diff options
author | Kazuki Yamaguchi <k@rhe.jp> | 2015-11-07 17:11:32 +0900 |
---|---|---|
committer | Kazuki Yamaguchi <k@rhe.jp> | 2015-11-07 17:11:32 +0900 |
commit | 6b0f6ef5977f68561d0944b8b8986be496e84e7b (patch) | |
tree | 1945820e1cddc38abb29728d016ec4406640d063 /lib/plum/client.rb | |
parent | 6418b22ff8fcaf7c3b7b1c3a81d2b98c23f66ea3 (diff) | |
download | plum-6b0f6ef5977f68561d0944b8b8986be496e84e7b.tar.gz |
client: set certificate store to ssl context
Diffstat (limited to 'lib/plum/client.rb')
-rw-r--r-- | lib/plum/client.rb | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/lib/plum/client.rb b/lib/plum/client.rb index 197b214..5713acb 100644 --- a/lib/plum/client.rb +++ b/lib/plum/client.rb @@ -166,11 +166,10 @@ module Plum if config[:tls] ctx = @config[:ssl_context] || new_ssl_ctx sock = OpenSSL::SSL::SSLSocket.new(sock, ctx) - if sock.respond_to?(:hostname=) - sock.hostname = @config[:hostname] || @host - end + sock.hostname = (@config[:hostname] || @host) if sock.respond_to?(:hostname=) sock.sync_close = true sock.connect + sock.post_connection_check(@config[:hostname] || @host) end @socket = sock @@ -231,11 +230,14 @@ module Plum ctx = OpenSSL::SSL::SSLContext.new ctx.ssl_version = :TLSv1_2 ctx.verify_mode = @config[:verify_mode] + cert_store = OpenSSL::X509::Store.new + cert_store.set_default_paths + ctx.cert_store = cert_store if ctx.respond_to?(:alpn_protocols) ctx.alpn_protocols = ["h2", "http/1.1"] end if ctx.respond_to?(:npn_select_cb) - ctx.alpn_select_cb = -> protocols { + ctx.npn_select_cb = -> protocols { protocols.include?("h2") ? "h2" : protocols.first } end |