lib/onering/api.rb in onering-client-0.1.1 vs lib/onering/api.rb in onering-client-0.1.2

- old
+ new

@@ -1,18 +1,6 @@ require 'openssl' - -# This is perhaps the saddest thing I have ever written... -# -# Don't cry for me...I'm already dead. -# -module OpenSSL - module SSL - remove_const :VERIFY_PEER - VERIFY_PEER = VERIFY_NONE - end -end - require 'yaml' require 'hashlib' require 'deep_merge' require 'addressable/uri' require 'httparty' @@ -56,42 +44,62 @@ @_connection_options = options # load and merge all config file sources Onering::Config.load(@_connection_options[:configfile], @_connection_options.get(:config, {})) - # source interface specified - # !! HAX !! HAX !! HAX !! HAX !! HAX !! HAX !! HAX !! HAX !! HAX !! HAX !! - # Due to certain versions of Ruby's Net::HTTP not allowing you explicitly - # specify the source IP/interface to use, this horrific monkey patch is - # necessary, if not right. - # - # If at least some of your code doesn't make you feel bottomless shame - # then you aren't coding hard enough. - # - if options.get('config.source').is_a?(String) - if options.get('config.source') =~ /^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$/ - # insert firing pin into the hack - TCPSocket.instance_eval do - (class << self; self; end).instance_eval do - alias_method :_stock_open, :open - attr_writer :_hack_local_ip + if options.get('config.nosslverify', false) == true + # deliberately break SSL verification + Onering::Logger.warn("Disabling SSL peer verification for #{options.get('config.url')}") + OpenSSL::SSL.send(:const_set, :OLD_VERIFY_PEER, OpenSSL::SSL::VERIFY_PEER) + OpenSSL::SSL.send(:remove_const, :VERIFY_PEER) + OpenSSL::SSL.send(:const_set, :VERIFY_PEER, OpenSSL::SSL::VERIFY_NONE) + else + # restore SSL verification if it's currently broken + if defined?(OpenSSL::SSL::OLD_VERIFY_PEER) + if OpenSSL::SSL::VERIFY_PEER == OpenSSL::SSL::VERIFY_NONE and OpenSSL::SSL::OLD_VERIFY_PEER != OpenSSL::SSL::VERIFY_NONE + OpenSSL::SSL.send(:remove_const, :VERIFY_PEER) + OpenSSL::SSL.send(:const_set, :VERIFY_PEER, OpenSSL::SSL::OLD_VERIFY_PEER) + end + end + end - define_method(:open) do |conn_address, conn_port| - _stock_open(conn_address, conn_port, @_hack_local_ip) + if OpenSSL::SSL::VERIFY_PEER == OpenSSL::SSL::VERIFY_NONE + Onering::Logger.warn("Disabling SSL peer verification for #{options.get('config.url')}") + end + + # source interface specified + # !! HAX !! HAX !! HAX !! HAX !! HAX !! HAX !! HAX !! HAX !! HAX !! HAX !! + # Due to certain versions of Ruby's Net::HTTP not allowing you explicitly + # specify the source IP/interface to use, this horrific monkey patch is + # necessary, if not right. + # + # If at least some of your code doesn't make you feel bottomless shame + # then you aren't coding hard enough. + # + if options.get('config.source').is_a?(String) + if options.get('config.source') =~ /^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$/ + # insert firing pin into the hack + TCPSocket.instance_eval do + (class << self; self; end).instance_eval do + alias_method :_stock_open, :open + attr_writer :_hack_local_ip + + define_method(:open) do |conn_address, conn_port| + _stock_open(conn_address, conn_port, @_hack_local_ip) + end end end - end - # arm the hack - TCPSocket._hack_local_ip = options.get('config.source') + # arm the hack + TCPSocket._hack_local_ip = options.get('config.source') - # sound the siren - Onering::Logger.info("Using local interface #{options.get('config.source')} to connect", "Onering::API") + # sound the siren + Onering::Logger.info("Using local interface #{options.get('config.source')} to connect", "Onering::API") - else - raise "Invalid source IP address #{options.get('config.source')}" + else + raise "Invalid source IP address #{options.get('config.source')}" + end end - end # set API connectivity details Onering::API.base_uri(options.get('config.url', Onering::Config.get(:url, DEFAULT_BASE))) Onering::Logger.info("Server URL is #{Onering::API.base_uri}", "Onering::API")