Skip to content

Fix SSL config bugs#4

Open
op-ct wants to merge 3 commits into
crayfishx:masterfrom
op-ct:patch-1
Open

Fix SSL config bugs#4
op-ct wants to merge 3 commits into
crayfishx:masterfrom
op-ct:patch-1

Conversation

@op-ct
Copy link
Copy Markdown

@op-ct op-ct commented Jan 11, 2019
edited
Loading

This patch fixes some problems with the SSL-related @config logic:

  • The :ssl_key and :ssl_cert options were swapped in @http.
  • OpenSSL::X509::Certificate.new only read the first certificate in
    its String. This caused problems in cases where :ssl_verify is true
    and the :ssl_ca_cert file contains multiple CA certificates.
  • It was impossible to specify :ssl_ca_cert without also providing
    :ssl_cert and :ssl_key (which aren't always needed).

op-ct added 2 commits January 11, 2019 09:31
@op-ct
Unswap :ssl_key and :ssl_cert @config options
05d285c
@op-ct
Set @http.ca_file=
8495bc1 
`@http.ca_file=` must be set when `@http.verify_mode` is set to
`OpenSSL::SSL::VERIFY_PEER`, otherwise the connection will fail with:

```
SSL_connect returned=1 errno=0 state=error: certificate verify failed
```
@op-ct op-ct changed the title Unswap :ssl_key and :ssl_cert config options Fix SSL config bugs Jan 11, 2019
@op-ct
Separated :ssl_cert and :ssl_ca_cert conditionals
888e5b6 
Now we can specify `:ssl_ca_cert` without needing a `:ssl_cert` and `:ssl_key`
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@op-ct