Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support ssl_verify_peer with wss. #101

Closed
wants to merge 1 commit into from
Closed

Support ssl_verify_peer with wss. #101

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
18 changes: 18 additions & 0 deletions lib/faye/websocket/client.rb
View file
Open in desktop
Expand Up @@ -22,6 +22,8 @@ def initialize(url, protocols = nil, options = {})
@secure = SECURE_PROTOCOLS.include?(endpoint.scheme)
@origin_tls = options.fetch(:tls, {})
@socket_tls = proxy[:origin] ? proxy.fetch(:tls, {}) : @origin_tls
@cert_store = OpenSSL::X509::Store.new
@cert_store.set_default_paths

if proxy[:origin]
@proxy = @driver.proxy(proxy[:origin])
Expand All @@ -36,6 +38,7 @@ def initialize(url, protocols = nil, options = {})

if secure
origin_tls = {:sni_hostname => uri.host}.merge(@origin_tls)
add_trust_ca(origin_tls.delete(:trust_ca))
@stream.start_tls(origin_tls)
end

Expand All @@ -62,13 +65,24 @@ def on_connect(stream)

if @secure
socket_tls = {:sni_hostname => URI.parse(@url).host}.merge(@socket_tls)
add_trust_ca(socket_tls.delete(:trust_ca))
@stream.start_tls(socket_tls)
end

worker = @proxy || @driver
worker.start
end

def add_trust_ca(ca_file)
return if ca_file.nil?
@trust_ca = Array[ca_file].map{|ca| OpenSSL::X509::Certificate.new(File.read(ca)) }
end

def ssl_verify_peer(cert)
crt = OpenSSL::X509::Certificate.new(cert)
return @cert_store.verify(crt) || @trust_ca.any?{|ca| ca.verify(crt.public_key) }
Copy link

@SpComb SpComb Jul 4, 2017
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I didn't test this code yet, but immediate problems that I see with this:

end

module Connection
attr_accessor :parent

Expand All @@ -87,6 +101,10 @@ def unbind
def write(data)
send_data(data) rescue nil
end

def ssl_verify_peer(cert)
return parent.__send__(:ssl_verify_peer, cert)
end
end
end

Expand Down
12 changes: 11 additions & 1 deletion spec/faye/websocket/client_spec.rb
View file
Open in desktop
Expand Up @@ -39,7 +39,17 @@ def open_socket(url, protocols, &callback)
end
end

@ws = Faye::WebSocket::Client.new(url, protocols, :proxy => {:origin => proxy_url})
secure = Faye::WebSocket::Client::SECURE_PROTOCOLS.include?(URI.parse(url).scheme)
options = {:proxy => {:origin => proxy_url}}
if secure
options.merge!(:tls => {
:private_key_file => File.expand_path('../../../server.key', __FILE__),
:cert_chain_file => File.expand_path('../../../server.crt', __FILE__),
:trust_ca => File.expand_path('../../../server.crt', __FILE__),
:verify_peer => true,
})
end
@ws = Faye::WebSocket::Client.new(url, protocols, options)

@ws.on(:open) { |e| resume.call(true) }
@ws.onclose = lambda { |e| resume.call(false) }
Expand Down