Contents

# frozen_string_literal: true

require 'openssl'
require 'em-http'

# EventMachine patch to make SSL work.
module EmHttpSslPatch
  def ssl_verify_peer(cert_string)
    begin
      @last_seen_cert = OpenSSL::X509::Certificate.new(cert_string)
    rescue OpenSSL::X509::CertificateError
      return false
    end

    unless certificate_store.verify(@last_seen_cert)
      raise OpenSSL::SSL::SSLError,
            %(unable to verify the server certificate for "#{host}")
    end

    begin
      certificate_store.add_cert(@last_seen_cert)
    rescue OpenSSL::X509::StoreError => e
      raise e unless e.message == 'cert already in hash table'
    end
    true
  end

  def ssl_handshake_completed
    return true unless verify_peer?

    unless verified_cert_identity?
      raise OpenSSL::SSL::SSLError,
            %(host "#{host}" does not match the server certificate)
    end

    true
  end

  def verify_peer?
    parent.connopts.tls[:verify_peer]
  end

  def verified_cert_identity?
    OpenSSL::SSL.verify_certificate_identity(@last_seen_cert, host)
  end

  def host
    parent.uri.host
  end

  def certificate_store
    @certificate_store ||= begin
      store = OpenSSL::X509::Store.new
      store.set_default_paths
      ca_file = parent.connopts.tls[:cert_chain_file]
      store.add_file(ca_file) if ca_file
      store
    end
  end
end

EventMachine::HttpStubConnection.include(EmHttpSslPatch)

Version data entries

62 entries across 50 versions & 16 rubygems

Version	Path
tdiary-5.1.1	vendor/bundle/ruby/2.7.0/gems/faraday-1.0.0/lib/faraday/adapter/em_http_ssl_patch.rb
faraday-1.0.0	lib/faraday/adapter/em_http_ssl_patch.rb