You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@thrift.apache.org by jf...@apache.org on 2013/05/28 04:02:40 UTC

git commit: Thrift-1978: Ruby: Thrift should allow for the SSL verify mode to be set Client: rb Patch: Timur Alperovich

Updated Branches:
  refs/heads/master d3c71827f -> fbb78a658


Thrift-1978: Ruby: Thrift should allow for the SSL verify mode to be set
Client: rb
Patch: Timur Alperovich

Ruby SSL verify mode cannot be specified, which means thrift cannot be used against servers with self-signed certificates over SSL. The suggested fix is to expose the SSL verification mode as a constructor argument in lib/rb/lib/thrift/transport/http_client_transport.rb.


Project: http://git-wip-us.apache.org/repos/asf/thrift/repo
Commit: http://git-wip-us.apache.org/repos/asf/thrift/commit/fbb78a65
Tree: http://git-wip-us.apache.org/repos/asf/thrift/tree/fbb78a65
Diff: http://git-wip-us.apache.org/repos/asf/thrift/diff/fbb78a65

Branch: refs/heads/master
Commit: fbb78a65897ff40a7a40daa1b90aef5e23789827
Parents: d3c7182
Author: Jake Farrell <jf...@apache.org>
Authored: Mon May 27 22:01:36 2013 -0400
Committer: Jake Farrell <jf...@apache.org>
Committed: Mon May 27 22:01:36 2013 -0400

----------------------------------------------------------------------
 .../lib/thrift/transport/http_client_transport.rb  |    5 +-
 lib/rb/spec/http_client_spec.rb                    |   49 +++++++++++++++
 2 files changed, 53 insertions(+), 1 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/thrift/blob/fbb78a65/lib/rb/lib/thrift/transport/http_client_transport.rb
----------------------------------------------------------------------
diff --git a/lib/rb/lib/thrift/transport/http_client_transport.rb b/lib/rb/lib/thrift/transport/http_client_transport.rb
index 07f74bc..77ffe35 100644
--- a/lib/rb/lib/thrift/transport/http_client_transport.rb
+++ b/lib/rb/lib/thrift/transport/http_client_transport.rb
@@ -20,16 +20,18 @@
 
 require 'net/http'
 require 'net/https'
+require 'openssl'
 require 'uri'
 require 'stringio'
 
 module Thrift
   class HTTPClientTransport < BaseTransport
 
-    def initialize(url)
+    def initialize(url, opts = {})
       @url = URI url
       @headers = {'Content-Type' => 'application/x-thrift'}
       @outbuf = Bytes.empty_byte_buffer
+      @ssl_verify_mode = opts.fetch(:ssl_verify_mode, OpenSSL::SSL::VERIFY_PEER)
     end
 
     def open?; true end
@@ -43,6 +45,7 @@ module Thrift
     def flush
       http = Net::HTTP.new @url.host, @url.port
       http.use_ssl = @url.scheme == 'https'
+      http.verify_mode = @ssl_verify_mode if @url.scheme == 'https'
       resp = http.post(@url.request_uri, @outbuf, @headers)
       data = resp.body
       data = Bytes.force_binary_encoding(data)

http://git-wip-us.apache.org/repos/asf/thrift/blob/fbb78a65/lib/rb/spec/http_client_spec.rb
----------------------------------------------------------------------
diff --git a/lib/rb/spec/http_client_spec.rb b/lib/rb/spec/http_client_spec.rb
index 0890a8b..793fc73 100644
--- a/lib/rb/spec/http_client_spec.rb
+++ b/lib/rb/spec/http_client_spec.rb
@@ -68,4 +68,53 @@ describe 'Thrift::HTTPClientTransport' do
       @client.flush
     end
   end
+
+  describe 'ssl enabled' do
+    before(:each) do
+      @service_path = "/path/to/service?param=value"
+      @server_uri = "https://my.domain.com"
+    end
+
+    it "should use SSL for https" do
+      client = Thrift::HTTPClientTransport.new("#{@server_uri}#{@service_path}")
+
+      client.write "test"
+
+      Net::HTTP.should_receive(:new).with("my.domain.com", 443).and_return do
+        mock("Net::HTTP").tap do |http|
+          http.should_receive(:use_ssl=).with(true)
+          http.should_receive(:verify_mode=).with(OpenSSL::SSL::VERIFY_PEER)
+          http.should_receive(:post).with(@service_path, "test",
+              "Content-Type" => "application/x-thrift").and_return do
+            mock("Net::HTTPOK").tap do |response|
+              response.should_receive(:body).and_return "data"
+            end
+          end
+        end
+      end
+      client.flush
+      client.read(4).should == "data"
+    end
+
+    it "should set SSL verify mode when specified" do
+      client = Thrift::HTTPClientTransport.new("#{@server_uri}#{@service_path}",
+          :ssl_verify_mode => OpenSSL::SSL::VERIFY_NONE)
+
+      client.write "test"
+      Net::HTTP.should_receive(:new).with("my.domain.com", 443).and_return do
+        mock("Net::HTTP").tap do |http|
+          http.should_receive(:use_ssl=).with(true)
+          http.should_receive(:verify_mode=).with(OpenSSL::SSL::VERIFY_NONE)
+          http.should_receive(:post).with(@service_path, "test",
+              "Content-Type" => "application/x-thrift").and_return do
+            mock("Net::HTTPOK").tap do |response|
+              response.should_receive(:body).and_return "data"
+            end
+          end
+        end
+      end
+      client.flush
+      client.read(4).should == "data"
+    end
+  end
 end