ruby-changes:2987

gotoyuzo	2007-12-22 17:31:53 +0900 (Sat, 22 Dec 2007)

  New Revision: 14479

  Modified files:
    trunk/ChangeLog
    trunk/ext/openssl/lib/openssl/ssl.rb
    trunk/lib/net/http.rb
    trunk/lib/net/imap.rb
    trunk/lib/net/pop.rb
    trunk/test/net/http/test_https.rb
    trunk/test/openssl/test_ssl.rb

  Log:
    * ext/openssl/lib/net/ssl.rb (OpenSSL::SSL::SSLContext.build): removed.
    
    * ext/openssl/lib/net/ssl.rb (OpenSSL::SSL::SSLContext#set_params):
      new method to set suitable SSL parameters.
    
    * lib/net/pop.rb, lib/net/http.rb, lib/net/imap.rb, 
      test/openssl/test_ssl.rb: follow above change.
    
    * test/net/http/test_https.rb: refine error case.


  http://svn.ruby-lang.org/cgi-bin/viewvc.cgi/trunk/lib/net/imap.rb?r1=14479&r2=14478
  http://svn.ruby-lang.org/cgi-bin/viewvc.cgi/trunk/ChangeLog?r1=14479&r2=14478
  http://svn.ruby-lang.org/cgi-bin/viewvc.cgi/trunk/test/net/http/test_https.rb?r1=14479&r2=14478
  http://svn.ruby-lang.org/cgi-bin/viewvc.cgi/trunk/lib/net/pop.rb?r1=14479&r2=14478
  http://svn.ruby-lang.org/cgi-bin/viewvc.cgi/trunk/test/openssl/test_ssl.rb?r1=14479&r2=14478
  http://svn.ruby-lang.org/cgi-bin/viewvc.cgi/trunk/lib/net/http.rb?r1=14479&r2=14478
  http://svn.ruby-lang.org/cgi-bin/viewvc.cgi/trunk/ext/openssl/lib/openssl/ssl.rb?r1=14479&r2=14478

Index: ChangeLog
===================================================================
--- ChangeLog	(revision 14478)
+++ ChangeLog	(revision 14479)
@@ -1,3 +1,15 @@
+Sat Dec 22 17:06:50 2007  GOTOU Yuuzou  <gotoyuzo@n...>
+
+	* ext/openssl/lib/net/ssl.rb (OpenSSL::SSL::SSLContext.build): removed.
+
+	* ext/openssl/lib/net/ssl.rb (OpenSSL::SSL::SSLContext#set_params):
+	  new method to set suitable SSL parameters.
+
+	* lib/net/pop.rb, lib/net/http.rb, lib/net/imap.rb, 
+	  test/openssl/test_ssl.rb: follow above change.
+
+	* test/net/http/test_https.rb: refine error case.
+
 Sat Dec 22 16:58:49 2007  Shugo Maeda  <shugo@r...>
 
 	* lib/net/imap.rb (encode_utf7): accept UTF-8 strings.
@@ -19,7 +31,7 @@
 	* transcode_data_japanese: new data file for EUC-JP and SHIFT_JIS
 	  (not yet optimized; tests to follow; data from
 	  http://nkf.sourceforge.jp/ucm/{SJIS|eucJP}-nkf.ucm)
-    
+
 	* common.mk, transcode.c: Adjusted for transcode_data_japanese
 
