[前][次][番号順一覧][スレッド一覧]

ruby-changes:48197

From: naruse <ko1@a...>
Date: Sun, 22 Oct 2017 01:25:26 +0900 (JST)
Subject: [ruby-changes:48197] naruse:r60311 (trunk): Introduce Net::HTTP#min_version/max_version [Feature #9450]

naruse	2017-10-22 01:25:22 +0900 (Sun, 22 Oct 2017)

  New Revision: 60311

  https://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=60311

  Log:
    Introduce Net::HTTP#min_version/max_version [Feature #9450]
    
    Set SSL minimum/maximum version.

  Modified files:
    trunk/NEWS
    trunk/lib/net/http.rb
    trunk/test/net/http/test_https.rb
Index: NEWS
===================================================================
--- NEWS	(revision 60310)
+++ NEWS	(revision 60311)
@@ -74,6 +74,7 @@ with all sufficient information, see the https://github.com/ruby/ruby/blob/trunk/NEWS#L74
 * Net::HTTP
 
   * Net::HTTP.new supports no_proxy parameter [Feature #11195]
+  * Net::HTTP#min_version/max_version [Feature #9450]
 
 * Numeric
 
Index: lib/net/http.rb
===================================================================
--- lib/net/http.rb	(revision 60310)
+++ lib/net/http.rb	(revision 60311)
@@ -816,6 +816,8 @@ module Net   #:nodoc: https://github.com/ruby/ruby/blob/trunk/lib/net/http.rb#L816
       :@key,
       :@ssl_timeout,
       :@ssl_version,
+      :@min_version,
+      :@max_version,
       :@verify_callback,
       :@verify_depth,
       :@verify_mode,
@@ -829,6 +831,8 @@ module Net   #:nodoc: https://github.com/ruby/ruby/blob/trunk/lib/net/http.rb#L831
       :key,
       :ssl_timeout,
       :ssl_version,
+      :min_version,
+      :max_version,
       :verify_callback,
       :verify_depth,
       :verify_mode,
@@ -863,6 +867,12 @@ module Net   #:nodoc: https://github.com/ruby/ruby/blob/trunk/lib/net/http.rb#L867
     # Sets the SSL version.  See OpenSSL::SSL::SSLContext#ssl_version=
     attr_accessor :ssl_version
 
+    # Sets the minimum SSL version.  See OpenSSL::SSL::SSLContext#min_version=
+    attr_accessor :min_version
+
+    # Sets the maximum SSL version.  See OpenSSL::SSL::SSLContext#max_version=
+    attr_accessor :max_version
+
     # Sets the verify callback for the server certification verification.
     attr_accessor :verify_callback
 
Index: test/net/http/test_https.rb
===================================================================
--- test/net/http/test_https.rb	(revision 60310)
+++ test/net/http/test_https.rb	(revision 60311)
@@ -191,4 +191,32 @@ class TestNetHTTPS < Test::Unit::TestCas https://github.com/ruby/ruby/blob/trunk/test/net/http/test_https.rb#L191
       assert th.join(10), bug4246
     }
   end
+
+  def test_min_version
+    http = Net::HTTP.new("127.0.0.1", config("port"))
+    http.use_ssl = true
+    http.min_version = :TLSv1
+    http.verify_callback = Proc.new do |preverify_ok, store_ctx|
+      true
+    end
+    ex = assert_raise(OpenSSL::SSL::SSLError){
+      http.request_get("/") {|res| }
+    }
+    assert_match(/hostname \"127.0.0.1\" does not match/, ex.message)
+  end
+
+  def test_max_version
+    http = Net::HTTP.new("127.0.0.1", config("port"))
+    http.use_ssl = true
+    http.max_version = :SSLv2
+    http.verify_callback = Proc.new do |preverify_ok, store_ctx|
+      true
+    end
+    @log_tester = lambda {|log| assert_match(/SSLv3 read client hello/, log[0] ) }
+    ex = assert_raise(OpenSSL::SSL::SSLError){
+      http.request_get("/") {|res| }
+    }
+    assert_match(/no protocols available/, ex.message)
+  end
+
 end if defined?(OpenSSL::SSL)

--
ML: ruby-changes@q...
Info: http://www.atdot.net/~ko1/quickml/

[前][次][番号順一覧][スレッド一覧]