* lib/net/pop.rb (enable_ssl): use OpenSSL::SSL::SSLContext.build

instead of SSLContext.new (default verify mode is now OpenSSL::SSL::VERIFY_PEER). git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@14467 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2022-11-09 12:17:21 -05:00 · 2007-12-22 06:03:20 +00:00 · 2007-12-22 06:03:20 +00:00 · a7ef0c7303
commit a7ef0c7303
parent da8b4a5e41
2 changed files with 61 additions and 50 deletions
--- a/6
+++ b/6
@ -1,3 +1,9 @@
 Sat Dec 22 15:01:16 2007  Shugo Maeda  <shugo@ruby-lang.org>
 	* lib/net/pop.rb (enable_ssl): use OpenSSL::SSL::SSLContext.build
 	  instead of SSLContext.new (default verify mode is now
 	  OpenSSL::SSL::VERIFY_PEER).
 Sat Dec 22 14:45:21 2007  Tadayoshi Funaba  <tadf@dotrb.org>
 	* lib/date.rb: shouldn't freeze nil. [ruby-dev:32677]
--- a/lib/net/pop.rb
+++ b/lib/net/pop.rb
@ -25,7 +25,7 @@ require 'digest/md5'
 require 'timeout'
 begin
-  require "openssl"
+  require "openssl/ssl"
 rescue LoadError
 end
@ -322,38 +322,53 @@ module Net
    # SSL
    #
-    @use_ssl = false
+    @ssl_params = nil
    @verify = nil
    @certs = nil
    # call-seq:
    #    Net::POP.enable_ssl(params = {})
    #
    # Enable SSL for all new instances.
-    # +verify+ is the type of verification to do on the Server Cert; Defaults
+    # +params+ is passed to OpenSSL::SSLContext.build.
-    # to OpenSSL::SSL::VERIFY_NONE.
+    def POP3.enable_ssl(*args)
-    # +certs+ is a file or directory holding CA certs to use to verify the 
+      @ssl_params = create_ssl_params(*args)
-    # server cert; Defaults to nil.
+    end
-    def POP3.enable_ssl(verify = OpenSSL::SSL::VERIFY_NONE, certs = nil)
+
-      @use_ssl = true
+    def POP3.create_ssl_params(verify_or_params = {}, certs = nil)
-      @verify = verify
+      begin
-      @certs = certs  
+        params = verify_or_params.to_hash
      rescue NoMethodError
        params = {}
        params[:verify_mode] = verify_or_params
        if certs
          if File.file?(certs)
            params[:ca_file] = certs
          elsif File.directory?(certs)
            params[:ca_path] = certs
          end
        end
      end
      return params
    end
    # Disable SSL for all new instances.
    def POP3.disable_ssl
-      @use_ssl = nil
+      @ssl_params = nil
-      @verify = nil
+    end
-      @certs = nil
+
    def POP3.ssl_params
      return @ssl_params
    end
    def POP3.use_ssl?
-      @use_ssl
+      return !@ssl_params.nil?
    end
    def POP3.verify
-      @verify
+      return @ssl_params[:verify_mode]
    end
    def POP3.certs
-      @certs
+      return @ssl_params[:ca_file] || @ssl_params[:ca_path]
    end
    #
@ -394,11 +409,9 @@ module Net
    # This method does *not* open the TCP connection.
    def initialize(addr, port = nil, isapop = false)
      @address = addr
-      @use_ssl = POP3.use_ssl?
+      @ssl_params = POP3.ssl_params
-      @port = port || (POP3.use_ssl? ? POP3.default_pop3s_port : POP3.default_pop3_port)
+      @port = port
      @apop = isapop
      @certs = POP3.certs
      @verify = POP3.verify
      @command = nil
      @socket = nil
@ -419,28 +432,28 @@ module Net
    # does this instance use SSL?
    def use_ssl?
-      @use_ssl
+      return !@ssl_params.nil?
    end
    # call-seq:
    #    Net::POP#enable_ssl(params = {})
    #
    # Enables SSL for this instance.  Must be called before the connection is
    # established to have any effect.
-    # +verify+ is the type of verification to do on the Server Cert; Defaults
+    # +params[:port]+ is port to establish the SSL connection on; Defaults to 995.
-    # to OpenSSL::SSL::VERIFY_NONE.
+    # +params+ (except :port) is passed to OpenSSL::SSLContext.build.
-    # +certs+ is a file or directory holding CA certs to use to verify the 
+    def enable_ssl(verify_or_params = {}, certs = nil, port = nil)
-    # server cert; Defaults to nil.
+      begin
-    # +port+ is port to establish the SSL connection on; Defaults to 995.
+        @ssl_params = verify_or_params.to_hash.dup
-    def enable_ssl(verify = OpenSSL::SSL::VERIFY_NONE, certs = nil, 
+        @port = @ssl_params.delete(:port) || @port
-                   port = POP3.default_pop3s_port)
+      rescue NoMethodError
-      @use_ssl = true
+        @ssl_params = POP3.create_ssl_params(verify_or_params, certs)
-      @verify = verify
+        @port = port || @port
-      @certs = certs
+      end
      @port = port
    end
    def disable_ssl
-      @use_ssl = false
+      @ssl_params = nil
      @verify = nil
      @certs = nil
    end
    # Provide human-readable stringification of class state.
@ -469,7 +482,9 @@ module Net
    attr_reader :address
    # The port number to connect to.
-    attr_reader :port
+    def port
      return @port || (use_ssl? ? POP3.default_pop3s_port : POP3.default_pop3_port)
    end
    # Seconds to wait until a connection is opened.
    # If the POP3 object cannot open a connection within this time,
@ -516,20 +531,10 @@ module Net
    end
    def do_start(account, password)
-      s = timeout(@open_timeout) { TCPSocket.open(@address, @port) }
+      s = timeout(@open_timeout) { TCPSocket.open(@address, port) }
      if use_ssl?
        raise 'openssl library not installed' unless defined?(OpenSSL)
-        context = OpenSSL::SSL::SSLContext.new
+        context = OpenSSL::SSL::SSLContext.build(@ssl_params)
        context.verify_mode = @verify
        if @certs
          if File.file?(@certs)
            context.ca_file = @certs
          elsif File.directory?(@certs)
            context.ca_path = @certs
          else
            raise ArgumentError, "certs path is not file/directory: #{@certs}"
          end
        end
        s = OpenSSL::SSL::SSLSocket.new(s, context)
        s.sync_close = true
        s.connect