 Sat Dec 22 15:30:13 2007  NAKAMURA Usaku  <usa@r...>
Index: lib/net/pop.rb
===================================================================
--- lib/net/pop.rb	(revision 14478)
+++ lib/net/pop.rb	(revision 14479)
@@ -328,7 +328,7 @@
     #    Net::POP.enable_ssl(params = {})
     #
     # Enable SSL for all new instances.
-    # +params+ is passed to OpenSSL::SSLContext.build.
+    # +params+ is passed to OpenSSL::SSLContext#set_params.
     def POP3.enable_ssl(*args)
       @ssl_params = create_ssl_params(*args)
     end
@@ -441,7 +441,7 @@
     # Enables SSL for this instance.  Must be called before the connection is
     # established to have any effect.
     # +params[:port]+ is port to establish the SSL connection on; Defaults to 995.
-    # +params+ (except :port) is passed to OpenSSL::SSLContext.build.
+    # +params+ (except :port) is passed to OpenSSL::SSLContext#set_params.
     def enable_ssl(verify_or_params = {}, certs = nil, port = nil)
       begin
         @ssl_params = verify_or_params.to_hash.dup
@@ -534,7 +534,8 @@
       s = timeout(@open_timeout) { TCPSocket.open(@address, port) }
       if use_ssl?
         raise 'openssl library not installed' unless defined?(OpenSSL)
-        context = OpenSSL::SSL::SSLContext.build(@ssl_params)
+        context = OpenSSL::SSL::SSLContext.new
+        context.set_params(@ssl_params)
         s = OpenSSL::SSL::SSLSocket.new(s, context)
         s.sync_close = true
         s.connect
Index: lib/net/http.rb
===================================================================
--- lib/net/http.rb	(revision 14478)
+++ lib/net/http.rb	(revision 14479)
@@ -581,7 +581,8 @@
             ssl_parameters[name] = value
           end
         end
-        @ssl_context = OpenSSL::SSL::SSLContext.build(ssl_parameters)
+        @ssl_context = OpenSSL::SSL::SSLContext.new
+        @ssl_context.set_params(ssl_parameters)
         s = OpenSSL::SSL::SSLSocket.new(s, @ssl_context)
         s.sync_close = true
       end
Index: lib/net/imap.rb
===================================================================
--- lib/net/imap.rb	(revision 14478)
+++ lib/net/imap.rb	(revision 14479)
@@ -892,7 +892,7 @@
     #         OpenSSL [OSSL] and the Ruby OpenSSL [RSSL] extensions need to
     #         be installed.
     #         if options[:ssl] is a hash, it's passed to 
-    #         OpenSSL::SSL::SSLContext.build as parameters.
+    #         OpenSSL::SSL::SSLContext#set_params as parameters.
     #
     # The most common errors are:
     #
@@ -1263,7 +1263,8 @@
       rescue NoMethodError
         params = {}
       end
-      context = SSLContext.build(params)
+      context = SSLContext.new
+      context.set_params(params)
       if defined?(VerifyCallbackProc)
         context.verify_callback = VerifyCallbackProc 
       end
Index: ext/openssl/lib/openssl/ssl.rb
===================================================================
--- ext/openssl/lib/openssl/ssl.rb	(revision 14478)
+++ ext/openssl/lib/openssl/ssl.rb	(revision 14479)
@@ -21,30 +21,28 @@
 module OpenSSL
   module SSL
     class SSLContext
-      class <<self
-        def build(params={})
-          default_params = {
-            :ssl_version => "SSLv23",
-            :verify_mode => OpenSSL::SSL::VERIFY_PEER,
-            :ciphers => "ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW",
-            :options => OpenSSL::SSL::OP_ALL,
-          }
-          params = default_params.merge(params)
-          ctx = new()
-          params.each{|name, value| ctx.__send__("#{name}=", value) }
-          ctx.verify_mode ||= OpenSSL::SSL::VERIFY_NONE
-          if ctx.verify_mode != OpenSSL::SSL::VERIFY_NONE
-            unless ctx.ca_file or ctx.ca_path or
-                     ctx.cert_store or ctx.verify_callback
-              ctx.cert_store = OpenSSL::X509::Store.new
-              if defined?(OpenSSL::X509::V_FLAG_CRL_CHECK_ALL)
-                ctx.cert_store.flags = OpenSSL::X509::V_FLAG_CRL_CHECK_ALL
-              end
-              ctx.cert_store.set_default_paths
-            end
+      DEFAULT_PARAMS = {
+        :ssl_version => "SSLv23",
+        :verify_mode => OpenSSL::SSL::VERIFY_PEER,
+        :ciphers => "ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW",
+        :options => OpenSSL::SSL::OP_ALL,
+      }
+
+      DEFAULT_CERT_STORE = OpenSSL::X509::Store.new
+      DEFAULT_CERT_STORE.set_default_paths
+      if defined?(OpenSSL::X509::V_FLAG_CRL_CHECK_ALL)
+        DEFAULT_CERT_STORE.flags = OpenSSL::X509::V_FLAG_CRL_CHECK_ALL
+      end
+
+      def set_params(params={})
+        params = DEFAULT_PARAMS.merge(params)
+        params.each{|name, value| self.__send__("#{name}=", value) }
+        if self.verify_mode != OpenSSL::SSL::VERIFY_NONE
+          unless self.ca_file or self.ca_path or self.cert_store
+            self.cert_store = DEFAULT_CERT_STORE
           end
-          return ctx
         end
+        return params
       end
     end
 
