* lib/net/pop.rb (enable_ssl): use OpenSSL::SSL::SSLContext.build

instead of SSLContext.new (default verify mode is now OpenSSL::SSL::VERIFY_PEER). git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@14467 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2022-11-09 12:17:21 -05:00 · 2007-12-22 06:03:20 +00:00 · 2007-12-22 06:03:20 +00:00 · a7ef0c7303
commit a7ef0c7303
parent da8b4a5e41
2 changed files with 61 additions and 50 deletions
--- a/6
+++ b/6
@ -1,3 +1,9 @@
+Sat Dec 22 15:01:16 2007  Shugo Maeda  <shugo@ruby-lang.org>
+
+	* lib/net/pop.rb (enable_ssl): use OpenSSL::SSL::SSLContext.build
+	  instead of SSLContext.new (default verify mode is now
+	  OpenSSL::SSL::VERIFY_PEER).
+
 Sat Dec 22 14:45:21 2007  Tadayoshi Funaba  <tadf@dotrb.org>

 	* lib/date.rb: shouldn't freeze nil. [ruby-dev:32677]
--- a/lib/net/pop.rb
+++ b/lib/net/pop.rb
@ -25,7 +25,7 @@ require 'digest/md5'
 require 'timeout'

 begin
-  require "openssl"
+  require "openssl/ssl"
 rescue LoadError
 end

@ -322,38 +322,53 @@ module Net
    # SSL
    #

-    @use_ssl = false
-    @verify = nil
-    @certs = nil
+    @ssl_params = nil

+    # call-seq:
+    #    Net::POP.enable_ssl(params = {})
+    #
    # Enable SSL for all new instances.
-    # +verify+ is the type of verification to do on the Server Cert; Defaults
-    # to OpenSSL::SSL::VERIFY_NONE.
-    # +certs+ is a file or directory holding CA certs to use to verify the 
-    # server cert; Defaults to nil.
-    def POP3.enable_ssl(verify = OpenSSL::SSL::VERIFY_NONE, certs = nil)
-      @use_ssl = true
-      @verify = verify
-      @certs = certs  
+    # +params+ is passed to OpenSSL::SSLContext.build.
+    def POP3.enable_ssl(*args)
+      @ssl_params = create_ssl_params(*args)
+    end
+
+    def POP3.create_ssl_params(verify_or_params = {}, certs = nil)
+      begin
+        params = verify_or_params.to_hash
+      rescue NoMethodError
+        params = {}
+        params[:verify_mode] = verify_or_params
+        if certs
+          if File.file?(certs)
+            params[:ca_file] = certs
+          elsif File.directory?(certs)
+            params[:ca_path] = certs
+          end
+        end
+      end
+      return params
    end

    # Disable SSL for all new instances.
    def POP3.disable_ssl
-      @use_ssl = nil
-      @verify = nil
-      @certs = nil
+      @ssl_params = nil
+    end
+
+    def POP3.ssl_params
+      return @ssl_params
    end

    def POP3.use_ssl?
-      @use_ssl
+      return !@ssl_params.nil?
    end

    def POP3.verify
-      @verify
+      return @ssl_params[:verify_mode]
    end

    def POP3.certs
-      @certs
+      return @ssl_params[:ca_file] || @ssl_params[:ca_path]
    end

    #
@ -394,11 +409,9 @@ module Net
    # This method does *not* open the TCP connection.
    def initialize(addr, port = nil, isapop = false)
      @address = addr
-      @use_ssl = POP3.use_ssl?
-      @port = port || (POP3.use_ssl? ? POP3.default_pop3s_port : POP3.default_pop3_port)
+      @ssl_params = POP3.ssl_params
+      @port = port
      @apop = isapop
-      @certs = POP3.certs
-      @verify = POP3.verify
      
      @command = nil
      @socket = nil
@ -419,28 +432,28 @@ module Net

    # does this instance use SSL?
    def use_ssl?
-      @use_ssl
+      return !@ssl_params.nil?
    end
   
+    # call-seq:
+    #    Net::POP#enable_ssl(params = {})
+    #
    # Enables SSL for this instance.  Must be called before the connection is
    # established to have any effect.
-    # +verify+ is the type of verification to do on the Server Cert; Defaults
-    # to OpenSSL::SSL::VERIFY_NONE.
-    # +certs+ is a file or directory holding CA certs to use to verify the 
-    # server cert; Defaults to nil.
-    # +port+ is port to establish the SSL connection on; Defaults to 995.
-    def enable_ssl(verify = OpenSSL::SSL::VERIFY_NONE, certs = nil, 
-                   port = POP3.default_pop3s_port)
-      @use_ssl = true
-      @verify = verify
-      @certs = certs
-      @port = port
+    # +params[:port]+ is port to establish the SSL connection on; Defaults to 995.
+    # +params+ (except :port) is passed to OpenSSL::SSLContext.build.
+    def enable_ssl(verify_or_params = {}, certs = nil, port = nil)
+      begin
+        @ssl_params = verify_or_params.to_hash.dup
+        @port = @ssl_params.delete(:port) || @port
+      rescue NoMethodError
+        @ssl_params = POP3.create_ssl_params(verify_or_params, certs)
+        @port = port || @port
+      end
    end
    
    def disable_ssl
-      @use_ssl = false
-      @verify = nil
-      @certs = nil
+      @ssl_params = nil
    end

    # Provide human-readable stringification of class state.
@ -469,7 +482,9 @@ module Net
    attr_reader :address

    # The port number to connect to.
-    attr_reader :port
+    def port
+      return @port || (use_ssl? ? POP3.default_pop3s_port : POP3.default_pop3_port)
+    end

    # Seconds to wait until a connection is opened.
    # If the POP3 object cannot open a connection within this time,
@ -516,20 +531,10 @@ module Net
    end

    def do_start(account, password)
-      s = timeout(@open_timeout) { TCPSocket.open(@address, @port) }
+      s = timeout(@open_timeout) { TCPSocket.open(@address, port) }
      if use_ssl?
        raise 'openssl library not installed' unless defined?(OpenSSL)
-        context = OpenSSL::SSL::SSLContext.new
-        context.verify_mode = @verify
-        if @certs
-          if File.file?(@certs)
-            context.ca_file = @certs
-          elsif File.directory?(@certs)
-            context.ca_path = @certs
-          else
-            raise ArgumentError, "certs path is not file/directory: #{@certs}"
-          end
-        end
+        context = OpenSSL::SSL::SSLContext.build(@ssl_params)
        s = OpenSSL::SSL::SSLSocket.new(s, context)
        s.sync_close = true
        s.connect