mirror of
https://github.com/ruby/ruby.git
synced 2022-11-09 12:17:21 -05:00
Remove warning for old TLS version connection
RubyGems.org already has refused connection requests using older than TLS 1.2.
This commit is contained in:
Nobuyoshi Nakada
Hiroshi SHIBATA
parent
6b2b9e0019
commit
bf72afa766
2 changed files with 1 additions and 110 deletions
|
|
@ -11,37 +11,5 @@ end
|
|||
require_relative "vendor/net-http-persistent/lib/net/http/persistent"
|
||||
|
||||
module Bundler
|
||||
class PersistentHTTP < Persistent::Net::HTTP::Persistent
|
||||
def connection_for(uri)
|
||||
super(uri) do |connection|
|
||||
result = yield connection
|
||||
warn_old_tls_version_rubygems_connection(uri, connection)
|
||||
result
|
||||
end
|
||||
end
|
||||
|
||||
def warn_old_tls_version_rubygems_connection(uri, connection)
|
||||
return unless connection.http.use_ssl?
|
||||
return unless (uri.host || "").end_with?("rubygems.org")
|
||||
|
||||
socket = connection.instance_variable_get(:@socket)
|
||||
return unless socket
|
||||
socket_io = socket.io
|
||||
return unless socket_io.respond_to?(:ssl_version)
|
||||
ssl_version = socket_io.ssl_version
|
||||
|
||||
case ssl_version
|
||||
when /TLSv([\d\.]+)/
|
||||
version = Gem::Version.new($1)
|
||||
if version < Gem::Version.new("1.2")
|
||||
Bundler.ui.warn \
|
||||
"Warning: Your Ruby version is compiled against a copy of OpenSSL that is very old. " \
|
||||
"Starting in January 2018, RubyGems.org will refuse connection requests from these " \
|
||||
"very old versions of OpenSSL. If you will need to continue installing gems after " \
|
||||
"January 2018, please follow this guide to upgrade: http://ruby.to/tls-outdated.",
|
||||
:wrap => true
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
PersistentHTTP = Persistent::Net::HTTP::Persistent
|
||||
end
|
||||
|
|
|
|||
|
|
@ -1,77 +0,0 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
require "bundler/vendored_persistent"
|
||||
|
||||
RSpec.describe Bundler::PersistentHTTP do
|
||||
describe "#warn_old_tls_version_rubygems_connection" do
|
||||
let(:uri) { "https://index.rubygems.org" }
|
||||
let(:connection) { instance_double(Bundler::Persistent::Net::HTTP::Persistent::Connection) }
|
||||
let(:tls_version) { "TLSv1.2" }
|
||||
let(:socket) { double("Socket") }
|
||||
let(:socket_io) { double("SocketIO") }
|
||||
|
||||
before do
|
||||
allow(connection).to receive_message_chain(:http, :use_ssl?).and_return(!tls_version.nil?)
|
||||
allow(socket).to receive(:io).and_return(socket_io) if socket
|
||||
connection.instance_variable_set(:@socket, socket)
|
||||
|
||||
if tls_version
|
||||
allow(socket_io).to receive(:ssl_version).and_return(tls_version)
|
||||
end
|
||||
end
|
||||
|
||||
shared_examples_for "does not warn" do
|
||||
it "does not warn" do
|
||||
allow(Bundler.ui).to receive(:warn).never
|
||||
subject.warn_old_tls_version_rubygems_connection(Bundler::URI(uri), connection)
|
||||
end
|
||||
end
|
||||
|
||||
shared_examples_for "does warn" do |*expected|
|
||||
it "warns" do
|
||||
expect(Bundler.ui).to receive(:warn).with(*expected)
|
||||
subject.warn_old_tls_version_rubygems_connection(Bundler::URI(uri), connection)
|
||||
end
|
||||
end
|
||||
|
||||
context "an HTTPS uri with TLSv1.2" do
|
||||
include_examples "does not warn"
|
||||
end
|
||||
|
||||
context "without SSL" do
|
||||
let(:tls_version) { nil }
|
||||
|
||||
include_examples "does not warn"
|
||||
end
|
||||
|
||||
context "without a socket" do
|
||||
let(:socket) { nil }
|
||||
|
||||
include_examples "does not warn"
|
||||
end
|
||||
|
||||
context "with a different TLD" do
|
||||
let(:uri) { "https://foo.bar" }
|
||||
include_examples "does not warn"
|
||||
|
||||
context "and an outdated TLS version" do
|
||||
let(:tls_version) { "TLSv1" }
|
||||
include_examples "does not warn"
|
||||
end
|
||||
end
|
||||
|
||||
context "with a nonsense TLS version" do
|
||||
let(:tls_version) { "BlahBlah2.0Blah" }
|
||||
include_examples "does not warn"
|
||||
end
|
||||
|
||||
context "with an outdated TLS version" do
|
||||
let(:tls_version) { "TLSv1" }
|
||||
include_examples "does warn",
|
||||
"Warning: Your Ruby version is compiled against a copy of OpenSSL that is very old. " \
|
||||
"Starting in January 2018, RubyGems.org will refuse connection requests from these very old versions of OpenSSL. " \
|
||||
"If you will need to continue installing gems after January 2018, please follow this guide to upgrade: http://ruby.to/tls-outdated.",
|
||||
:wrap => true
|
||||
end
|
||||
end
|
||||
end
|
||||
Loading…
Reference in a new issue