Hello community, here is the log from the commit of package rubygem-httpclient for openSUSE:Factory checked in at 2016-08-25 09:54:59 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/rubygem-httpclient (Old) and /work/SRC/openSUSE:Factory/.rubygem-httpclient.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "rubygem-httpclient" Changes: -------- --- /work/SRC/openSUSE:Factory/rubygem-httpclient/rubygem-httpclient.changes 2016-05-29 03:13:19.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.rubygem-httpclient.new/rubygem-httpclient.changes 2016-08-25 09:55:02.000000000 +0200 @@ -1,0 +2,6 @@ +Mon Aug 8 04:38:16 UTC 2016 - co...@suse.com + +- updated to version 2.8.1 + no changelog found + +------------------------------------------------------------------- Old: ---- httpclient-2.8.0.gem New: ---- httpclient-2.8.1.gem ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ rubygem-httpclient.spec ++++++ --- /var/tmp/diff_new_pack.FfPROd/_old 2016-08-25 09:55:03.000000000 +0200 +++ /var/tmp/diff_new_pack.FfPROd/_new 2016-08-25 09:55:03.000000000 +0200 @@ -24,7 +24,7 @@ # Name: rubygem-httpclient -Version: 2.8.0 +Version: 2.8.1 Release: 0 %define mod_name httpclient %define mod_full_name %{mod_name}-%{version} ++++++ httpclient-2.8.0.gem -> httpclient-2.8.1.gem ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/bin/httpclient new/bin/httpclient --- old/bin/httpclient 2016-04-24 08:08:06.000000000 +0200 +++ new/bin/httpclient 2016-08-07 09:30:27.000000000 +0200 @@ -20,6 +20,7 @@ url = ARGV.shift if method && url client = HTTPClient.new + client.strict_response_size_check = true if method == 'download' print client.get_content(url) else @@ -37,6 +38,7 @@ class Runner def initialize @httpclient = HTTPClient.new + @httpclient.strict_response_size_check = true end def method_missing(msg, *a, &b) Files old/checksums.yaml.gz and new/checksums.yaml.gz differ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/httpclient/http.rb new/lib/httpclient/http.rb --- old/lib/httpclient/http.rb 2016-04-24 08:08:06.000000000 +0200 +++ new/lib/httpclient/http.rb 2016-08-07 09:30:27.000000000 +0200 @@ -700,8 +700,9 @@ def params_from_file(value) params = {} + original_filename = value.respond_to?(:original_filename) ? value.original_filename : nil path = value.respond_to?(:path) ? value.path : nil - params['filename'] = File.basename(path || '') + params['filename'] = original_filename || File.basename(path || '') # Creation time is not available from File::Stat if value.respond_to?(:mtime) params['modification-date'] = value.mtime.rfc822 @@ -808,6 +809,8 @@ case path when /\.txt$/i 'text/plain' + when /\.xml$/i + 'text/xml' when /\.(htm|html)$/i 'text/html' when /\.doc$/i diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/httpclient/jruby_ssl_socket.rb new/lib/httpclient/jruby_ssl_socket.rb --- old/lib/httpclient/jruby_ssl_socket.rb 2016-04-24 08:08:06.000000000 +0200 +++ new/lib/httpclient/jruby_ssl_socket.rb 2016-08-07 09:30:27.000000000 +0200 @@ -289,11 +289,11 @@ @keystore.load(nil) end - def add(cert_file, key_file, password) - cert_str = cert_file.respond_to?(:to_pem) ? cert_file.to_pem : File.read(cert_file.to_s) + def add(cert_source, key_source, password) + cert_str = cert_source.respond_to?(:to_pem) ? cert_source.to_pem : File.read(cert_source.to_s) cert = PEMUtils.read_certificate(cert_str) @keystore.setCertificateEntry('client_cert', cert) - key_str = key_file.respond_to?(:to_pem) ? key_file.to_pem : File.read(key_file.to_s) + key_str = key_source.respond_to?(:to_pem) ? key_source.to_pem : File.read(key_source.to_s) key_pair = PEMUtils.read_private_key(key_str, password) @keystore.setKeyEntry('client_key', key_pair.getPrivate, PASSWORD, [cert].to_java(Certificate)) end @@ -312,20 +312,21 @@ @size = 0 end - def add(file_or_dir) - return if file_or_dir == :default - if File.directory?