lib/faye/websocket/ssl_verifier.rb in faye-websocket-0.11.1 vs lib/faye/websocket/ssl_verifier.rb in faye-websocket-0.11.2
- old
+ new
@@ -40,23 +40,26 @@
def ssl_verify_peer(cert_text)
return true unless should_verify?
certificate = parse_cert(cert_text)
- return false unless certificate
-
- unless @cert_store.verify(certificate)
- raise SSLError, "Unable to verify the server certificate for '#{ @hostname }'"
+ unless certificate
+ raise SSLError, "Unable to parse SSL certificate for '#{ @hostname }'"
end
- store_cert(certificate)
@last_cert = certificate
+ @last_cert_verified = @cert_store.verify(certificate)
+ store_cert(certificate) if @last_cert_verified
true
end
def ssl_handshake_completed
return unless should_verify?
+
+ unless @last_cert_verified
+ raise SSLError, "Unable to verify the server certificate for '#{ @hostname }'"
+ end
unless identity_verified?
raise SSLError, "Host '#{ @hostname }' does not match the server certificate"
end
end