mirror of
https://github.com/jnunemaker/httparty
synced 2023-03-27 23:23:07 -04:00
Merge pull request #441 from IcaliaLabs/master
Solves #266 - Honors the verify option to avoid overrides
This commit is contained in:
commit
32bfb59f6b
2 changed files with 27 additions and 4 deletions
|
@ -53,6 +53,11 @@ module HTTParty
|
|||
# Private: Regex used to strip brackets from IPv6 URIs.
|
||||
StripIpv6BracketsRegex = /\A\[(.*)\]\z/
|
||||
|
||||
OPTION_DEFAULTS = {
|
||||
verify: true,
|
||||
verify_peer: true
|
||||
}
|
||||
|
||||
# Public
|
||||
def self.call(uri, options)
|
||||
new(uri, options).connection
|
||||
|
@ -65,7 +70,7 @@ module HTTParty
|
|||
raise ArgumentError, "uri must be a #{uri_adapter}, not a #{uri.class}" unless uri.is_a? uri_adapter
|
||||
|
||||
@uri = uri
|
||||
@options = options
|
||||
@options = OPTION_DEFAULTS.merge(options)
|
||||
end
|
||||
|
||||
def connection
|
||||
|
@ -138,6 +143,10 @@ module HTTParty
|
|||
uri.port == 443 || uri.scheme == 'https'
|
||||
end
|
||||
|
||||
def verify_ssl_certificate?
|
||||
!(options[:verify] == false || options[:verify_peer] == false)
|
||||
end
|
||||
|
||||
def attach_ssl_certificates(http, options)
|
||||
if http.use_ssl?
|
||||
if options.fetch(:verify, true)
|
||||
|
@ -158,7 +167,7 @@ module HTTParty
|
|||
if options[:pem]
|
||||
http.cert = OpenSSL::X509::Certificate.new(options[:pem])
|
||||
http.key = OpenSSL::PKey::RSA.new(options[:pem], options[:pem_password])
|
||||
http.verify_mode = options[:verify_peer] == false ? OpenSSL::SSL::VERIFY_NONE : OpenSSL::SSL::VERIFY_PEER
|
||||
http.verify_mode = verify_ssl_certificate? ? OpenSSL::SSL::VERIFY_PEER : OpenSSL::SSL::VERIFY_NONE
|
||||
end
|
||||
|
||||
# PKCS12 client certificate authentication
|
||||
|
@ -166,7 +175,7 @@ module HTTParty
|
|||
p12 = OpenSSL::PKCS12.new(options[:p12], options[:p12_password])
|
||||
http.cert = p12.certificate
|
||||
http.key = p12.key
|
||||
http.verify_mode = options[:verify_peer] == false ? OpenSSL::SSL::VERIFY_NONE : OpenSSL::SSL::VERIFY_PEER
|
||||
http.verify_mode = verify_ssl_certificate? ? OpenSSL::SSL::VERIFY_PEER : OpenSSL::SSL::VERIFY_NONE
|
||||
end
|
||||
|
||||
# SSL certificate authority file and/or directory
|
||||
|
|
|
@ -27,7 +27,7 @@ RSpec.describe HTTParty::ConnectionAdapter do
|
|||
it "sets the options" do
|
||||
options = {foo: :bar}
|
||||
adapter = HTTParty::ConnectionAdapter.new(uri, options)
|
||||
expect(adapter.options).to be options
|
||||
expect(adapter.options.keys).to include(:verify, :verify_peer, :foo)
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -372,6 +372,13 @@ RSpec.describe HTTParty::ConnectionAdapter do
|
|||
expect(subject.verify_mode).to eq(OpenSSL::SSL::VERIFY_PEER)
|
||||
end
|
||||
|
||||
context "when options include verify=false" do
|
||||
let(:options) { {pem: pem, pem_password: "password", verify: false} }
|
||||
|
||||
it "should not verify the certificate" do
|
||||
expect(subject.verify_mode).to eq(OpenSSL::SSL::VERIFY_NONE)
|
||||
end
|
||||
end
|
||||
context "when options include verify_peer=false" do
|
||||
let(:options) { {pem: pem, pem_password: "password", verify_peer: false} }
|
||||
|
||||
|
@ -423,6 +430,13 @@ RSpec.describe HTTParty::ConnectionAdapter do
|
|||
expect(subject.verify_mode).to eq(OpenSSL::SSL::VERIFY_PEER)
|
||||
end
|
||||
|
||||
context "when options include verify=false" do
|
||||
let(:options) { {p12: p12, p12_password: "password", verify: false} }
|
||||
|
||||
it "should not verify the certificate" do
|
||||
expect(subject.verify_mode).to eq(OpenSSL::SSL::VERIFY_NONE)
|
||||
end
|
||||
end
|
||||
context "when options include verify_peer=false" do
|
||||
let(:options) { {p12: p12, p12_password: "password", verify_peer: false} }
|
||||
|
||||
|
|
Loading…
Reference in a new issue