+++ /dev/null
-require 'openssl'
-require 'em-http'
-
-module EmHttpSslPatch
- def ssl_verify_peer(cert_string)
- cert = nil
- begin
- cert = OpenSSL::X509::Certificate.new(cert_string)
- rescue OpenSSL::X509::CertificateError
- return false
- end
-
- @last_seen_cert = cert
-
- if certificate_store.verify(@last_seen_cert)
- begin
- certificate_store.add_cert(@last_seen_cert)
- rescue OpenSSL::X509::StoreError => e
- raise e unless e.message == 'cert already in hash table'
- end
- true
- else
- raise OpenSSL::SSL::SSLError.new(%(unable to verify the server certificate for "#{host}"))
- end
- end
-
- def ssl_handshake_completed
- return true unless verify_peer?
-
- unless OpenSSL::SSL.verify_certificate_identity(@last_seen_cert, host)
- raise OpenSSL::SSL::SSLError.new(%(host "#{host}" does not match the server certificate))
- else
- true
- end
- end
-
- def verify_peer?
- parent.connopts.tls[:verify_peer]
- end
-
- def host
- parent.connopts.host
- end
-
- def certificate_store
- @certificate_store ||= begin
- store = OpenSSL::X509::Store.new
- store.set_default_paths
- ca_file = parent.connopts.tls[:cert_chain_file]
- store.add_file(ca_file) if ca_file
- store
- end
- end
-end
-
-EventMachine::HttpStubConnection.send(:include, EmHttpSslPatch)