3rdparty/modules/aviator/feature/faraday/adapter/em_http_ssl_patch.rb

   1 require 'openssl'
   2 require 'em-http'
   3
   4 module EmHttpSslPatch
   5   def ssl_verify_peer(cert_string)
   6     cert = nil
   7     begin
   8       cert = OpenSSL::X509::Certificate.new(cert_string)
   9     rescue OpenSSL::X509::CertificateError
  10       return false
  11     end
  12
  13     @last_seen_cert = cert
  14
  15     if certificate_store.verify(@last_seen_cert)
  16       begin
  17         certificate_store.add_cert(@last_seen_cert)
  18       rescue OpenSSL::X509::StoreError => e
  19         raise e unless e.message == 'cert already in hash table'
  20       end
  21       true
  22     else
  23       raise OpenSSL::SSL::SSLError.new(%(unable to verify the server certificate for "#{host}"))
  24     end
  25   end
  26
  27   def ssl_handshake_completed
  28     return true unless verify_peer?
  29
  30     unless OpenSSL::SSL.verify_certificate_identity(@last_seen_cert, host)
  31       raise OpenSSL::SSL::SSLError.new(%(host "#{host}" does not match the server certificate))
  32     else
  33       true
  34     end
  35   end
  36
  37   def verify_peer?
  38     parent.connopts.tls[:verify_peer]
  39   end
  40
  41   def host
  42     parent.connopts.host
  43   end
  44
  45   def certificate_store
  46     @certificate_store ||= begin
  47       store = OpenSSL::X509::Store.new
  48       store.set_default_paths
  49       ca_file = parent.connopts.tls[:cert_chain_file]
  50       store.add_file(ca_file) if ca_file
  51       store
  52     end
  53   end
  54 end
  55
  56 EventMachine::HttpStubConnection.send(:include, EmHttpSslPatch)