4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
|
# File 'lib/excon/ssl_socket.rb', line 4
def initialize(data = {})
@data = data
check_nonblock_support
super
ssl_context = OpenSSL::SSL::SSLContext.new
if @data[:ssl_verify_peer]
ssl_context.verify_mode = OpenSSL::SSL::VERIFY_PEER
if @data[:ssl_ca_path]
ssl_context.ca_path = @data[:ssl_ca_path]
elsif @data[:ssl_ca_file]
ssl_context.ca_file = @data[:ssl_ca_file]
else ssl_context.cert_store = OpenSSL::X509::Store.new
if File.exists?(OpenSSL::Config::DEFAULT_CONFIG_FILE)
ssl_context.cert_store.set_default_paths
else
ssl_context.cert_store.add_file(DEFAULT_CA_FILE)
end
end
else
ssl_context.verify_mode = OpenSSL::SSL::VERIFY_NONE
end
certificate_path = @data[:client_cert] || @data[:certificate_path]
private_key_path = @data[:client_key] || @data[:private_key_path]
if certificate_path && private_key_path
ssl_context.cert = OpenSSL::X509::Certificate.new(File.read(certificate_path))
ssl_context.key = OpenSSL::PKey::RSA.new(File.read(private_key_path))
elsif @data.has_key?(:certificate) && @data.has_key?(:private_key)
ssl_context.cert = OpenSSL::X509::Certificate.new(@data[:certificate])
ssl_context.key = OpenSSL::PKey::RSA.new(@data[:private_key])
end
if @data[:proxy]
request = 'CONNECT ' << @data[:host] << ':' << @data[:port] << Excon::HTTP_1_1
request << 'Host: ' << @data[:host] << ':' << @data[:port] << Excon::CR_NL
if @data[:proxy][:password] || @data[:proxy][:user]
auth = ['' << @data[:proxy][:user].to_s << ':' << @data[:proxy][:password].to_s].pack('m').delete(Excon::CR_NL)
request << "Proxy-Authorization: Basic " << auth << Excon::CR_NL
end
request << 'Proxy-Connection: Keep-Alive' << Excon::CR_NL
request << Excon::CR_NL
@socket.write(request)
Excon::Response.parse(@socket, { :expects => 200, :method => "CONNECT" })
end
@socket = OpenSSL::SSL::SSLSocket.new(@socket, ssl_context)
@socket.sync_close = true
@socket.connect
if @socket.respond_to?(:hostname=)
@socket.hostname = @data[:host]
end
if @data[:ssl_verify_peer]
@socket.post_connection_check(@data[:host])
end
@socket
end
|