diff options
| -rw-r--r-- | CHANGELOG.md | 6 | ||||
| -rw-r--r-- | Rakefile | 2 | ||||
| -rw-r--r-- | lib/bundler/ssl_certs/AddTrustExternalCARoot-2048.pem | 25 | ||||
| -rw-r--r-- | lib/bundler/ssl_certs/COMODORSACertificationAuthority.pem | 35 | ||||
| -rw-r--r-- | lib/bundler/ssl_certs/COMODORSADomainValidationSecureServer.pem | 31 | ||||
| -rw-r--r-- | lib/bundler/ssl_certs/certificate_manager.rb | 28 | ||||
| -rw-r--r-- | lib/bundler/version.rb | 2 | ||||
| -rw-r--r-- | spec/other/ssl_cert_spec.rb | 15 | ||||
| -rw-r--r-- | spec/spec_helper.rb | 6 |
9 files changed, 78 insertions, 72 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index e2ce2019..5c36ae58 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,6 +12,12 @@ Features: - generates a `.consolerc` file with new gems and tries to load it on `bundle console` (@andremedeiros) - tries to find `gems.rb` and it's new counterpart, `gems.locked` (@andremedeiros) +## 1.7.6 (2014-11-11) + +Bugfixes: + + - CA certificates that work with all OpenSSLs (@luislavena, @indirect) + ## 1.7.5 (2014-11-10) Bugfixes: @@ -127,7 +127,7 @@ begin end task "clone_rubygems_#{rg}" do - unless File.directory?("tmp/rubygems") + unless File.directory?(RUBYGEMS_REPO) system("git clone https://github.com/rubygems/rubygems.git tmp/rubygems") end hash = nil diff --git a/lib/bundler/ssl_certs/AddTrustExternalCARoot-2048.pem b/lib/bundler/ssl_certs/AddTrustExternalCARoot-2048.pem new file mode 100644 index 00000000..20585f1c --- /dev/null +++ b/lib/bundler/ssl_certs/AddTrustExternalCARoot-2048.pem @@ -0,0 +1,25 @@ +-----BEGIN CERTIFICATE----- +MIIENjCCAx6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJTRTEU +MBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFs +IFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290 +MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFowbzELMAkGA1UEBhMCU0Ux +FDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5h +bCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9v +dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALf3GjPm8gAELTngTlvt +H7xsD821+iO2zt6bETOXpClMfZOfvUq8k+0DGuOPz+VtUFrWlymUWoCwSXrbLpX9 +uMq/NzgtHj6RQa1wVsfwTz/oMp50ysiQVOnGXw94nZpAPA6sYapeFI+eh6FqUNzX +mk6vBbOmcZSccbNQYArHE504B4YCqOmoaSYYkKtMsE8jqzpPhNjfzp/haW+710LX +a0Tkx63ubUFfclpxCDezeWWkWaCUN/cALw3CknLa0Dhy2xSoRcRdKn23tNbE7qzN +E0S3ySvdQwAl+mG5aWpYIxG3pzOPVnVZ9c0p10a3CitlttNCbxWyuHv77+ldU9U0 +WicCAwEAAaOB3DCB2TAdBgNVHQ4EFgQUrb2YejS0Jvf6xCZU7wO94CTLVBowCwYD +VR0PBAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wgZkGA1UdIwSBkTCBjoAUrb2YejS0 +Jvf6xCZU7wO94CTLVBqhc6RxMG8xCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRU +cnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3QgRXh0ZXJuYWwgVFRQIE5ldHdvcmsx +IjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJvb3SCAQEwDQYJKoZIhvcN +AQEFBQADggEBALCb4IUlwtYj4g+WBpKdQZic2YR5gdkeWxQHIzZlj7DYd7usQWxH +YINRsPkyPef89iYTx4AWpb9a/IfPeHmJIZriTAcKhjW88t5RxNKWt9x+Tu5w/Rw5 +6wwCURQtjr0W4MHfRnXnJK3s9EK0hZNwEGe6nQY1ShjTK3rMUUKhemPR5ruhxSvC +Nr4TDea9Y355e6cJDUCrat2PisP29owaQgVR1EX1n6diIWgVIEM8med8vSTYqZEX +c4g/VhsxOBi0cQ+azcgOno4uG+GMmIPLHzHxREzGBHNJdmAPx/i9F4BrLunMTA5a +mnkPIAou1Z5jJh5VkpTYghdae9C8x49OhgQ= +-----END CERTIFICATE----- diff --git a/lib/bundler/ssl_certs/COMODORSACertificationAuthority.pem b/lib/bundler/ssl_certs/COMODORSACertificationAuthority.pem deleted file mode 100644 index d81d72a2..00000000 --- a/lib/bundler/ssl_certs/COMODORSACertificationAuthority.pem +++ /dev/null @@ -1,35 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIGCDCCA/CgAwIBAgIQKy5u6tl1NmwUim7bo3yMBzANBgkqhkiG9w0BAQwFADCB -hTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G -A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNV -BAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTQwMjEy -MDAwMDAwWhcNMjkwMjExMjM1OTU5WjCBkDELMAkGA1UEBhMCR0IxGzAZBgNVBAgT -EkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMR -Q09NT0RPIENBIExpbWl0ZWQxNjA0BgNVBAMTLUNPTU9ETyBSU0EgRG9tYWluIFZh -bGlkYXRpb24gU2VjdXJlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP -ADCCAQoCggEBAI7CAhnhoFmk6zg1jSz9AdDTScBkxwtiBUUWOqigwAwCfx3M28Sh -bXcDow+G+eMGnD4LgYqbSRutA776S9uMIO3Vzl5ljj4Nr0zCsLdFXlIvNN5IJGS0 -Qa4Al/e+Z96e0HqnU4A7fK31llVvl0cKfIWLIpeNs4TgllfQcBhglo/uLQeTnaG6 -ytHNe+nEKpooIZFNb5JPJaXyejXdJtxGpdCsWTWM/06RQ1A/WZMebFEh7lgUq/51 -UHg+TLAchhP6a5i84DuUHoVS3AOTJBhuyydRReZw3iVDpA3hSqXttn7IzW3uLh0n -c13cRTCAquOyQQuvvUSH2rnlG51/ruWFgqUCAwEAAaOCAWUwggFhMB8GA1UdIwQY -MBaAFLuvfgI9+qbxPISOre44mOzZMjLUMB0GA1UdDgQWBBSQr2o6lFoL2JDqElZz -30O0Oija5zAOBgNVHQ8BAf8EBAMCAYYwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNV -HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwGwYDVR0gBBQwEjAGBgRVHSAAMAgG -BmeBDAECATBMBgNVHR8ERTBDMEGgP6A9hjtodHRwOi8vY3JsLmNvbW9kb2NhLmNv -bS9DT01PRE9SU0FDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNybDBxBggrBgEFBQcB -AQRlMGMwOwYIKwYBBQUHMAKGL2h0dHA6Ly9jcnQuY29tb2RvY2EuY29tL0NPTU9E -T1JTQUFkZFRydXN0Q0EuY3J0MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5jb21v -ZG9jYS5jb20wDQYJKoZIhvcNAQEMBQADggIBAE4rdk+SHGI2ibp3wScF9BzWRJ2p -mj6q1WZmAT7qSeaiNbz69t2Vjpk1mA42GHWx3d1Qcnyu3HeIzg/3kCDKo2cuH1Z/ -e+FE6kKVxF0NAVBGFfKBiVlsit2M8RKhjTpCipj4SzR7JzsItG8kO3KdY3RYPBps -P0/HEZrIqPW1N+8QRcZs2eBelSaz662jue5/DJpmNXMyYE7l3YphLG5SEXdoltMY -dVEVABt0iN3hxzgEQyjpFv3ZBdRdRydg1vs4O2xyopT4Qhrf7W8GjEXCBgCq5Ojc -2bXhc3js9iPc0d1sjhqPpepUfJa3w/5Vjo1JXvxku88+vZbrac2/4EjxYoIQ5QxG -V/Iz2tDIY+3GH5QFlkoakdH368+PUq4NCNk+qKBR6cGHdNXJ93SrLlP7u3r7l+L4 -HyaPs9Kg4DdbKDsx5Q5XLVq4rXmsXiBmGqW5prU5wfWYQ//u+aen/e7KJD2AFsQX -j4rBYKEMrltDR5FL1ZoXX/nUh8HCjLfn4g8wGTeGrODcQgPmlKidrv0PJFGUzpII -0fxQ8ANAe4hZ7Q7drNJ3gjTcBpUC2JD5Leo31Rpg0Gcg19hCC0Wvgmje3WYkN5Ap -lBlGGSW4gNfL1IYoakRwJiNiqZ+Gb7+6kHDSVneFeO/qJakXzlByjAA6quPbYzSf -+AZxAeKCINT+b72x ------END CERTIFICATE----- diff --git a/lib/bundler/ssl_certs/COMODORSADomainValidationSecureServer.pem b/lib/bundler/ssl_certs/COMODORSADomainValidationSecureServer.pem deleted file mode 100644 index 178a558b..00000000 --- a/lib/bundler/ssl_certs/COMODORSADomainValidationSecureServer.pem +++ /dev/null @@ -1,31 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFUzCCBDugAwIBAgIRAPLaUGqN5nvAm5oy7tfh3dEwDQYJKoZIhvcNAQELBQAw -gZAxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO -BgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMTYwNAYD -VQQDEy1DT01PRE8gUlNBIERvbWFpbiBWYWxpZGF0aW9uIFNlY3VyZSBTZXJ2ZXIg -Q0EwHhcNMTQxMDE2MDAwMDAwWhcNMTUxMDE2MjM1OTU5WjBcMSEwHwYDVQQLExhE -b21haW4gQ29udHJvbCBWYWxpZGF0ZWQxHjAcBgNVBAsTFUVzc2VudGlhbFNTTCBX -aWxkY2FyZDEXMBUGA1UEAxQOKi5ydWJ5Z2Vtcy5vcmcwggEiMA0GCSqGSIb3DQEB -AQUAA4IBDwAwggEKAoIBAQCmL7NyiM3y61Up2cjNJq5ETt7+qKtoiBKVJpYQ8cB/ -jk4tQuZwKF59dq1gAyU6SFf/iUFRYnvfEa/V+FpuyBL7b/jEzI809hVtkSQM+6vR -9Vz9rey4wcBpgEX7vSRimtH7RUCitNF3OZkHc59Ny07q9FgW+rRlvWnL970QlgiT -0o0m3SoJRzqu8zn2ZLtbDARzF3a767Ms6fPm/88cqakNQ9d26aW0yB6Ndgxn7crM -e6LhlrSZo6Ta1WJs+l5umKDhMdJBGMumxkFlnlqZdZxNGBErOlPSFfQGHYfrWzsR -EFf+jPe0+OEHB80JU3yQiNs+nBUxzdHDkKAkcO9p4bKzAgMBAAGjggHZMIIB1TAf -BgNVHSMEGDAWgBSQr2o6lFoL2JDqElZz30O0Oija5zAdBgNVHQ4EFgQUJiRNFFXU -9am4rs9kxMj9FY98/N4wDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYD -VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCME8GA1UdIARIMEYwOgYLKwYBBAGy -MQECAgcwKzApBggrBgEFBQcCARYdaHR0cHM6Ly9zZWN1cmUuY29tb2RvLmNvbS9D -UFMwCAYGZ4EMAQIBMFQGA1UdHwRNMEswSaBHoEWGQ2h0dHA6Ly9jcmwuY29tb2Rv -Y2EuY29tL0NPTU9ET1JTQURvbWFpblZhbGlkYXRpb25TZWN1cmVTZXJ2ZXJDQS5j -cmwwgYUGCCsGAQUFBwEBBHkwdzBPBggrBgEFBQcwAoZDaHR0cDovL2NydC5jb21v -ZG9jYS5jb20vQ09NT0RPUlNBRG9tYWluVmFsaWRhdGlvblNlY3VyZVNlcnZlckNB -LmNydDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuY29tb2RvY2EuY29tMCcGA1Ud -EQQgMB6CDioucnVieWdlbXMub3JnggxydWJ5Z2Vtcy5vcmcwDQYJKoZIhvcNAQEL -BQADggEBAFFnezsXS+fBqJDiFdwbPkT9Hdn+cc2OqrJTP5GaPH3hnGc1tn5v5QVB -+s0Uuoil/RiLRs4PzRlZiVZN86iY6GLxd8fkoeNMfdaH0i7i0lXJDz/qIdboPfxc -2T0oTBJufxvLCeNOFgl5aKus5HD/mnKoD1hGEOBJjulUwn09n8PMFnXmAnDVZ3Tv -6PltYiH4OadktplNR8oBB55Kn0ffYgIfofL9Mr2iCJlTvxMEpIRAe6NIs2r8InEJ -CnoNbAXUBuqOjgiiYNLvDrv3usj15Yv8xRMn9pyxA14i6HSyf5LwrLWPWhhV3YJ7 -R+n4EAYack3mCZb2TZ8FwoS05OKhbw8= ------END CERTIFICATE-----
