module EmHttpSslPatch - faraday-1.0.1 Documentation

Source

# File lib/faraday/adapter/em_http_ssl_patch.rb, line 51
def certificate_store
  @certificate_store ||= begin
    store = OpenSSL::X509::Store.new
    store.set_default_paths
    ca_file = parent.connopts.tls[:cert_chain_file]
    store.add_file(ca_file) if ca_file
    store
  end
end

host ()

Source

# File lib/faraday/adapter/em_http_ssl_patch.rb, line 47
def host
  parent.uri.host
end

ssl_handshake_completed ()

Source

# File lib/faraday/adapter/em_http_ssl_patch.rb, line 28
def ssl_handshake_completed
  return true unless verify_peer?

  unless verified_cert_identity?
    raise OpenSSL::SSL::SSLError,
          %(host "#{host}" does not match the server certificate)
  end

  true
end

ssl_verify_peer (cert_string)

Source

# File lib/faraday/adapter/em_http_ssl_patch.rb, line 8
def ssl_verify_peer(cert_string)
  begin
    @last_seen_cert = OpenSSL::X509::Certificate.new(cert_string)
  rescue OpenSSL::X509::CertificateError
    return false
  end

  unless certificate_store.verify(@last_seen_cert)
    raise OpenSSL::SSL::SSLError,
          %(unable to verify the server certificate for "#{host}")
  end

  begin
    certificate_store.add_cert(@last_seen_cert)
  rescue OpenSSL::X509::StoreError => e
    raise e unless e.message == 'cert already in hash table'
  end
  true
end

verified_cert_identity? ()

Source

# File lib/faraday/adapter/em_http_ssl_patch.rb, line 43
def verified_cert_identity?
  OpenSSL::SSL.verify_certificate_identity(@last_seen_cert, host)
end

verify_peer? ()

Source

# File lib/faraday/adapter/em_http_ssl_patch.rb, line 39
def verify_peer?
  parent.connopts.tls[:verify_peer]
end