diff --git a/CHANGELOG.md b/CHANGELOG.md index 8eb14798..543b45b3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,6 @@ +### Unreleased +* Feature: [#214](https://github.com/savonrb/httpi/pull/214) Add SSL ciphers configuration + ### 2.4.5 * Improvement: [#209](https://github.com/savonrb/httpi/pull/209) Drop Travis CI support for Ruby < 2.3.0 and jruby. diff --git a/httpi.gemspec b/httpi.gemspec index d3745584..8136cf35 100644 --- a/httpi.gemspec +++ b/httpi.gemspec @@ -20,7 +20,7 @@ Gem::Specification.new do |s| s.add_development_dependency 'rubyntlm', '~> 0.3.2' s.add_development_dependency 'rake', '~> 10.0' - s.add_development_dependency 'rspec', '~> 2.14' + s.add_development_dependency 'rspec', '~> 3.5' s.add_development_dependency 'mocha', '~> 0.13' s.add_development_dependency 'puma', '~> 2.3.2' s.add_development_dependency 'webmock' diff --git a/lib/httpi/adapter/curb.rb b/lib/httpi/adapter/curb.rb index a79fd81c..960aa231 100644 --- a/lib/httpi/adapter/curb.rb +++ b/lib/httpi/adapter/curb.rb @@ -116,6 +116,7 @@ def setup_ssl_auth @client.cert_key = ssl.cert_key_file @client.cert = ssl.cert_file @client.certpassword = ssl.cert_key_password + @client.set(:ssl_cipher_list, ssl.ciphers.join(':')) if ssl.ciphers @client.ssl_verify_peer = ssl.verify_mode == :peer end diff --git a/lib/httpi/adapter/excon.rb b/lib/httpi/adapter/excon.rb index 4821696b..23207430 100644 --- a/lib/httpi/adapter/excon.rb +++ b/lib/httpi/adapter/excon.rb @@ -73,6 +73,7 @@ def client_opts opts[:ssl_verify_peer] = false end + opts[:ciphers] = ssl.ciphers if ssl.ciphers opts[:ssl_version] = ssl.ssl_version if ssl.ssl_version opts[:ssl_min_version] = ssl.min_version if ssl.min_version opts[:ssl_max_version] = ssl.max_version if ssl.max_version diff --git a/lib/httpi/adapter/http.rb b/lib/httpi/adapter/http.rb index 61389c30..6d387484 100644 --- a/lib/httpi/adapter/http.rb +++ b/lib/httpi/adapter/http.rb @@ -61,6 +61,7 @@ def create_client context.min_version = @request.auth.ssl.min_version if @request.auth.ssl.min_version != nil context.max_version = @request.auth.ssl.max_version if @request.auth.ssl.max_version != nil context.verify_mode = @request.auth.ssl.openssl_verify_mode + context.ciphers = @request.auth.ssl.ciphers if @request.auth.ssl.ciphers client = ::HTTP::Client.new(:ssl_context => context) else diff --git a/lib/httpi/adapter/httpclient.rb b/lib/httpi/adapter/httpclient.rb index 6b920e9c..b4ae3623 100644 --- a/lib/httpi/adapter/httpclient.rb +++ b/lib/httpi/adapter/httpclient.rb @@ -73,6 +73,7 @@ def setup_ssl_auth # Send client-side certificate regardless of state of SSL verify mode @client.ssl_config.client_cert = ssl.cert @client.ssl_config.client_key = ssl.cert_key + @client.ssl_config.ciphers = ssl.ciphers if ssl.ciphers @client.ssl_config.verify_mode = ssl.openssl_verify_mode end diff --git a/lib/httpi/adapter/net_http.rb b/lib/httpi/adapter/net_http.rb index 9972d0c7..bf1fc9eb 100644 --- a/lib/httpi/adapter/net_http.rb +++ b/lib/httpi/adapter/net_http.rb @@ -177,6 +177,7 @@ def setup_ssl_auth # Send client-side certificate regardless of state of SSL verify mode @client.key = ssl.cert_key @client.cert = ssl.cert + @client.ciphers = ssl.ciphers if ssl.ciphers @client.verify_mode = ssl.openssl_verify_mode end diff --git a/lib/httpi/auth/ssl.rb b/lib/httpi/auth/ssl.rb index d0882e5c..ab800286 100644 --- a/lib/httpi/auth/ssl.rb +++ b/lib/httpi/auth/ssl.rb @@ -25,7 +25,7 @@ class SSL # Returns whether SSL configuration is present. def present? - (verify_mode == :none) || (cert && cert_key) || ca_cert_file + (verify_mode == :none) || (cert && cert_key) || ca_cert_file || ciphers rescue TypeError, Errno::ENOENT false end @@ -48,6 +48,24 @@ def present? # Certificate store holds trusted CA certificates used to verify peer certificates. attr_accessor :cert_store + # Accessor for the SSL ciphers list. + attr_reader :ciphers + + # Sets the available symmetric algorithms for encryption and decryption. + # @see OpenSSL::SSL::SSLContext#ciphers + # @example + # ssl.ciphers = "cipher1:cipher2:..." + # ssl.ciphers = [name, ...] + # ssl.ciphers = [[name, version, bits, alg_bits], ...] + def ciphers=(ciphers) + @ciphers = + if ciphers + context = OpenSSL::SSL::SSLContext.new + context.ciphers = ciphers + context.ciphers.map(&:first) + end + end + # Returns the cert type to validate SSL certificates PEM|DER. def cert_type @cert_type ||= :pem diff --git a/spec/httpi/adapter/curb_spec.rb b/spec/httpi/adapter/curb_spec.rb index 8ee835ed..c120e651 100644 --- a/spec/httpi/adapter/curb_spec.rb +++ b/spec/httpi/adapter/curb_spec.rb @@ -250,6 +250,13 @@ request end + it 'sets ssl_cipher_list' do + request.auth.ssl.ciphers = ["AES128"] + curb.expects(:set).with(any_parameters).at_least(1) + curb.expects(:set).with(:ssl_cipher_list, anything) + adapter.request(:get) + end + context 'sets ssl_version' do it 'defaults to nil when no ssl_version is specified' do curb.expects(:ssl_version=).with(nil) diff --git a/spec/httpi/adapter/em_http_spec.rb b/spec/httpi/adapter/em_http_spec.rb index e0a6eda6..27561b53 100644 --- a/spec/httpi/adapter/em_http_spec.rb +++ b/spec/httpi/adapter/em_http_spec.rb @@ -150,7 +150,7 @@ it "raises an error for HTTP digest auth" do request.auth.digest "username", "password" - expect { adapter.request(:get) }.to raise_error + expect { adapter.request(:get) }.to raise_error HTTPI::NotSupportedError end end diff --git a/spec/httpi/adapter/httpclient_spec.rb b/spec/httpi/adapter/httpclient_spec.rb index 31562377..6ed1a2be 100644 --- a/spec/httpi/adapter/httpclient_spec.rb +++ b/spec/httpi/adapter/httpclient_spec.rb @@ -141,6 +141,13 @@ adapter.request(:get) end + + it 'should set the ciphers if specified' do + request.auth.ssl.ciphers = OpenSSL::Cipher.ciphers + ssl_config.expects(:ciphers=).with(request.auth.ssl.ciphers) + + adapter.request(:get) + end end context "(for SSL client auth)" do diff --git a/spec/httpi/auth/ssl_spec.rb b/spec/httpi/auth/ssl_spec.rb index 10618241..e44b3d45 100644 --- a/spec/httpi/auth/ssl_spec.rb +++ b/spec/httpi/auth/ssl_spec.rb @@ -189,6 +189,23 @@ end end + describe '#ciphers' do + subject { ssl.ciphers } + let(:ssl) { HTTPI::Auth::SSL.new } + + context 'without ciphers' do + before { ssl.ciphers = nil } + + it { is_expected.to eq(nil) } + end + + context 'with ciphers' do + before { ssl.ciphers = OpenSSL::Cipher.ciphers } + + it { is_expected.to be_any.and(all(be_an_instance_of(String))) } + end + end + def ssl ssl = HTTPI::Auth::SSL.new ssl.cert_key_file = "spec/fixtures/client_key.pem" diff --git a/spec/integration/curb_spec.rb b/spec/integration/curb_spec.rb index 598a82aa..28d9fe7f 100644 --- a/spec/integration/curb_spec.rb +++ b/spec/integration/curb_spec.rb @@ -123,6 +123,15 @@ response = HTTPI.get(request, adapter) expect(response.body).to eq("get") end + + it "works with ciphers" do + request = HTTPI::Request.new(@server.url) + request.auth.ssl.ca_cert_file = IntegrationServer.ssl_ca_file + request.auth.ssl.ciphers = OpenSSL::Cipher.ciphers + + response = HTTPI.get(request, adapter) + expect(response.body).to eq("get") + end end end diff --git a/spec/integration/excon_spec.rb b/spec/integration/excon_spec.rb index 81723eee..cab31f92 100644 --- a/spec/integration/excon_spec.rb +++ b/spec/integration/excon_spec.rb @@ -1,7 +1,7 @@ require "spec_helper" require "integration/support/server" -describe HTTPI::Adapter::HTTPClient do +describe HTTPI::Adapter::Excon do