(file_or_dir) - warn("#{file_or_dir}: directory not yet supported") + def add(cert_source) + return if cert_source == :default + if cert_source.respond_to?(:to_pem) + pem = cert_source.to_pem + elsif File.directory?(cert_source) + warn("#{cert_source}: directory not yet supported") + return else pem = nil - File.read(file_or_dir).each_line do |line| + File.read(cert_source).each_line do |line| case line when /-----BEGIN CERTIFICATE-----/ pem = '' when /-----END CERTIFICATE-----/ - cert = PEMUtils.read_certificate(pem) - @size += 1 - @trust_store.setCertificateEntry("cert_#{@size}", cert) + break else if pem pem << line @@ -333,6 +334,9 @@ end end end + cert = PEMUtils.read_certificate(pem) + @size += 1 + @trust_store.setCertificateEntry("cert_#{@size}", cert) end def trust_store @@ -442,12 +446,12 @@ new(socket, session.dest, session.ssl_config, session.debug_dev) end - DEFAULT_SSL_PROTOCOL = 'TLS' + DEFAULT_SSL_PROTOCOL = (java.lang.System.getProperty('java.specification.version') == '1.7') ? 'TLSv1.2' : 'TLS' def initialize(socket, dest, config, debug_dev = nil) if config.ssl_version == :auto ssl_version = DEFAULT_SSL_PROTOCOL else - ssl_version = config.ssl_version.to_s.gsub(/_/, '.') + ssl_version = config.ssl_version.to_s.tr('_', '.') end unless config.cert_store_crl_items.empty? raise NotImplementedError.new('Manual CRL configuration is not yet supported') @@ -464,7 +468,7 @@ trust_store = nil verify_callback = config.verify_callback || config.method(:default_verify_callback) - if config.verify_mode == nil + if !config.verify? tmf = VerifyNoneTrustManagerFactory.new(verify_callback) else tmf = SystemTrustManagerFactory.new(verify_callback) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/httpclient/session.rb new/lib/httpclient/session.rb --- old/lib/httpclient/session.rb 2016-04-24 08:08:06.000000000 +0200 +++ new/lib/httpclient/session.rb 2016-08-07 09:30:27.000000000 +0200 @@ -115,6 +115,9 @@ attr_accessor :read_block_size attr_accessor :protocol_retry_count + # Raise BadResponseError if response size does not match with Content-Length header in response. + attr_accessor :strict_response_size_check + # Local address to bind local side of the socket to attr_accessor :socket_local @@ -148,6 +151,7 @@ @test_loopback_http_response = [] @transparent_gzip_decompression = false + @strict_response_size_check = false @socket_local = Site.new @sess_pool = {} @@ -221,6 +225,7 @@ sess.protocol_retry_count = @protocol_retry_count sess.ssl_config = @ssl_config sess.debug_dev = @debug_dev + sess.strict_response_size_check = @strict_response_size_check sess.socket_local = @socket_local sess.test_loopback_http_response = @test_loopback_http_response sess.transparent_gzip_decompression = @transparent_gzip_decompression @@ -444,6 +449,7 @@ attr_accessor :read_block_size attr_accessor :protocol_retry_count + attr_accessor :strict_response_size_check attr_accessor :socket_local attr_accessor :ssl_config @@ -473,6 +479,7 @@ @ssl_peer_cert = nil @test_loopback_http_response = nil + @strict_response_size_check = false @socket_local = Site::EMPTY @agent_name = agent_name @@ -871,6 +878,9 @@ rescue EOFError close buf = nil + if @strict_response_size_check + raise BadResponseError.new("EOF while reading rest #{@content_length} bytes") + end end end if buf && buf.bytesize > 0 @@ -887,18 +897,18 @@ def read_body_chunked(&block) buf = empty_bin_str while true - len = @socket.gets(RS) - if len.nil? # EOF - close - return - end - @chunk_length = len.hex - if @chunk_length == 0 - @content_length = 0 - @socket.gets(RS) - return - end ::Timeout.timeout(@receive_timeout, ReceiveTimeoutError) do + len = @socket.gets(RS) + if len.nil? # EOF + close + return + end + @chunk_length = len.hex + if @chunk_length == 0 + @content_length = 0 + @socket.gets(RS) + return + end @socket.read(@chunk_length, buf) @socket.read(2) end @@ -920,6 +930,9 @@ @socket.readpartial(@read_block_size, buf) rescue EOFError buf = nil + if @strict_response_size_check + raise BadResponseError.new("EOF while reading chunked response") + end end end if buf && buf.bytesize > 0 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/httpclient/ssl_config.rb new/lib/httpclient/ssl_config.rb --- old/lib/httpclient/ssl_config.rb 2016-04-24 08:08:06.000000000 +0200 +++ new/lib/httpclient/ssl_config.rb 2016-08-07 09:30:27.000000000 +0200 @@ -36,7 +36,30 @@ # then add_trust_ca for that purpose. class SSLConfig include HTTPClient::Util - include OpenSSL if SSLEnabled + if SSLEnabled + include OpenSSL + + module ::OpenSSL + module X509 + class Store + attr_reader :_httpclient_cert_store_items + + def initialize(*a, &b) + super(*a, &b) + @_httpclient_cert_store_items = [ENV['SSL_CERT_FILE'] || :default] + end + + [:add_cert, :add_file, :add_path].each do |m| + wrapped = instance_method(m) + define_method(m) do |cert| + wrapped.bind(self).call(cert) + @_httpclient_cert_store_items << cert + end + end + end + end + end + end CIPHERS_DEFAULT = "ALL:!aNULL:!eNULL:!SSLv2" # OpenSSL >1.0.0 default @@ -89,7 +112,7 @@ attr_reader :client_ca # :nodoc: # These array keeps original files/dirs that was added to @cert_store - attr_reader :cert_store_items + def cert_store_items; @cert_store._httpclient_cert_store_items; end attr_reader :cert_store_crl_items # Creates a SSLConfig. @@ -97,7 +120,6 @@ return unless SSLEnabled @client = client @cert_store = X509::Store.new - @cert_store_items = [:default] @cert_store_crl_items = [] @client_cert = @client_key = @client_ca = nil @verify_mode = SSL::VERIFY_PEER | SSL::VERIFY_FAIL_IF_NO_PEER_CERT @@ -170,7 +192,6 @@ @cacerts_loaded = true # avoid lazy override @cert_store = X509::Store.new @cert_store.set_default_paths - @cert_store_items = [ENV['SSL_CERT_FILE'] || :default] change_notify end @@ -181,7 +202,7 @@ def clear_cert_store @cacerts_loaded = true # avoid lazy override @cert_store = X509::Store.new - @cert_store_items.clear + @cert_store._httpclient_cert_store_items.clear change_notify end @@ -192,7 +213,6 @@ def cert_store=(cert_store) @cacerts_loaded = true # avoid lazy override @cert_store = cert_store - @cert_store_items.clear change_notify end @@ -209,7 +229,6 @@ end @cacerts_loaded = true # avoid lazy override add_trust_ca_to_store(@cert_store, trust_ca_file_or_hashed_dir) - @cert_store_items << trust_ca_file_or_hashed_dir change_notify end alias set_trust_ca add_trust_ca @@ -308,6 +327,10 @@ change_notify end + def verify? + @verify_mode && (@verify_mode & OpenSSL::SSL::VERIFY_PEER != 0) + end + # interfaces for SSLSocket. def set_context(ctx) # :nodoc: load_trust_ca unless @cacerts_loaded @@ -445,11 +468,7 @@ def load_cacerts(cert_store) ver = OpenSSL::OPENSSL_VERSION file = File.join(File.dirname(__FILE__), 'cacert.pem') - unless defined?