ruby-changes:48197
From: naruse <ko1@a...>
Date: Sun, 22 Oct 2017 01:25:26 +0900 (JST)
Subject: [ruby-changes:48197] naruse:r60311 (trunk): Introduce Net::HTTP#min_version/max_version [Feature #9450]
naruse 2017-10-22 01:25:22 +0900 (Sun, 22 Oct 2017) New Revision: 60311 https://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=60311 Log: Introduce Net::HTTP#min_version/max_version [Feature #9450] Set SSL minimum/maximum version. Modified files: trunk/NEWS trunk/lib/net/http.rb trunk/test/net/http/test_https.rb Index: NEWS =================================================================== --- NEWS (revision 60310) +++ NEWS (revision 60311) @@ -74,6 +74,7 @@ with all sufficient information, see the https://github.com/ruby/ruby/blob/trunk/NEWS#L74 * Net::HTTP * Net::HTTP.new supports no_proxy parameter [Feature #11195] + * Net::HTTP#min_version/max_version [Feature #9450] * Numeric Index: lib/net/http.rb =================================================================== --- lib/net/http.rb (revision 60310) +++ lib/net/http.rb (revision 60311) @@ -816,6 +816,8 @@ module Net #:nodoc: https://github.com/ruby/ruby/blob/trunk/lib/net/http.rb#L816 :@key, :@ssl_timeout, :@ssl_version, + :@min_version, + :@max_version, :@verify_callback, :@verify_depth, :@verify_mode, @@ -829,6 +831,8 @@ module Net #:nodoc: https://github.com/ruby/ruby/blob/trunk/lib/net/http.rb#L831 :key, :ssl_timeout, :ssl_version, + :min_version, + :max_version, :verify_callback, :verify_depth, :verify_mode, @@ -863,6 +867,12 @@ module Net #:nodoc: https://github.com/ruby/ruby/blob/trunk/lib/net/http.rb#L867 # Sets the SSL version. See OpenSSL::SSL::SSLContext#ssl_version= attr_accessor :ssl_version + # Sets the minimum SSL version. See OpenSSL::SSL::SSLContext#min_version= + attr_accessor :min_version + + # Sets the maximum SSL version. See OpenSSL::SSL::SSLContext#max_version= + attr_accessor :max_version + # Sets the verify callback for the server certification verification. attr_accessor :verify_callback Index: test/net/http/test_https.rb =================================================================== --- test/net/http/test_https.rb (revision 60310) +++ test/net/http/test_https.rb (revision 60311) @@ -191,4 +191,32 @@ class TestNetHTTPS < Test::Unit::TestCas https://github.com/ruby/ruby/blob/trunk/test/net/http/test_https.rb#L191 assert th.join(10), bug4246 } end + + def test_min_version + http = Net::HTTP.new("127.0.0.1", config("port")) + http.use_ssl = true + http.min_version = :TLSv1 + http.verify_callback = Proc.new do |preverify_ok, store_ctx| + true + end + ex = assert_raise(OpenSSL::SSL::SSLError){ + http.request_get("/") {|res| } + } + assert_match(/hostname \"127.0.0.1\" does not match/, ex.message) + end + + def test_max_version + http = Net::HTTP.new("127.0.0.1", config("port")) + http.use_ssl = true + http.max_version = :SSLv2 + http.verify_callback = Proc.new do |preverify_ok, store_ctx| + true + end + @log_tester = lambda {|log| assert_match(/SSLv3 read client hello/, log[0] ) } + ex = assert_raise(OpenSSL::SSL::SSLError){ + http.request_get("/") {|res| } + } + assert_match(/no protocols available/, ex.message) + end + end if defined?(OpenSSL::SSL) -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/