\ No newline at end of file diff --git a/lib/bundler/ssl_certs/certificate_manager.rb b/lib/bundler/ssl_certs/certificate_manager.rb index 1f6a7b09..22872cc7 100644 --- a/lib/bundler/ssl_certs/certificate_manager.rb +++ b/lib/bundler/ssl_certs/certificate_manager.rb @@ -1,4 +1,6 @@ require 'fileutils' +require 'net/https' +require 'openssl' module Bundler module SSLCerts @@ -9,9 +11,11 @@ module Bundler new(rubygems_path).update! end - def initialize(rubygems_path) - rubygems_certs = File.join(rubygems_path, 'lib/rubygems/ssl_certs') - @rubygems_certs = certificates_in(rubygems_certs) + def initialize(rubygems_path = nil) + if rubygems_path + rubygems_cert_path = File.join(rubygems_path, 'lib/rubygems/ssl_certs') + @rubygems_certs = certificates_in(rubygems_cert_path) + end @bundler_cert_path = File.expand_path("..", __FILE__) @bundler_certs = certificates_in(bundler_cert_path) @@ -32,12 +36,30 @@ module Bundler FileUtils.cp rubygems_certs, bundler_cert_path end + def connect_to(host) + http = Net::HTTP.new(host, 443) + http.use_ssl = true + http.verify_mode = OpenSSL::SSL::VERIFY_PEER + http.cert_store = store + http.head('/') + end + private def certificates_in(path) Dir[File.join(path, "*.pem")].sort end + def store + @store ||= begin + store = OpenSSL::X509::Store.new + bundler_certs.each do |cert| + store.add_file cert + end + store + end + end + end end end diff --git a/lib/bundler/version.rb b/lib/bundler/version.rb index 5f4f12d8..1063456c 100644 --- a/lib/bundler/version.rb +++ b/lib/bundler/version.rb @@ -2,5 +2,5 @@ module Bundler # We're doing this because we might write tests that deal # with other versions of bundler and we are unsure how to # handle this better. - VERSION = "1.7.5" unless defined?(::Bundler::VERSION) + VERSION = "1.7.6" unless defined?(::Bundler::VERSION) end diff --git a/spec/other/ssl_cert_spec.rb b/spec/other/ssl_cert_spec.rb index ac9283a2..04f7a1f2 100644 --- a/spec/other/ssl_cert_spec.rb +++ b/spec/other/ssl_cert_spec.rb @@ -1,10 +1,23 @@ require 'spec_helper' require 'bundler/ssl_certs/certificate_manager' -describe "SSL Certificates", :if => (ENV['RGV'] == "master") do +describe "SSL Certificates", :rubygems_master do it "are up to date with Rubygems" do rubygems = File.expand_path("../../../tmp/rubygems", __FILE__) manager = Bundler::SSLCerts::CertificateManager.new(rubygems) expect(manager).to be_up_to_date end + + hosts = %w( + d2chzxaqi4y7f8.cloudfront.net + rubygems.org + s3.amazonaws.com + staging.rubygems.org + ) + + hosts.each do |host| + it "can securely connect to #{host}", :realworld do + Bundler::SSLCerts::CertificateManager.new.connect_to(host) + end + end end diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index cb6840b0..9e8a4700 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -69,6 +69,12 @@ RSpec.configure do |config| config.filter_run_excluding :ruby => LessThanProc.with(RUBY_VERSION) config.filter_run_excluding :rubygems => LessThanProc.with(Gem::VERSION) + if ENV['RGV'] == "master" + config.filter_run :rubygems_master => true + else + config.filter_run_excluding :rubygems_master => true + end + config.filter_run :focused => true unless ENV['CI'] config.run_all_when_everything_filtered = true |