(JRuby) - # JRuby uses @cert_store_items - add_trust_ca_to_store(cert_store, file) - end - @cert_store_items << file + add_trust_ca_to_store(cert_store, file) end end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/httpclient/version.rb new/lib/httpclient/version.rb --- old/lib/httpclient/version.rb 2016-04-24 08:08:06.000000000 +0200 +++ new/lib/httpclient/version.rb 2016-08-07 09:30:27.000000000 +0200 @@ -1,3 +1,3 @@ class HTTPClient - VERSION = '2.8.0' + VERSION = '2.8.1' end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/httpclient/webagent-cookie.rb new/lib/httpclient/webagent-cookie.rb --- old/lib/httpclient/webagent-cookie.rb 2016-04-24 08:08:06.000000000 +0200 +++ new/lib/httpclient/webagent-cookie.rb 2016-08-07 09:30:27.000000000 +0200 @@ -342,7 +342,7 @@ cookie.domain_orig = given.domain cookie.path_orig = given.path - if cookie.discard? || cookie.expires == nil + if cookie.discard? || cookie.expires.nil? cookie.discard = true else cookie.discard = false diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/httpclient.rb new/lib/httpclient.rb --- old/lib/httpclient.rb 2016-04-24 08:08:06.000000000 +0200 +++ new/lib/httpclient.rb 2016-08-07 09:30:27.000000000 +0200 @@ -309,7 +309,6 @@ if assignable aname = name + '=' define_method(aname) { |rhs| - reset_all @session_manager.__send__(aname, rhs) } end @@ -365,6 +364,9 @@ attr_proxy(:test_loopback_http_response) # Decompress a compressed (with gzip or deflate) content body transparently. false by default. attr_proxy(:transparent_gzip_decompression, true) + # Raise BadResponseError if response size does not match with Content-Length header in response. false by default. + # TODO: enable by default + attr_proxy(:strict_response_size_check, true) # Local socket address. Set HTTPClient#socket_local.host and HTTPClient#socket_local.port to specify local binding hostname and port of TCP socket. attr_proxy(:socket_local, true) @@ -844,13 +846,7 @@ end uri = to_resource_url(uri) if block - if block.arity == 1 - filtered_block = proc { |res, str| - block.call(str) - } - else - filtered_block = block - end + filtered_block = adapt_block(&block) end if follow_redirect follow_redirect(method, uri, query, body, header, &block) @@ -1082,11 +1078,17 @@ ENV[name.downcase] || ENV[name.upcase] end + def adapt_block(&block) + return block if block.arity == 2 + proc { |r, str| block.call(str) } + end + def follow_redirect(method, uri, query, body, header, &block) uri = to_resource_url(uri) if block + b = adapt_block(&block) filtered_block = proc { |r, str| - block.call(str) if r.ok? + b.call(r, str) if r.ok? } end if HTTP::Message.file?(body) @@ -1270,6 +1272,7 @@ return end piper, pipew = IO.pipe + pipew.binmode res = HTTP::Message.new_response(piper, req.header) @debug_dev << "= Request\n\n" if @debug_dev sess = @session_manager.query(req, proxy) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/oauthclient.rb new/lib/oauthclient.rb --- old/lib/oauthclient.rb 2016-04-24 08:08:06.000000000 +0200 +++ new/lib/oauthclient.rb 2016-08-07 09:30:27.000000000 +0200 @@ -33,6 +33,7 @@ @oauth_config = HTTPClient::OAuth::Config.new self.www_auth.oauth.set_config(nil, @oauth_config) self.www_auth.oauth.challenge(nil) + self.strict_response_size_check = true end # Get request token. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/metadata new/metadata --- old/metadata 2016-04-24 08:08:06.000000000 +0200 +++ new/metadata 2016-08-07 09:30:27.000000000 +0200 @@ -1,14 +1,14 @@ --- !ruby/object:Gem::Specification name: httpclient version: !ruby/object:Gem::Version - version: 2.8.0 + version: 2.8.1 platform: ruby authors: - Hiroshi Nakamura autorequire: bindir: bin cert_chain: [] -date: 2016-04-24 00:00:00.000000000 Z +date: 2016-08-07 00:00:00.000000000 Z dependencies: [] description: email: n...