From f707a676281c0a13aeb0f6236fe516f4d563589c Mon Sep 17 00:00:00 2001 From: Abraham Kuri Date: Mon, 16 Nov 2015 10:51:57 -0600 Subject: [PATCH] Adds backward compatibility for connection adapter verify and verify_peer options --- lib/httparty/connection_adapter.rb | 15 ++++++++++++--- spec/httparty/connection_adapter_spec.rb | 20 +++++++++++++++++--- 2 files changed, 29 insertions(+), 6 deletions(-) diff --git a/lib/httparty/connection_adapter.rb b/lib/httparty/connection_adapter.rb index 2f8add4..b4803cd 100644 --- a/lib/httparty/connection_adapter.rb +++ b/lib/httparty/connection_adapter.rb @@ -53,6 +53,11 @@ module HTTParty # Private: Regex used to strip brackets from IPv6 URIs. StripIpv6BracketsRegex = /\A\[(.*)\]\z/ + OPTION_DEFAULTS = { + verify: true, + verify_peer: true + } + # Public def self.call(uri, options) new(uri, options).connection @@ -65,7 +70,7 @@ module HTTParty raise ArgumentError, "uri must be a #{uri_adapter}, not a #{uri.class}" unless uri.is_a? uri_adapter @uri = uri - @options = options + @options = OPTION_DEFAULTS.merge(options) end def connection @@ -138,6 +143,10 @@ module HTTParty uri.port == 443 || uri.scheme == 'https' end + def verify_ssl_certificate? + !(options[:verify] == false || options[:verify_peer] == false) + end + def attach_ssl_certificates(http, options) if http.use_ssl? if options.fetch(:verify, true) @@ -158,7 +167,7 @@ module HTTParty if options[:pem] http.cert = OpenSSL::X509::Certificate.new(options[:pem]) http.key = OpenSSL::PKey::RSA.new(options[:pem], options[:pem_password]) - http.verify_mode = options[:verify] == false ? OpenSSL::SSL::VERIFY_NONE : OpenSSL::SSL::VERIFY_PEER + http.verify_mode = verify_ssl_certificate? ? OpenSSL::SSL::VERIFY_PEER : OpenSSL::SSL::VERIFY_NONE end # PKCS12 client certificate authentication @@ -166,7 +175,7 @@ module HTTParty p12 = OpenSSL::PKCS12.new(options[:p12], options[:p12_password]) http.cert = p12.certificate http.key = p12.key - http.verify_mode = options[:verify] == false ? OpenSSL::SSL::VERIFY_NONE : OpenSSL::SSL::VERIFY_PEER + http.verify_mode = verify_ssl_certificate? ? OpenSSL::SSL::VERIFY_PEER : OpenSSL::SSL::VERIFY_NONE end # SSL certificate authority file and/or directory diff --git a/spec/httparty/connection_adapter_spec.rb b/spec/httparty/connection_adapter_spec.rb index 65c89fa..503c138 100644 --- a/spec/httparty/connection_adapter_spec.rb +++ b/spec/httparty/connection_adapter_spec.rb @@ -27,7 +27,7 @@ RSpec.describe HTTParty::ConnectionAdapter do it "sets the options" do options = {foo: :bar} adapter = HTTParty::ConnectionAdapter.new(uri, options) - expect(adapter.options).to be options + expect(adapter.options.keys).to include(:verify, :verify_peer, :foo) end end @@ -372,9 +372,16 @@ RSpec.describe HTTParty::ConnectionAdapter do expect(subject.verify_mode).to eq(OpenSSL::SSL::VERIFY_PEER) end - context "when options include verify_peer=false" do + context "when options include verify=false" do let(:options) { {pem: pem, pem_password: "password", verify: false} } + it "should not verify the certificate" do + expect(subject.verify_mode).to eq(OpenSSL::SSL::VERIFY_NONE) + end + end + context "when options include verify_peer=false" do + let(:options) { {pem: pem, pem_password: "password", verify_peer: false} } + it "should not verify the certificate" do expect(subject.verify_mode).to eq(OpenSSL::SSL::VERIFY_NONE) end @@ -423,9 +430,16 @@ RSpec.describe HTTParty::ConnectionAdapter do expect(subject.verify_mode).to eq(OpenSSL::SSL::VERIFY_PEER) end - context "when options include verify_peer=false" do + context "when options include verify=false" do let(:options) { {p12: p12, p12_password: "password", verify: false} } + it "should not verify the certificate" do + expect(subject.verify_mode).to eq(OpenSSL::SSL::VERIFY_NONE) + end + end + context "when options include verify_peer=false" do + let(:options) { {p12: p12, p12_password: "password", verify_peer: false} } + it "should not verify the certificate" do expect(subject.verify_mode).to eq(OpenSSL::SSL::VERIFY_NONE) end