1berry/ruby
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

* lib/net/imap.rb, lib/net/smtp.rb, lib/net/pop.rb: hostname should

Browse Source 
be verified against server's indentity as persented in the server's
  certificate. [ruby-dev:31960]

* ext/openssl/lib/net/telnets.rb, ext/openssl/lib/net/ftptls.rb: ditto.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@13656 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This commit is contained in:
gotoyuzo 2007-10-08 11:14:41 +00:00
parent 3465feb90b
commit 3ecc791ddc
6 changed files with 50 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
ChangeLog
View File

@ -1,3 +1,11 @@
Mon Oct 8 20:06:29 2007 GOTOU Yuuzou <gotoyuzo@notwork.org>
* lib/net/imap.rb, lib/net/smtp.rb, lib/net/pop.rb: hostname should
be verified against server's indentity as persented in the server's
certificate. [ruby-dev:31960]
* ext/openssl/lib/net/telnets.rb, ext/openssl/lib/net/ftptls.rb: ditto.
Sun Oct 7 22:37:47 2007 Kouhei Sutou <kou@cozmixng.org> Sun Oct 7 22:37:47 2007 Kouhei Sutou <kou@cozmixng.org>
* test/rss/test_taxonomy.rb, test/rss/test_parser_1.0.rb, * test/rss/test_taxonomy.rb, test/rss/test_parser_1.0.rb,

10
ext/openssl/lib/net/ftptls.rb
View File

@ -29,13 +29,23 @@ require 'net/ftp'
module Net module Net
class FTPTLS < FTP class FTPTLS < FTP
def connect(host, port=FTP_PORT)
@hostname = host
super
end
def login(user = "anonymous", passwd = nil, acct = nil) def login(user = "anonymous", passwd = nil, acct = nil)
store = OpenSSL::X509::Store.new
store.set_default_paths
ctx = OpenSSL::SSL::SSLContext.new('SSLv23') ctx = OpenSSL::SSL::SSLContext.new('SSLv23')
ctx.cert_store = store
ctx.verify_mode = OpenSSL::SSL::VERIFY_PEER
ctx.key = nil ctx.key = nil
ctx.cert = nil ctx.cert = nil
voidcmd("AUTH TLS") voidcmd("AUTH TLS")
@sock = OpenSSL::SSL::SSLSocket.new(@sock, ctx) @sock = OpenSSL::SSL::SSLSocket.new(@sock, ctx)
@sock.connect @sock.connect
@sock.post_connection_check(@hostname)
super(user, passwd, acct) super(user, passwd, acct)
voidcmd("PBSZ 0") voidcmd("PBSZ 0")
end end

3
ext/openssl/lib/net/telnets.rb
View File

@ -134,6 +134,9 @@ module Net
@sock.verify_callback = @options['VerifyCallback'] @sock.verify_callback = @options['VerifyCallback']
@sock.verify_depth = @options['VerifyDepth'] @sock.verify_depth = @options['VerifyDepth']
@sock.connect @sock.connect
if @options['VerifyMode'] != OpenSSL::SSL::VERIFY_NONE
@sock.post_connection_check(@options['Host'])
end
@ssl = true @ssl = true
end end
'' ''

48
lib/net/imap.rb
View File

@ -330,19 +330,10 @@ module Net
end end
# Sends a STARTTLS command to start TLS session. # Sends a STARTTLS command to start TLS session.
def starttls(ctx = nil) def starttls(certs = nil, verify = false)
if @sock.kind_of?(OpenSSL::SSL::SSLSocket)
raise RuntimeError, "already using SSL"
end
send_command("STARTTLS") do |resp| send_command("STARTTLS") do |resp|
if resp.kind_of?(TaggedResponse) && resp.name == "OK" if resp.kind_of?(TaggedResponse) && resp.name == "OK"
if ctx start_tls_session(certs, verify)
@sock = OpenSSL::SSL::SSLSocket.new(@sock, ctx)
else
@sock = OpenSSL::SSL::SSLSocket.new(@sock)
end
@sock.sync_close = true
@sock.connect
end end
end end
end end
@ -906,21 +897,8 @@ module Net
@parser = ResponseParser.new @parser = ResponseParser.new
@sock = TCPSocket.open(host, port) @sock = TCPSocket.open(host, port)
if usessl if usessl
unless defined?(OpenSSL) start_tls_session(certs, verify)
raise "SSL extension not installed"
end
@usessl = true @usessl = true
# verify the server.
context = SSLContext::new()
context.ca_file = certs if certs && FileTest::file?(certs)
context.ca_path = certs if certs && FileTest::directory?(certs)
context.verify_mode = VERIFY_PEER if verify
if defined?(VerifyCallbackProc)
context.verify_callback = VerifyCallbackProc
end
@sock = SSLSocket.new(@sock, context)
@sock.connect # start ssl session.
else else
@usessl = false @usessl = false
end end
@ -1229,6 +1207,26 @@ module Net
end end
end end
def start_tls_session(certs, verify)
unless defined?(OpenSSL)
raise "SSL extension not installed"
end
if @sock.kind_of?(OpenSSL::SSL::SSLSocket)
raise RuntimeError, "already using SSL"
end
context = SSLContext::new()
context.ca_file = certs if certs && FileTest::file?(certs)
context.ca_path = certs if certs && FileTest::directory?(certs)
context.verify_mode = VERIFY_PEER if verify
if defined?(VerifyCallbackProc)
context.verify_callback = VerifyCallbackProc
end
@sock = SSLSocket.new(@sock, context)
@sock.sync_close = true
@sock.connect
@sock.post_connection_check(@host) if verify
end
class RawData # :nodoc: class RawData # :nodoc:
def send_data(imap) def send_data(imap)
imap.send!(:put_string, @data) imap.send!(:put_string, @data)

3
lib/net/pop.rb
View File

@ -533,6 +533,9 @@ module Net
s = OpenSSL::SSL::SSLSocket.new(s, context) s = OpenSSL::SSL::SSLSocket.new(s, context)
s.sync_close = true s.sync_close = true
s.connect s.connect
if context.verify_mode != OpenSSL::SSL::VEIFY_NONE
s.post_connection_check(@address)
end
end end
@socket = InternetMessageIO.new(s) @socket = InternetMessageIO.new(s)
logging "POP session started: #{@address}:#{@port} (#{@apop ? 'APOP' : 'POP'})" logging "POP session started: #{@address}:#{@port} (#{@apop ? 'APOP' : 'POP'})"

3
lib/net/smtp.rb
View File

@ -578,6 +578,9 @@ module Net
logging "TLS connection started" logging "TLS connection started"
s.sync_close = true s.sync_close = true
s.connect s.connect
if @ssl_context.verify_mode != OpenSSL::SSL::VERIFY_NONE
s.post_connection_check(@address)
end
s s
end end