|
 |
922a051 |
From fdad6204321a2dea41b9eb71e9579e1e45b64a28 Mon Sep 17 00:00:00 2001
|
|
|
922a051 |
From: =?UTF-8?q?V=C3=ADt=20Ondruch?= <vondruch@redhat.com>
|
|
|
922a051 |
Date: Tue, 7 Feb 2017 12:14:06 +0100
|
|
|
922a051 |
Subject: [PATCH] Fix compatility with Ruby OpenSSL 2.x+.
|
|
|
922a051 |
|
|
|
922a051 |
The DEFAULT_PARAMS does not list the ciphers anymore:
|
|
|
922a051 |
|
|
|
922a051 |
https://github.com/ruby/openssl/commit/b9aea270fbe1b3f8e806e86a28d8a27e242ab251
|
|
|
922a051 |
---
|
|
|
922a051 |
lib/restclient/request.rb | 2 +-
|
|
|
922a051 |
spec/unit/request_spec.rb | 26 ++++++++------------------
|
|
|
922a051 |
2 files changed, 9 insertions(+), 19 deletions(-)
|
|
|
922a051 |
|
|
|
922a051 |
diff --git a/lib/restclient/request.rb b/lib/restclient/request.rb
|
|
|
922a051 |
index 67b69e2..52287ce 100644
|
|
|
922a051 |
--- a/lib/restclient/request.rb
|
|
|
922a051 |
+++ b/lib/restclient/request.rb
|
|
|
922a051 |
@@ -195,7 +195,7 @@ module RestClient
|
|
|
922a051 |
# If we're on a Ruby version that has insecure default ciphers,
|
|
|
922a051 |
# override it with our default list.
|
|
|
922a051 |
if WeakDefaultCiphers.include?(
|
|
|
922a051 |
- OpenSSL::SSL::SSLContext::DEFAULT_PARAMS.fetch(:ciphers))
|
|
|
922a051 |
+ OpenSSL::SSL::SSLContext.new.ciphers)
|
|
|
922a051 |
@ssl_opts[:ciphers] = DefaultCiphers
|
|
|
922a051 |
end
|
|
|
922a051 |
end
|
|
|
922a051 |
diff --git a/spec/unit/request_spec.rb b/spec/unit/request_spec.rb
|
|
|
922a051 |
index d091ae0..0c7cfe2 100644
|
|
|
922a051 |
--- a/spec/unit/request_spec.rb
|
|
|
922a051 |
+++ b/spec/unit/request_spec.rb
|
|
|
922a051 |
@@ -899,15 +899,10 @@ describe RestClient::Request, :include_helpers do
|
|
|
922a051 |
end
|
|
|
922a051 |
|
|
|
922a051 |
it "should override ssl_ciphers with better defaults with weak default ciphers" do
|
|
|
922a051 |
- stub_const(
|
|
|
922a051 |
- '::OpenSSL::SSL::SSLContext::DEFAULT_PARAMS',
|
|
|
922a051 |
- {
|
|
|
922a051 |
- :ssl_version=>"SSLv23",
|
|
|
922a051 |
- :verify_mode=>1,
|
|
|
922a051 |
- :ciphers=>"ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW",
|
|
|
922a051 |
- :options=>-2147480577,
|
|
|
922a051 |
- }
|
|
|
922a051 |
- )
|
|
|
922a051 |
+ expect(RestClient::Request::WeakDefaultCiphers)
|
|
|
922a051 |
+ .to receive(:include?)
|
|
|
922a051 |
+ .with(OpenSSL::SSL::SSLContext.new.ciphers)
|
|
|
922a051 |
+ .and_return(true)
|
|
|
922a051 |
|
|
|
922a051 |
@request = RestClient::Request.new(
|
|
|
922a051 |
:method => :put,
|
|
|
922a051 |
@@ -924,15 +919,10 @@ describe RestClient::Request, :include_helpers do
|
|
|
922a051 |
end
|
|
|
922a051 |
|
|
|
922a051 |
it "should not override ssl_ciphers with better defaults with different default ciphers" do
|
|
|
922a051 |
- stub_const(
|
|
|
922a051 |
- '::OpenSSL::SSL::SSLContext::DEFAULT_PARAMS',
|
|
|
922a051 |
- {
|
|
|
922a051 |
- :ssl_version=>"SSLv23",
|
|
|
922a051 |
- :verify_mode=>1,
|
|
|
922a051 |
- :ciphers=>"HIGH:!aNULL:!eNULL:!EXPORT:!LOW:!MEDIUM:!SSLv2",
|
|
|
922a051 |
- :options=>-2147480577,
|
|
|
922a051 |
- }
|
|
|
922a051 |
- )
|
|
|
922a051 |
+ expect(RestClient::Request::WeakDefaultCiphers)
|
|
|
922a051 |
+ .to receive(:include?)
|
|
|
922a051 |
+ .with(OpenSSL::SSL::SSLContext.new.ciphers)
|
|
|
922a051 |
+ .and_return(false)
|
|
|
922a051 |
|
|
|
922a051 |
@request = RestClient::Request.new(
|
|
|
922a051 |
:method => :put,
|
|
|
922a051 |
--
|
|
|
922a051 |
2.11.0
|
|
|
922a051 |
|