X-Git-Url: https://git.donarmstrong.com/?p=dsa-puppet.git;a=blobdiff_plain;f=3rdparty%2Fmodules%2Faviator%2Ffeature%2Ffaraday%2Fadapter%2Fem_http_ssl_patch.rb;fp=3rdparty%2Fmodules%2Faviator%2Ffeature%2Ffaraday%2Fadapter%2Fem_http_ssl_patch.rb;h=8bbfcbce3fb3f706f9921b70f83e65dc05b83cbf;hp=0000000000000000000000000000000000000000;hb=b7626cbcbb2fb8e7ce3dc5ac60e80a981175f9d3;hpb=8132e6bb1199463f5e334326659c974d4772b3e3 diff --git a/3rdparty/modules/aviator/feature/faraday/adapter/em_http_ssl_patch.rb b/3rdparty/modules/aviator/feature/faraday/adapter/em_http_ssl_patch.rb new file mode 100644 index 00000000..8bbfcbce --- /dev/null +++ b/3rdparty/modules/aviator/feature/faraday/adapter/em_http_ssl_patch.rb @@ -0,0 +1,56 @@ +require 'openssl' +require 'em-http' + +module EmHttpSslPatch + def ssl_verify_peer(cert_string) + cert = nil + begin + cert = OpenSSL::X509::Certificate.new(cert_string) + rescue OpenSSL::X509::CertificateError + return false + end + + @last_seen_cert = cert + + if certificate_store.verify(@last_seen_cert) + begin + certificate_store.add_cert(@last_seen_cert) + rescue OpenSSL::X509::StoreError => e + raise e unless e.message == 'cert already in hash table' + end + true + else + raise OpenSSL::SSL::SSLError.new(%(unable to verify the server certificate for "#{host}")) + end + end + + def ssl_handshake_completed + return true unless verify_peer? + + unless OpenSSL::SSL.verify_certificate_identity(@last_seen_cert, host) + raise OpenSSL::SSL::SSLError.new(%(host "#{host}" does not match the server certificate)) + else + true + end + end + + def verify_peer? + parent.connopts.tls[:verify_peer] + end + + def host + parent.connopts.host + end + + def certificate_store + @certificate_store ||= begin + store = OpenSSL::X509::Store.new + store.set_default_paths + ca_file = parent.connopts.tls[:cert_chain_file] + store.add_file(ca_file) if ca_file + store + end + end +end + +EventMachine::HttpStubConnection.send(:include, EmHttpSslPatch)