subject(:adapter) { :excon } @@ -159,6 +159,15 @@ response = HTTPI.get(request, adapter) expect(response.body).to eq("get") end + + it "works with ciphers" do + request = HTTPI::Request.new(@server.url) + request.auth.ssl.ca_cert_file = IntegrationServer.ssl_ca_file + request.auth.ssl.ciphers = OpenSSL::Cipher.ciphers + + response = HTTPI.get(request, adapter) + expect(response.body).to eq("get") + end end end diff --git a/spec/integration/fixtures/ca_all.pem b/spec/integration/fixtures/ca_all.pem index c642a417..a69ea6fb 100644 --- a/spec/integration/fixtures/ca_all.pem +++ b/spec/integration/fixtures/ca_all.pem @@ -1,44 +1,19 @@ -----BEGIN CERTIFICATE----- -MIID0DCCArigAwIBAgIBADANBgkqhkiG9w0BAQUFADA8MQswCQYDVQQGDAJKUDES -MBAGA1UECgwJSklOLkdSLkpQMQwwCgYDVQQLDANSUlIxCzAJBgNVBAMMAkNBMB4X -DTA0MDEzMDAwNDIzMloXDTM2MDEyMjAwNDIzMlowPDELMAkGA1UEBgwCSlAxEjAQ -BgNVBAoMCUpJTi5HUi5KUDEMMAoGA1UECwwDUlJSMQswCQYDVQQDDAJDQTCCASIw -DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANbv0x42BTKFEQOE+KJ2XmiSdZpR -wjzQLAkPLRnLB98tlzs4xo+y4RyY/rd5TT9UzBJTIhP8CJi5GbS1oXEerQXB3P0d -L5oSSMwGGyuIzgZe5+vZ1kgzQxMEKMMKlzA73rbMd4Jx3u5+jdbP0EDrPYfXSvLY -bS04n2aX7zrN3x5KdDrNBfwBio2/qeaaj4+9OxnwRvYP3WOvqdW0h329eMfHw0pi -JI0drIVdsEqClUV4pebT/F+CPUPkEh/weySgo9wANockkYu5ujw2GbLFcO5LXxxm -dEfcVr3r6t6zOA4bJwL0W/e6LBcrwiG/qPDFErhwtgTLYf6Er67SzLyA66UCAwEA -AaOB3DCB2TAPBgNVHRMBAf8EBTADAQH/MDEGCWCGSAGG+EIBDQQkFiJSdWJ5L09w -ZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBRJ7Xd380KzBV7f -USKIQ+O/vKbhDzAOBgNVHQ8BAf8EBAMCAQYwZAYDVR0jBF0wW4AUSe13d/NCswVe -31EiiEPjv7ym4Q+hQKQ+MDwxCzAJBgNVBAYMAkpQMRIwEAYDVQQKDAlKSU4uR1Iu -SlAxDDAKBgNVBAsMA1JSUjELMAkGA1UEAwwCQ0GCAQAwDQYJKoZIhvcNAQEFBQAD -ggEBAIu/mfiez5XN5tn2jScgShPgHEFJBR0BTJBZF6xCk0jyqNx/g9HMj2ELCuK+ -r/Y7KFW5c5M3AQ+xWW0ZSc4kvzyTcV7yTVIwj2jZ9ddYMN3nupZFgBK1GB4Y05GY -MJJFRkSu6d/Ph5ypzBVw2YMT/nsOo5VwMUGLgS7YVjU+u/HNWz80J3oO17mNZllj -PvORJcnjwlroDnS58KoJ7GDgejv3ESWADvX1OHLE4cRkiQGeLoEU4pxdCxXRqX0U -PbwIkZN9mXVcrmPHq8MWi4eC/V7hnbZETMHuWhUoiNdOEfsAXr3iP4KjyyRdwc7a -d/xgcK06UVQRL/HbEYGiQL056mc= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDaDCCAlCgAwIBAgIBATANBgkqhkiG9w0BAQUFADA8MQswCQYDVQQGDAJKUDES -MBAGA1UECgwJSklOLkdSLkpQMQwwCgYDVQQLDANSUlIxCzAJBgNVBAMMAkNBMB4X -DTA0MDEzMDAwNDMyN1oXDTM1MDEyMjAwNDMyN1owPzELMAkGA1UEBgwCSlAxEjAQ -BgNVBAoMCUpJTi5HUi5KUDEMMAoGA1UECwwDUlJSMQ4wDAYDVQQDDAVTdWJDQTCC -ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ0Ou7AyRcRXnB/kVHv/6kwe -ANzgg/DyJfsAUqW90m7Lu1nqyug8gK0RBd77yU0w5HOAMHTVSdpjZK0g2sgx4Mb1 -d/213eL9TTl5MRVEChTvQr8q5DVG/8fxPPE7fMI8eOAzd98/NOAChk+80r4Sx7fC -kGVEE1bKwY1MrUsUNjOY2d6t3M4HHV3HX1V8ShuKfsHxgCmLzdI8U+5CnQedFgkm -3e+8tr8IX5RR1wA1Ifw9VadF7OdI/bGMzog/Q8XCLf+WPFjnK7Gcx6JFtzF6Gi4x -4dp1Xl45JYiVvi9zQ132wu8A1pDHhiNgQviyzbP+UjcB/tsOpzBQF8abYzgEkWEC -AwEAAaNyMHAwDwYDVR0TAQH/BAUwAwEB/zAxBglghkgBhvhCAQ0EJBYiUnVieS9P -cGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUlCjXWLsReYzH -LzsxwVnCXmKoB/owCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQCJ/OyN -rT8Cq2Y+G2yA/L1EMRvvxwFBqxavqaqHl/6rwsIBFlB3zbqGA/0oec6MAVnYynq4 -c4AcHTjx3bQ/S4r2sNTZq0DH4SYbQzIobx/YW8PjQUJt8KQdKMcwwi7arHP7A/Ha -LKu8eIC2nsUBnP4NhkYSGhbmpJK+PFD0FVtD0ZIRlY/wsnaZNjWWcnWF1/FNuQ4H -ySjIblqVQkPuzebv3Ror6ZnVDukn96Mg7kP4u6zgxOeqlJGRe1M949SS9Vudjl8X -SF4aZUUB9pQGhsqQJVqaz2OlhGOp9D0q54xko/rekjAIcuDjl1mdX4F2WRrzpUmZ -uY/bPeOBYiVsOYVe +MIIDDjCCAfagAwIBAgIBAzANBgkqhkiG9w0BAQsFADA4MRMwEQYKCZImiZPyLGQB +GRYDbmV0MRQwEgYKCZImiZPyLGQBGRYEcHVtYTELMAkGA1UEAwwCQ0EwHhcNMjAw +ODAxMDAwMDAwWhcNMjQwODAxMDAwMDAwWjA4MRMwEQYKCZImiZPyLGQBGRYDbmV0 +MRQwEgYKCZImiZPyLGQBGRYEcHVtYTELMAkGA1UEAwwCQ0EwggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQDIHxrFcS2JkRQbXLFosb32unVkVuwHSPSt6Dpl +2jUQHP/bceAx/d9waHYf8rlbCFAIoduZDOc7XCJUidgcG5NfLJyQpkkWOU8CGWH+ +Ipl4AE8auYCcy/0T7BQqaRC41HPmrJG1CC40rqcY47lUO2haI+vj5TZFHNhAbRat +rR1iD1veis2gBZtrMzd4IlpvEHGv6ghfnSc20za4exmapjp/uAAIOXpeFX8QHumA +bty4dd+iHpKjDzUrhG9Qa5v28ii2K1AcbczUQ7FzSp2/GoRSjF+WY6i86N9Z1M97 +2PEgy0IG5l6JHu1P0/rd00hN0h0Owzv3V5ldMLZap7+pVFQTAgMBAAGjIzAhMA8G +A1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IB +AQA3GWpy4bYLOHLENDTUBeclF6cDdYiautD6gxd1SDLMWOhAUF7ywwT87OAJdr1I ++W1TUv5BRG21rNm1QsZfLbStdKA1mpiET/9nYN7m1YauL5hI3yD49TGuO9/sxcE5 +zNW7D3VBVNq+pyT21/TvLAgxCNvjjm7byzyIOcoRUyZx8WhCf8nUT6cEShXqEg4Q +iUBSLI38tiQoZneuVzDRlXBY0PqoB19l2Kg9yThHjPTVhw5EAQSDKXCCvaxAbVw6 +ZPLNnOdK6DvqEZ3GC5WlaHQdmLxmN4OfV6AEtpgqgGY9u8K1ylTr3ET7xLK7bhcA +oZsggEVZr1Ifx9BWIazRNwlw -----END CERTIFICATE----- diff --git a/spec/integration/fixtures/server.cert b/spec/integration/fixtures/server.cert index 998ccc58..5c3c334e 100644 --- a/spec/integration/fixtures/server.cert +++ b/spec/integration/fixtures/server.cert @@ -1,19 +1,19 @@ -----BEGIN CERTIFICATE----- -MIIC/zCCAeegAwIBAgIBATANBgkqhkiG9w0BAQUFADA/MQswCQYDVQQGDAJKUDES -MBAGA1UECgwJSklOLkdSLkpQMQwwCgYDVQQLDANSUlIxDjAMBgNVBAMMBVN1YkNB -MB4XDTA0MDEzMTAzMTMxNloXDTMzMDEyMzAzMTMxNlowQzELMAkGA1UEBgwCSlAx -EjAQBgNVBAoMCUpJTi5HUi5KUDEMMAoGA1UECwwDUlJSMRIwEAYDVQQDDAlsb2Nh -bGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANFJTxWqup3nV9dsJAku -p+WaXnPNIzcpAA3qMGZDJTJsfa8Du7ZxTP0XJK5mETttBrn711cJxAuP3KjqnW9S -vtZ9lY2sXJ6Zj62sN5LwG3VVe25dI28yR1EsbHjJ5Zjf9tmggMC6am52dxuHbt5/ -vHo4ngJuKE/U+eeGRivMn6gFAgMBAAGjgYUwgYIwDAYDVR0TAQH/BAIwADAxBglg -hkgBhvhCAQ0EJBYiUnVieS9PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAd -BgNVHQ4EFgQUpZIyygD9JxFYHHOTEuWOLbCKfckwCwYDVR0PBAQDAgWgMBMGA1Ud -JQQMMAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBBQUAA4IBAQBwAIj5SaBHaA5X31IP -CFCJiep96awfp7RANO0cuUj+ZpGoFn9d6FXY0g+Eg5wAkCNIzZU5NHN9xsdOpnUo -zIBbyTfQEPrge1CMWMvL6uGaoEXytq84VTitF/xBTky4KtTn6+es4/e7jrrzeUXQ -RC46gkHObmDT91RkOEGjHLyld2328jo3DIN/VTHIryDeVHDWjY5dENwpwdkhhm60 -DR9IrNBbXWEe9emtguNXeN0iu1ux0lG1Hc6pWGQxMlRKNvGh0yZB9u5EVe38tOV0 -jQaoNyL7qzcQoXD3Dmbi1p0iRmg/+HngISsz8K7k7MBNVsSclztwgCzTZOBiVtkM -rRlQ +MIIDBDCCAeygAwIBAgIBBzANBgkqhkiG9w0BAQsFADA4MRMwEQYKCZImiZPyLGQB +GRYDbmV0MRQwEgYKCZImiZPyLGQBGRYEcHVtYTELMAkGA1UEAwwCQ0EwHhcNMjAw +ODAxMDAwMDAwWhcNMjQwODAxMDAwMDAwWjA/MRMwEQYKCZImiZPyLGQBGRYDbmV0 +MRQwEgYKCZImiZPyLGQBGRYEcHVtYTESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjAN +BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvXOg3gTrGJfVft9cSrfGRnEZezDB +L93fcLwJAoaXGxbEg1RW/fOrSpSNemuqOvbzczV7m5eYTf1lHPBJsndbYyijIR1+ +Fp4tjFDp76SC3hxCIc3uYXIz0qQwSOAi1z15zobS4xF29jlsXWtfBl9fivjzdj/f +pbZ+JPYOrlcJAf6Xmr3xh//13rOI0ytBMlWf51z/iAZBLm2wvbt+nR7B6koAdTgM +Coe+gOtcLWYY5ApJ4qB9knGdxWoF5p7guHHw2aGTM0jyhgBowfVkFRiE2JUmODae +g+dHsd8ogWbqhGyZTredJF/NRrLKU0h+t7ldKHvXEZy4qyqQlvKoTpODqQIDAQAB +oxIwEDAOBgNVHQ8BAf8EBAMCBLAwDQYJKoZIhvcNAQELBQADggEBAI/bcQP4Hu9O +OtaaIjVxN8+9jXUOrMpSogmZ4bRKImispt9SA+sbxec7iOMM2pG3Py2yi0hWGzii +hSebWIsM1JuPj7ks9l8nGRxpGeInJwTkJorG4ZLEypoS2wW3fQZGx3o4da5V+U2Z +HEY0wQTbPBqqnyeZ16ZFNVCzw8y9l7y7CEFjvUO3sq0pne9r7Z+XVgjGyBdBYkJS +0kcqPBXFCMHrWH5UlacYlM5cqgoVztOp2STGmR3XR7a34oueeA10QSP+jzeYvWA1 +wTYA762uU2ReCdujfNbf8V1tZWAH36KldM3hhDNWeveAGxxj1h2R9T/k2kHl/a7D +I3VdS59vjJY= -----END CERTIFICATE----- diff --git a/spec/integration/fixtures/server.key b/spec/integration/fixtures/server.key index 9ba2218a..75a358ff 100644 --- a/spec/integration/fixtures/server.key +++ b/spec/integration/fixtures/server.key @@ -1,15 +1,27 @@ -----BEGIN RSA PRIVATE KEY----- -MIICXQIBAAKBgQDRSU8Vqrqd51fXbCQJLqflml5zzSM3KQAN6jBmQyUybH2vA7u2 -cUz9FySuZhE7bQa5+9dXCcQLj9yo6p1vUr7WfZWNrFyemY+trDeS8Bt1VXtuXSNv -MkdRLGx4yeWY3/bZoIDAumpudncbh27ef7x6OJ4CbihP1PnnhkYrzJ+oBQIDAQAB -AoGBAIf4CstW2ltQO7+XYGoex7Hh8s9lTSW/G2vu5Hbr1LTHy3fzAvdq8MvVR12O -rk9fa+lU9vhzPc0NMB0GIDZ9GcHuhW5hD1Wg9OSCbTOkZDoH3CAFqonjh4Qfwv5W -IPAFn9KHukdqGXkwEMdErsUaPTy9A1V/aROVEaAY+HJgq/eZAkEA/BP1QMV04WEZ -Oynzz7/lLizJGGxp2AOvEVtqMoycA/Qk+zdKP8ufE0wbmCE3Qd6GoynavsHb6aGK -gQobb8zDZwJBANSK6MrXlrZTtEaeZuyOB4mAmRzGzOUVkUyULUjEx2GDT93ujAma -qm/2d3E+wXAkNSeRpjUmlQXy/2oSqnGvYbMCQQDRM+cYyEcGPUVpWpnj0shrF/QU -9vSot/X1G775EMTyaw6+BtbyNxVgOIu2J+rqGbn3c+b85XqTXOPL0A2RLYkFAkAm -syhSDtE9X55aoWsCNZY/vi+i4rvaFoQ/WleogVQAeGVpdo7/DK9t9YWoFBIqth0L -mGSYFu9ZhvZkvQNV8eYrAkBJ+rOIaLDsmbrgkeDruH+B/9yrm4McDtQ/rgnOGYnH -LjLpLLOrgUxqpzLWe++EwSLwK2//dHO+SPsQJ4xsyQJy +MIIEpQIBAAKCAQEAvXOg3gTrGJfVft9cSrfGRnEZezDBL93fcLwJAoaXGxbEg1RW +/fOrSpSNemuqOvbzczV7m5eYTf1lHPBJsndbYyijIR1+Fp4tjFDp76SC3hxCIc3u +YXIz0qQwSOAi1z15zobS4xF29jlsXWtfBl9fivjzdj/fpbZ+JPYOrlcJAf6Xmr3x +h//13rOI0ytBMlWf51z/iAZBLm2wvbt+nR7B6koAdTgMCoe+gOtcLWYY5ApJ4qB9 +knGdxWoF5p7guHHw2aGTM0jyhgBowfVkFRiE2JUmODaeg+dHsd8ogWbqhGyZTred +JF/NRrLKU0h+t7ldKHvXEZy4qyqQlvKoTpODqQIDAQABAoIBAQCCtt8NkNMs2sYB +jdc97mKtg6eTKeaBQlLCk9qblYV4uVLJUk3bVl6fTLP4/YQsvurmWMZ6ajQ5y1YS +i3At5NB3MDitxo2SyXyfzcw6/oUU/uZaMJ4DOiqrcYGnJo6jd9UtPDURWqF77c7o +/gZIfVGMr4w70IJc8fdDRUqH26Fpb7Gp0+RNUXtM9tSovkX/yICje7Hp4IIiJJ0t +KGepdHfddshR4OIALh0k3jC9zfbYfSdIKZuGBf7bmjJTByLavjcG6HFLyt7aZBt3 +136hXAOvMO780WW2vQ8xAYkd+8bf4db4fjUpw3NWJ5wVdQhI9jhkAc9LhhxiDVoI +g9IyaSUBAoGBAObajQ24JlNg11ZZffPZwmvMlMDyZ8pZ5dk/Up9nOvCp1J2+7ef/ +6wjkOhrSyIPpvJCmftOn0c9IkV7tk5673Kjmly33QiIwiEeEG3lNN6GytiXIGqFV +ScPGznO/rNeKUsMFu3SXZNYs7aYqr9OCadwATuh+IzTQAx3T3prno4F5AoGBANIW +kJRF2Pl4yWc7MRjF+WnGfhJHv7VOcLlmFD1fa/IIM9xuBRgikiBWHtFwLoXknsY8 +y2VqNrPEkjCp+qLpXLC8l3dzpNU33Z42h/tUfoTmgSgDUQXGggjzbcS8cf+1D55z +KuPazKAndyiuhIENk1gE+5RKdNyjYP2sI4+L5jexAoGBANxx2rw9GywHj9n/P006 +pnO2Ol49nGsYiWp5E3bwZtIl+shf6GLgeRpWhj3TBnMhIlWnB/kpiiq8i0Tw7URo +9H+9IqRcNqTbX2ebeXjOCc+5DkLp4LQq83OmRsM1R+HTTtC4ipb9cucqpA1HOftp +z5isGq3ctdXaxP8YsLuPcw1RAoGAXZx0W70ryy2JAJidbd55Hiq17ktOHumOzO2x +Qw+Lt9Lz2NqlJnXxCruVC9miwUJ3hPl93/iN21hRk6GJ7qFxDcda7nz3C5LTCzZd +LR4fKfTTxBKGPb6QHpDpbmpRmZECHqZOjCzoVMyBCf2JST/VUbkWqKLso4uhIidb +yRCbSmECgYEAp+IuwpnMxVPxP52/xPFVcAxH2pDfmn5TJLJCNuKEUAS9ncZuz7rh +jJxtbC4AoGsS0+TdxnlMBvBpZE3QddQmjvey77yu/OvRUX2m/J/d+I2duTaHGR9Z +9VMxtlFY+DbDkJI2HVVxu5XfLKMJSEsMza8K64Ntx3XY3dJLCHrR1EY= -----END RSA PRIVATE KEY----- diff --git a/spec/integration/http_spec.rb b/spec/integration/http_spec.rb index 3593b260..655a51ca 100644 --- a/spec/integration/http_spec.rb +++ b/spec/integration/http_spec.rb @@ -141,6 +141,15 @@ response = HTTPI.get(request, adapter) expect(response.body).to eq("get") end + + it "works with ciphers" do + request = HTTPI::Request.new(@server.url) + request.auth.ssl.ca_cert_file = IntegrationServer.ssl_ca_file + request.auth.ssl.ciphers = OpenSSL::Cipher.ciphers + + response = HTTPI.get(request, adapter) + expect(response.body).to eq("get") + end end end diff --git a/spec/integration/httpclient_spec.rb b/spec/integration/httpclient_spec.rb index be52cb88..36fd0c7e 100644 --- a/spec/integration/httpclient_spec.rb +++ b/spec/integration/httpclient_spec.rb @@ -121,6 +121,15 @@ response = HTTPI.get(request, adapter) expect(response.body).to eq("get") end + + it "works with ciphers" do + request = HTTPI::Request.new(@server.url) + request.auth.ssl.ca_cert_file = IntegrationServer.ssl_ca_file + request.auth.ssl.ciphers = OpenSSL::Cipher.ciphers + + response = HTTPI.get(request, adapter) + expect(response.body).to eq("get") + end end end diff --git a/spec/integration/net_http_persistent_spec.rb b/spec/integration/net_http_persistent_spec.rb index c64b0942..9709e02c 100644 --- a/spec/integration/net_http_persistent_spec.rb +++ b/spec/integration/net_http_persistent_spec.rb @@ -1,7 +1,8 @@ require "spec_helper" require "integration/support/server" +require "net/http/persistent" -describe HTTPI::Adapter::NetHTTP do +describe HTTPI::Adapter::NetHTTPPersistent do subject(:adapter) { :net_http_persistent } @@ -122,6 +123,17 @@ response = HTTPI.get(request, adapter) expect(response.body).to eq("get") end + + it "works with ciphers" do + skip("Requires net-http-persistent 3.x") unless Net::HTTP::Persistent::VERSION.start_with? "3." + + request = HTTPI::Request.new(@server.url) + request.auth.ssl.ca_cert_file = IntegrationServer.ssl_ca_file + request.auth.ssl.ciphers = OpenSSL::Cipher.ciphers + + response = HTTPI.get(request, adapter) + expect(response.body).to eq("get") + end end end diff --git a/spec/integration/net_http_spec.rb b/spec/integration/net_http_spec.rb index 34d60db4..ec2dc43d 100644 --- a/spec/integration/net_http_spec.rb +++ b/spec/integration/net_http_spec.rb @@ -227,6 +227,15 @@ response = HTTPI.get(request, adapter) expect(response.body).to eq("get") end + + it "works with ciphers" do + request = HTTPI::Request.new(@server.url) + request.auth.ssl.ca_cert_file = IntegrationServer.ssl_ca_file + request.auth.ssl.ciphers = OpenSSL::Cipher.ciphers + + response = HTTPI.get(request, adapter) + expect(response.body).to eq("get") + end end end