Merge pull request #168 from galois17/fix-ssl-noverify

Avoid using ssl no verify

Author: pboling

.travis.yml

@@ -2,10 +2,13 @@ language: ruby
 
 rvm:
 - "ruby-head"
+- "2.7"
 - "2.4.0"
 - "2.3"
 - "2.2"
-
+matrix:
+  allow_failures:
+    - rvm: "ruby-head"
 addons:
   code_climate:
     repo_token: 8f697ca756250f0c2c54170ae27e8a9c459d18a0236903b11291c88291b3aac9

lib/oauth/consumer.rb

@@ -8,11 +8,21 @@
 module OAuth
   class Consumer
     # determine the certificate authority path to verify SSL certs
-    CA_FILES = %W(#{ENV['SSL_CERT_FILE']} /etc/ssl/certs/ca-certificates.crt /etc/pki/tls/certs/ca-bundle.crt /usr/share/curl/curl-ca-bundle.crt)
-    CA_FILES.each do |ca_file|
-      if File.exist?(ca_file)
-        CA_FILE = ca_file
-        break
+    if ENV['SSL_CERT_FILE']
+      if File.exist?(ENV['SSL_CERT_FILE'])
+        CA_FILE = ENV['SSL_CERT_FILE']
+      else
+        raise "The SSL CERT provided does not exist."
+      end
+    end
+
+    if !defined?(CA_FILE)
+      CA_FILES = %W(/etc/ssl/certs/ca-certificates.crt /etc/pki/tls/certs/ca-bundle.crt /usr/share/curl/curl-ca-bundle.crt)
+      CA_FILES.each do |ca_file|
+        if File.exist?(ca_file)
+          CA_FILE = ca_file
+          break
+        end
       end
     end
     CA_FILE = nil unless defined?(CA_FILE)
@@ -343,12 +353,15 @@ def create_http(_url = nil)
 
       http_object.use_ssl = (our_uri.scheme == 'https')
 
-      if @options[:ca_file] || CA_FILE
-        http_object.ca_file = @options[:ca_file] || CA_FILE
+      if @options[:no_verify]
+        http_object.verify_mode = OpenSSL::SSL::VERIFY_NONE
+      else
+        ca_file =  @options[:ca_file] || CA_FILE
+        if ca_file
+          http_object.ca_file = ca_file
+        end
         http_object.verify_mode = OpenSSL::SSL::VERIFY_PEER
         http_object.verify_depth = 5
-      else
-        http_object.verify_mode = OpenSSL::SSL::VERIFY_NONE
       end
 
       http_object.read_timeout = http_object.open_timeout = @options[:timeout] || 30

oauth.gemspec

@@ -32,7 +32,7 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency("iconv")
   spec.add_development_dependency("rack", "~> 2.0")
   spec.add_development_dependency("rack-test")
-  spec.add_development_dependency("mocha", ">= 0.9.12")
+  spec.add_development_dependency("mocha", ">= 0.9.12", "<=1.1.0")
   spec.add_development_dependency("typhoeus", ">= 0.1.13")
   spec.add_development_dependency("em-http-request", "0.2.11")
   spec.add_development_dependency("curb")

test/units/test_consumer.rb

@@ -165,6 +165,54 @@ def test_getting_tokens_doesnt_add_paths_if_full_url_is_specified
    @consumer.get_request_token
   end
 
+  def test_noverify_true
+    @consumer = OAuth::Consumer.new(
+     "key",
+     "secret",
+     {
+         :site              => "https://api.mysite.co.nz/v1",
+         :request_token_url => "https://authentication.mysite.co.nz/Oauth/RequestToken",
+         :no_verify         => true
+     })
+
+    stub_request(:post, "https://authentication.mysite.co.nz/Oauth/RequestToken").to_return(:body => "success", :status => 200)
+
+    Net::HTTP.any_instance.expects(:'verify_mode=').with(OpenSSL::SSL::VERIFY_NONE)
+
+    @consumer.get_request_token
+  end
+
+  def test_noverify_false
+    @consumer = OAuth::Consumer.new(
+     "key",
+     "secret",
+     {
+         :site              => "https://api.mysite.co.nz/v1",
+         :request_token_url => "https://authentication.mysite.co.nz/Oauth/RequestToken",
+         :no_verify         => false
+     })
+
+    stub_request(:post, "https://authentication.mysite.co.nz/Oauth/RequestToken").to_return(:body => "success", :status => 200)
+
+    Net::HTTP.any_instance.expects(:'verify_mode=').with(OpenSSL::SSL::VERIFY_PEER)
+    @consumer.get_request_token
+  end
+
+  def test_noverify_empty
+    @consumer = OAuth::Consumer.new(
+     "key",
+     "secret",
+     {
+         :site              => "https://api.mysite.co.nz/v1",
+         :request_token_url => "https://authentication.mysite.co.nz/Oauth/RequestToken"
+     })
+
+    stub_request(:post, "https://authentication.mysite.co.nz/Oauth/RequestToken").to_return(:body => "success", :status => 200)
+
+    Net::HTTP.any_instance.expects(:'verify_mode=').with(OpenSSL::SSL::VERIFY_PEER)
+    @consumer.get_request_token
+  end
+
   def test_token_request_identifies_itself_as_a_token_request
     request_options = {}
     @consumer.stubs(:request).returns(create_stub_http_response)