From cdbaac3f4b6349907fe744f5eafab982b45e53e2 Mon Sep 17 00:00:00 2001 From: Nishant Patel <91441876+nishantactivepipe@users.noreply.github.com> Date: Sat, 5 Feb 2022 14:29:38 +1100 Subject: [PATCH] [ruby/open-uri] feat: allow option to pass version of SSL / TLS to use during communication. Allow versions are OpenSSL::SSL::SSLContext::METHODS https://github.com/ruby/open-uri/commit/8729858517 --- lib/open-uri.rb | 3 +++ test/open-uri/test_ssl.rb | 10 ++++++++++ 2 files changed, 13 insertions(+) diff --git a/lib/open-uri.rb b/lib/open-uri.rb index 36bc3e7266..2bcbec5110 100644 --- a/lib/open-uri.rb +++ b/lib/open-uri.rb @@ -99,6 +99,7 @@ module OpenURI :open_timeout => true, :ssl_ca_cert => nil, :ssl_verify_mode => nil, + :ssl_version => nil, :ftp_active_mode => false, :redirect => true, :encoding => nil, @@ -298,6 +299,8 @@ module OpenURI require 'net/https' http.use_ssl = true http.verify_mode = options[:ssl_verify_mode] || OpenSSL::SSL::VERIFY_PEER + http.ssl_version = options[:ssl_version] if options[:ssl_version] && + OpenSSL::SSL::SSLContext::METHODS.include?(options[:ssl_version]) store = OpenSSL::X509::Store.new if options[:ssl_ca_cert] Array(options[:ssl_ca_cert]).each do |cert| diff --git a/test/open-uri/test_ssl.rb b/test/open-uri/test_ssl.rb index 4f645d83b9..a4e20b553f 100644 --- a/test/open-uri/test_ssl.rb +++ b/test/open-uri/test_ssl.rb @@ -107,6 +107,16 @@ class TestOpenURISSL } end + def test_validation_ssl_version + with_https {|srv, dr, url| + setup_validation(srv, dr) + URI.open("#{url}/data", :ssl_verify_mode => OpenSSL::SSL::VERIFY_NONE, :ssl_version => :TLSv1_2) {|f| + assert_equal("200", f.status[0]) + assert_equal("ddd", f.read) + } + } + end + def with_https_proxy(proxy_log_tester=lambda {|proxy_log, proxy_access_log| assert_equal([], proxy_log) }) proxy_log = [] proxy_logger = WEBrick::Log.new(proxy_log, WEBrick::BasicLog::WARN)