Class: EventMachine::HttpStubConnection

Inherits:
Connection
  • Object
show all
Includes:
Deferrable
Defined in:
lib/em-http/http_connection.rb

Instance Attribute Summary collapse

Instance Method Summary collapse

Instance Attribute Details

#parentObject

Returns the value of attribute parent.



17
18
19
 
# File 'lib/em-http/http_connection.rb', line 17

def parent
  @parent
end

Instance Method Details

#certificate_storeObject 



86
87
88
89
90
91
92
93
94
 
# File 'lib/em-http/http_connection.rb', line 86

def certificate_store
  @certificate_store ||= begin
    store = OpenSSL::X509::Store.new
    store.set_default_paths
    ca_file = parent.connopts.tls[:cert_chain_file]
    store.add_file(ca_file) if ca_file
    store
  end
end

#connection_completedObject 



32
33
34
 
# File 'lib/em-http/http_connection.rb', line 32

def connection_completed
  @parent.connection_completed
end

#hostObject 



82
83
84
 
# File 'lib/em-http/http_connection.rb', line 82

def host
  parent.connopts.host
end

#receive_data(data) ⇒ Object 



24
25
26
27
28
29
30
 
# File 'lib/em-http/http_connection.rb', line 24

def receive_data(data)
  begin
    @parent.receive_data data
  rescue EventMachine::Connectify::CONNECTError => e
    @parent.close(e.message)
  end
end

#ssl_handshake_completedObject 



64
65
66
67
68
69
70
71
72
73
74
75
76
 
# File 'lib/em-http/http_connection.rb', line 64

def ssl_handshake_completed
  unless verify_peer?
    warn "[WARNING; em-http-request] TLS hostname validation is disabled (use 'tls: {verify_peer: true}'), see" +
         " CVE-2020-13482 and https://github.com/igrigorik/em-http-request/issues/339 for details" unless parent.connopts.tls.has_key?(:verify_peer)
    return true
  end

  unless OpenSSL::SSL.verify_certificate_identity(@last_seen_cert, host)
    raise OpenSSL::SSL::SSLError.new(%(host "#{host}" does not match the server certificate))
  else
    true
  end
end

#ssl_verify_peer(cert_string) ⇒ Object

TLS verification support, original implementation by Mislav Marohnić github.com/lostisland/faraday/blob/63cf47c95b573539f047c729bd9ad67560bc83ff/lib/faraday/adapter/em_http_ssl_patch.rb



42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
 
# File 'lib/em-http/http_connection.rb', line 42

def ssl_verify_peer(cert_string)
  cert = nil
  begin
    cert = OpenSSL::X509::Certificate.new(cert_string)
  rescue OpenSSL::X509::CertificateError
    return false
  end

  @last_seen_cert = cert

  if certificate_store.verify(@last_seen_cert)
    begin
      certificate_store.add_cert(@last_seen_cert)
    rescue OpenSSL::X509::StoreError => e
      raise e unless e.message == 'cert already in hash table'
    end
    true
  else
    raise OpenSSL::SSL::SSLError.new(%(unable to verify the server certificate for "#{host}"))
  end
end

#unbind(reason = nil) ⇒ Object 



36
37
38
 
# File 'lib/em-http/http_connection.rb', line 36

def unbind(reason=nil)
  @parent.unbind(reason)
end

#verify_peer?Boolean

Returns:

  • (Boolean) 


78
79
80
 
# File 'lib/em-http/http_connection.rb', line 78

def verify_peer?
  parent.connopts.tls[:verify_peer]
end