the pr to use OpenSSL::X509::DEFAULT_CERT_DIR and OpenSSL::X509::DEFAULT_CERT_FILE, since that works on nix, win and osx.
| @@ -1,5 +1,5 @@ | |||
| ### 0.9.2 (Next) | |||
|
|
|||
| * [#163](https://github.com/slack-ruby/slack-ruby-client/pull/164): Use OpenSSL::X509::DEFAULT_CERT_DIR and OpenSSL::X509::DEFAULT_CERT_FILE for default ca_cert and ca_file [@leifcr](https://github.com/leifcr) | |||
There was a problem hiding this comment.
would be good to highlight code constants as code with `CODE`
| @@ -1,3 +1,4 @@ | |||
| require 'openssl' | |||
There was a problem hiding this comment.
This would make OpenSSL hard dependency.
Might be better to wrap it in a block and rescue LoadError.
| self.user_agent = "Slack Ruby Client/#{Slack::VERSION}" | ||
| self.ca_path = `openssl version -a | grep OPENSSLDIR | awk '{print $2}'|sed -e 's/\"//g'` | ||
| self.ca_file = "#{ca_path}/ca-certificates.crt" | ||
| self.ca_path = OpenSSL::X509::DEFAULT_CERT_DIR |
There was a problem hiding this comment.
If OpenSSL is not defined (guess we don't want hard dependency) then this would crash. So this can be done as
self.ca_path = OpenSSL::X509::DEFAULT_CERT_DIR if defined?(OpenSSL)
|
@mikz I added check for OpenSSL, so that vars are set to nil if missing as suggested. |
| options[:headers]['User-Agent'] = user_agent if user_agent | ||
| options[:proxy] = proxy if proxy | ||
| options[:ssl] = { ca_path: ca_path, ca_file: ca_file } | ||
| options[:ssl] = { ca_path: ca_path, ca_file: ca_file } unless ca_path.nil? || ca_file.nil? |
There was a problem hiding this comment.
This could be tricky.
Do both options have to be specified? Can't just one do the trick? I think one certificate chain can work just fine as well as just the cert directory.
So this could be nicer as if ca_path || ca_file. Unless with || can be evil.
There was a problem hiding this comment.
agree. if ca_path || ca_file is better. And only one needs to be present.
|
@leifcr great change! I commented one last time #164 (comment) to clarify the ca info assignment. Then it would get mine 👍 Good job 🥇 |
| @@ -1,5 +1,5 @@ | |||
| ### 0.9.2 (Next) | |||
|
|
|||
There was a problem hiding this comment.
Put back the line, please.
| @@ -1,5 +1,5 @@ | |||
| ### 0.9.2 (Next) | |||
|
|
|||
| * [#163](https://github.com/slack-ruby/slack-ruby-client/pull/164): Use `OpenSSL::X509::DEFAULT_CERT_DIR` and `OpenSSL::X509::DEFAULT_CERT_FILE` for default ca_cert and ca_file [@leifcr](https://github.com/leifcr) | |||
There was a problem hiding this comment.
Make this in the same format as everything else, needs a - before your name and a . at the end.
| begin | ||
| require 'openssl' | ||
| rescue LoadError # rubocop:disable Lint/HandleExceptions | ||
| end |
There was a problem hiding this comment.
I don't think this is a great place to put this, lib/slack-ruby-client.rb is better, it has all the require.
|
Made some minor comments. Thanks for making this happen @leifcr. Do you think we can get a Windows CI somewhere? |
|
@dblock seen https://www.appveyor.com a few times. |
|
@mikz and @dblock Thanks for feedback. Appveyor supports ruby: https://www.appveyor.com/docs/lang/ruby/ |
|
Run |
|
@leifcr If you want to PR Appveyor support (appveyor.yml, etc.), I can help enable if something needs to be done here. I used it in https://github.com/Waffle/waffle and https://github.com/resourcelib/resourcelib :) |
|
@dblock I'll create a new branch for Appveyor and do a separate PR For that. |
|
Merged, thanks. |
|
Thanks |
4 participants
The syntax for grep/awk/sed is problematic under cmdline on windows
This removes the dependency of awk/grep/sed., openssldir is parsed in ruby instead.
This can close #91, since everything else works as it should on Windows.