wrest icon indicating copy to clipboard operation
wrest copied to clipboard

Published 20 hours ago verified publisher icon gojek

Fix connection.verify_mode for Net::HTTP https connection to VERIFY_PEER

Open kaiwren opened this issue 14 years ago • 7 comments

Also, make it configurable. See http://www.rubyinside.com/how-to-cure-nethttps-risky-default-https-behavior-4010.html

kaiwren avatar Dec 09 '10 14:12 kaiwren

I have defaulted the verify_mode to VERIFY_PEER while creating a connection and made it configurable by being able to pass an options hash to the create method specifying the verify_mode

nikhilvallishayee avatar Dec 16 '10 07:12 nikhilvallishayee

Remember to update the changelog once this is complete.

kaiwren avatar Dec 16 '10 10:12 kaiwren

  1. All HTTPS requests are VERIFY_PEER. The option to choose VERIFY_NONE is not exposed to the Uri object.

  2. VERIFY_MODE value is being expected as a string: if options[:verify_mode] == 'VERIFY_NONE'

    It should ideally be the symbol OpenSSL::SSL::VERIFY_PEER itself.

jasim avatar Dec 27 '10 06:12 jasim

Fixed and pushed a week back. Hasn't been updated here for unknown reason. Redid push. Still not updated!

nikhilvallishayee avatar Dec 28 '10 19:12 nikhilvallishayee

What's happening on this one? Nik, could you link to the commits that you're talking about? Also, did you see my comments on the use of constants on 92a6acf1b96166cf298650feec49b6a4c963654a ?

kaiwren avatar Jan 02 '11 14:01 kaiwren

done! https://github.com/kaiwren/wrest/commit/c74c02062c5a09c33f7bb84c6fd80ef2080c2ee9

nikhilvallishayee avatar Jan 02 '11 14:01 nikhilvallishayee

Nik, could you also take a look at #66? It seems to be a consequence of switching to always verifying certificates.

kaiwren avatar Jan 05 '11 13:01 kaiwren