# File rubygems/request.rb, line 46 def self.configure_connection_for_https(connection, cert_files) require 'net/https' connection.use_ssl = true connection.verify_mode = Gem.configuration.ssl_verify_mode || OpenSSL::SSL::VERIFY_PEER store = OpenSSL::X509::Store.new if Gem.configuration.ssl_client_cert pem = File.read Gem.configuration.ssl_client_cert connection.cert = OpenSSL::X509::Certificate.new pem connection.key = OpenSSL::PKey::RSA.new pem end store.set_default_paths cert_files.each do |ssl_cert_file| store.add_file ssl_cert_file end if Gem.configuration.ssl_ca_cert if File.directory? Gem.configuration.ssl_ca_cert store.add_path Gem.configuration.ssl_ca_cert else store.add_file Gem.configuration.ssl_ca_cert end end connection.cert_store = store connection.verify_callback = proc do |preverify_ok, store_context| verify_certificate store_context unless preverify_ok preverify_ok end connection rescue LoadError => e raise unless (e.respond_to?(:path) && e.path == 'openssl') || e.message =~ / -- openssl$/ raise Gem::Exception.new( 'Unable to require openssl, install OpenSSL and rebuild Ruby (preferred) or use non-HTTPS sources') end
# File rubygems/request.rb, line 41 def self.get_cert_files pattern = File.expand_path("./ssl_certs/*/*.pem", File.dirname(__FILE__)) Dir.glob(pattern) end
Returns a proxy URI for the given scheme
if one is set in the
environment variables.
# File rubygems/request.rb, line 163 def self.get_proxy_from_env(scheme = 'http') _scheme = scheme.downcase _SCHEME = scheme.upcase env_proxy = ENV["#{_scheme}_proxy"] || ENV["#{_SCHEME}_PROXY"] no_env_proxy = env_proxy.nil? || env_proxy.empty? return get_proxy_from_env 'http' if no_env_proxy and _scheme != 'http' return :no_proxy if no_env_proxy uri = URI(Gem::UriFormatter.new(env_proxy).normalize) if uri and uri.user.nil? and uri.password.nil? user = ENV["#{_scheme}_proxy_user"] || ENV["#{_SCHEME}_PROXY_USER"] password = ENV["#{_scheme}_proxy_pass"] || ENV["#{_SCHEME}_PROXY_PASS"] uri.user = Gem::UriFormatter.new(user).escape uri.password = Gem::UriFormatter.new(password).escape end uri end
# File rubygems/request.rb, line 28 def initialize(uri, request_class, last_modified, pool) @uri = uri @request_class = request_class @last_modified = last_modified @requests = Hash.new 0 @user_agent = user_agent @connection_pool = pool end
# File rubygems/request.rb, line 87 def self.verify_certificate(store_context) depth = store_context.error_depth error = store_context.error_string number = store_context.error cert = store_context.current_cert ui.alert_error "SSL verification error at depth #{depth}: #{error} (#{number})" extra_message = verify_certificate_message number, cert ui.alert_error extra_message if extra_message end
# File rubygems/request.rb, line 100 def self.verify_certificate_message(error_number, cert) return unless cert case error_number when OpenSSL::X509::V_ERR_CERT_HAS_EXPIRED then "Certificate #{cert.subject} expired at #{cert.not_after.iso8601}" when OpenSSL::X509::V_ERR_CERT_NOT_YET_VALID then "Certificate #{cert.subject} not valid until #{cert.not_before.iso8601}" when OpenSSL::X509::V_ERR_CERT_REJECTED then "Certificate #{cert.subject} is rejected" when OpenSSL::X509::V_ERR_CERT_UNTRUSTED then "Certificate #{cert.subject} is not trusted" when OpenSSL::X509::V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT then "Certificate #{cert.issuer} is not trusted" when OpenSSL::X509::V_ERR_INVALID_CA then "Certificate #{cert.subject} is an invalid CA certificate" when OpenSSL::X509::V_ERR_INVALID_PURPOSE then "Certificate #{cert.subject} has an invalid purpose" when OpenSSL::X509::V_ERR_SELF_SIGNED_CERT_IN_CHAIN then "Root certificate is not trusted (#{cert.subject})" when OpenSSL::X509::V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY then "You must add #{cert.issuer} to your local trusted store" when OpenSSL::X509::V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE then "Cannot verify certificate issued by #{cert.issuer}" end end
# File rubygems/request.rb, line 39 def cert_files; @connection_pool.cert_files; end
Creates or an HTTP connection based on uri
, or retrieves an
existing connection, using a proxy if needed.
# File rubygems/request.rb, line 131 def connection_for(uri) @connection_pool.checkout rescue defined?(OpenSSL::SSL) ? OpenSSL::SSL::SSLError : Errno::EHOSTDOWN, Errno::EHOSTDOWN => e raise Gem::RemoteFetcher::FetchError.new(e.message, uri) end
# File rubygems/request.rb, line 138 def fetch request = @request_class.new @uri.request_uri unless @uri.nil? || @uri.user.nil? || @uri.user.empty? request.basic_auth Gem::UriFormatter.new(@uri.user).unescape, Gem::UriFormatter.new(@uri.password).unescape end request.add_field 'User-Agent', @user_agent request.add_field 'Connection', 'keep-alive' request.add_field 'Keep-Alive', '30' if @last_modified request.add_field 'If-Modified-Since', @last_modified.httpdate end yield request if block_given? perform_request request end
# File rubygems/request.rb, line 38 def proxy_uri; @connection_pool.proxy_uri; end
Resets HTTP connection connection
.
# File rubygems/request.rb, line 264 def reset(connection) @requests.delete connection.object_id connection.finish connection.start end
# File rubygems/request.rb, line 271 def user_agent ua = "RubyGems/#{Gem::VERSION} #{Gem::Platform.local}".dup ruby_version = RUBY_VERSION ruby_version += 'dev' if RUBY_PATCHLEVEL == -1 ua << " Ruby/#{ruby_version} (#{RUBY_RELEASE_DATE}" if RUBY_PATCHLEVEL >= 0 ua << " patchlevel #{RUBY_PATCHLEVEL}" elsif defined?(RUBY_REVISION) ua << " revision #{RUBY_REVISION}" end ua << ")" ua << " #{RUBY_ENGINE}" if defined?(RUBY_ENGINE) and RUBY_ENGINE != 'ruby' ua end