Index: test/openssl/test_ssl.rb
===================================================================
--- test/openssl/test_ssl.rb	(revision 14478)
+++ test/openssl/test_ssl.rb	(revision 14479)
@@ -245,13 +245,15 @@
   def test_verify_result
     start_server(PORT, OpenSSL::SSL::VERIFY_NONE, true){|server, port|
       sock = TCPSocket.new("127.0.0.1", port)
-      ctx = OpenSSL::SSL::SSLContext.build
+      ctx = OpenSSL::SSL::SSLContext.new
+      ctx.set_params
       ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
       assert_raise(OpenSSL::SSL::SSLError){ ssl.connect }
       assert_equal(OpenSSL::X509::V_ERR_SELF_SIGNED_CERT_IN_CHAIN, ssl.verify_result)
 
       sock = TCPSocket.new("127.0.0.1", port)
-      ctx = OpenSSL::SSL::SSLContext.build(
+      ctx = OpenSSL::SSL::SSLContext.new
+      ctx.set_params(
         :verify_callback => Proc.new do |preverify_ok, store_ctx|
           store_ctx.error = OpenSSL::X509::V_OK
           true
@@ -262,7 +264,8 @@
       assert_equal(OpenSSL::X509::V_OK, ssl.verify_result)
 
       sock = TCPSocket.new("127.0.0.1", port)
-      ctx = OpenSSL::SSL::SSLContext.build(
+      ctx = OpenSSL::SSL::SSLContext.new
+      ctx.set_params(
         :verify_callback => Proc.new do |preverify_ok, store_ctx|
           store_ctx.error = OpenSSL::X509::V_ERR_APPLICATION_VERIFICATION
           false
@@ -274,10 +277,11 @@
     }
   end
 
-  def test_sslctx_build
+  def test_sslctx_set_params
     start_server(PORT, OpenSSL::SSL::VERIFY_NONE, true){|server, port|
       sock = TCPSocket.new("127.0.0.1", port)
-      ctx = OpenSSL::SSL::SSLContext.build
+      ctx = OpenSSL::SSL::SSLContext.new
+      ctx.set_params
       assert_equal(OpenSSL::SSL::VERIFY_PEER, ctx.verify_mode)
       assert_equal(OpenSSL::SSL::OP_ALL, ctx.options)
       ciphers = ctx.ciphers
Index: test/net/http/test_https.rb
===================================================================
--- test/net/http/test_https.rb	(revision 14478)
+++ test/net/http/test_https.rb	(revision 14479)
@@ -59,7 +59,7 @@
       http = Net::HTTP.new("ssl.netlab.jp", 443)
       http.use_ssl = true
       assert(
-        http.request_head("/"){|res| },
+        (http.request_head("/"){|res| } rescue false),
         "The system may not have default CA certificate store."
       )
     end

--
ML: ruby-changes@q...
Info: http://www.atdot.net/~ko1/quickml