@ruby-lang.org @@ -103,7 +103,7 @@ version: '0' requirements: [] rubyforge_project: -rubygems_version: 2.5.1 +rubygems_version: 2.4.5.1 signing_key: specification_version: 4 summary: gives something like the functionality of libwww-perl (LWP) in Ruby diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/test/test_auth.rb new/test/test_auth.rb --- old/test/test_auth.rb 2016-04-24 08:08:06.000000000 +0200 +++ new/test/test_auth.rb 2016-08-07 09:30:27.000000000 +0200 @@ -2,7 +2,6 @@ require 'digest/md5' require 'rack' require 'rack/lint' -require 'rack/showexceptions' require 'rack-ntlm' class TestAuth < Test::Unit::TestCase diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/test/test_http-access2.rb new/test/test_http-access2.rb --- old/test/test_http-access2.rb 2016-04-24 08:08:06.000000000 +0200 +++ new/test/test_http-access2.rb 2016-08-07 09:30:27.000000000 +0200 @@ -347,11 +347,13 @@ def test_receive_timeout # this test takes 2 sec assert_equal('hello', @client.get_content(serverurl + 'sleep?sec=2')) + @client.reset_all @client.receive_timeout = 1 assert_equal('hello', @client.get_content(serverurl + 'sleep?sec=0')) assert_raise(HTTPClient::ReceiveTimeoutError) do @client.get_content(serverurl + 'sleep?sec=2') end + @client.reset_all @client.receive_timeout = 3 assert_equal('hello', @client.get_content(serverurl + 'sleep?sec=2')) end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/test/test_httpclient.rb new/test/test_httpclient.rb --- old/test/test_httpclient.rb 2016-04-24 08:08:06.000000000 +0200 +++ new/test/test_httpclient.rb 2016-08-07 09:30:27.000000000 +0200 @@ -609,10 +609,12 @@ assert_not_equal('hello', content) assert_equal(GZIP_CONTENT, content) @client.transparent_gzip_decompression = true + @client.reset_all assert_equal('hello', @client.get_content(serverurl + 'compressed?enc=gzip')) assert_equal('hello', @client.get_content(serverurl + 'compressed?enc=deflate')) assert_equal('hello', @client.get_content(serverurl + 'compressed?enc=deflate_noheader')) @client.transparent_gzip_decompression = false + @client.reset_all end def test_get_content_with_block @@ -765,6 +767,22 @@ assert_equal(1000*1000, res.content.read.length) end + if RUBY_VERSION > "1.9" + def test_post_async_with_default_internal + original_encoding = Encoding.default_internal + Encoding.default_internal = Encoding::UTF_8 + begin + post_body = StringIO.new("こんにちは") + conn = @client.post_async(serverurl + 'servlet', post_body) + Thread.pass while !conn.finished? + res = conn.pop + assert_equal 'post,こんにちは', res.content.read + ensure + Encoding.default_internal = original_encoding + end + end + end + def test_get_with_block called = false res = @client.get(serverurl + 'servlet') { |str| @@ -788,6 +806,29 @@ assert_nil(res.content) end + def test_get_with_block_and_redirects + called = false + res = @client.get(serverurl + 'servlet', :follow_redirect => true) { |str| + assert_equal('get', str) + called = true + } + assert(called) + # res does not have a content + assert_nil(res.content) + end + + def test_get_with_block_arity_2_and_redirects + called = false + res = @client.get(serverurl + 'servlet', :follow_redirect => true) { |blk_res, str| + assert_equal(200, blk_res.status) + assert_equal('get', str) + called = true + } + assert(called) + # res does not have a content + assert_nil(res.content) + end + def test_get_with_block_string_recycle @client.read_block_size = 2 body = [] @@ -1032,6 +1073,10 @@ def test_post_with_custom_multipart_and_file STDOUT.sync = true File.open(__FILE__) do |file| + def file.original_filename + 'file.txt' + end + ext = { 'Content-Type' => 'multipart/alternative' } body = [{ 'Content-Type' => 'text/plain', :content => "this is only a test" }, { 'Content-Type' => 'application/x-ruby', :content => file }] @@ -1039,6 +1084,7 @@ assert_match(/^Content-Type: text\/plain\r\n/m, res.content) assert_match(/^this is only a test\r\n/m, res.content) assert_match(/^Content-Type: application\/x-ruby\r\n/m, res.content) + assert_match(/Content-Disposition: form-data; name="3"; filename="file.txt"/, res.content) assert_match(/FIND_TAG_IN_THIS_FILE/, res.content) end end @@ -1311,11 +1357,13 @@ # this test takes 2 sec assert_equal('hello?sec=2', @client.get_content(serverurl + 'sleep?sec=2')) @client.receive_timeout = 1 + @client.reset_all assert_equal('hello?sec=0', @client.get_content(serverurl + 'sleep?sec=0')) assert_raise(HTTPClient::ReceiveTimeoutError) do @client.get_content(serverurl + 'sleep?sec=2') end @client.receive_timeout = 3 + @client.reset_all assert_equal('hello?sec=2', @client.get_content(serverurl + 'sleep?sec=2')) end @@ -1323,11 +1371,13 @@ # this test takes 2 sec assert_equal('hello', @client.post(serverurl + 'sleep', :sec => 2).content) @client.receive_timeout = 1 + @client.reset_all assert_equal('hello', @client.post(serverurl + 'sleep', :sec => 0).content) assert_raise(HTTPClient::ReceiveTimeoutError) do @client.post(serverurl + 'sleep', :sec => 2) end @client.receive_timeout = 3 + @client.reset_all assert_equal('hello', @client.post(serverurl + 'sleep', :sec => 2).content) end @@ -1486,6 +1536,7 @@ assert_equal('text/plain', HTTP::Message.mime_type('foo.txt')) assert_equal('text/html', HTTP::Message.mime_type('foo.html')) assert_equal('text/html', HTTP::Message.mime_type('foo.htm')) + assert_equal('text/xml', HTTP::Message.mime_type('foo.xml')) assert_equal('application/msword', HTTP::Message.mime_type('foo.doc')) assert_equal('image/png', HTTP::Message.mime_type('foo.png')) assert_equal('image/gif', HTTP::Message.mime_type('foo.gif')) @@ -1779,6 +1830,19 @@ end end + def test_strict_response_size_check + @client.strict_response_size_check = false + @client.test_loopback_http_response << "HTTP/1.0 200 OK\r\nContent-Length: 12345\r\n\r\nhello world" + assert_equal('hello world', @client.get_content('http://dummy')) + + @client.reset_all + @client.strict_response_size_check = true + @client.test_loopback_http_response << "HTTP/1.0 200 OK\r\nContent-Length: 12345\r\n\r\nhello world" + assert_raise(HTTPClient::BadResponseError) do + @client.get_content('http://dummy') + end + end + def test_socket_local @client.socket_local.host = '127.0.0.1' assert_equal('hello', @client.get_content(serverurl + 'hello')) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/test/test_ssl.rb new/test/test_ssl.rb --- old/test/test_ssl.rb 2016-04-24 08:08:06.000000000 +0200 +++ new/test/test_ssl.rb 2016-08-07 09:30:27.000000000 +0200 @@ -149,6 +149,22 @@ # cfg.verify_mode = nil assert_equal("hello", @client.get_content(@url)) + cfg.verify_mode = OpenSSL::SSL::VERIFY_NONE + assert_equal("hello", @client.get_content(@url)) + end + + def test_cert_store + cfg = @client.ssl_config + cfg.cert_store.add_cert(cert('ca.cert')) + begin + @client.get(@url) + assert(false) + rescue OpenSSL::SSL::SSLError => ssle + assert_match(/(certificate verify failed|unable to find valid certification path to requested target)/, ssle.message) + end + # + cfg.cert_store.add_cert(cert('subca.cert')) + assert_equal("hello", @client.get_content(@url)) end if defined?(HTTPClient::JRubySSLSocket) @@ -237,7 +253,7 @@ def test_use_higher_TLS omit('TODO: it does not pass with Java 7 or old openssl ') teardown_server - setup_server_with_ssl_version(:TLSv1_2) + setup_server_with_ssl_version('TLSv1_2') assert_nothing_raised do @client.ssl_config.verify_mode = nil @client.get("https://localhost:#{serverport}/hello") @@ -288,6 +304,10 @@ end def setup_server_with_ssl_version(ssl_version) + # JRubyOpenSSL does not support "TLSv1_2" as an known version, and some JCE provides TLS v1.2 as "TLSv1.2" not "TLSv1_2" + if RUBY_ENGINE == 'jruby' && ['TLSv1_1', 'TLSv1_2'].include?(ssl_version) + ssl_version = ssl_version.tr('_', '.') + end logger = Logger.new(STDERR) logger.level = Logger::Severity::FATAL # avoid logging SSLError (ERROR level) @server = WEBrick::HTTPServer.new(