Skip to content

Commit

Permalink
Merge pull request #263 from ably/event_machine-http_request-tls-veri…
Browse files Browse the repository at this point in the history 
…fy_peer_fix

Enabled TLS hostname validation CVE-2020-13482
  • Loading branch information
@owenpearson
owenpearson authored Aug 3, 2021
2 parents 598e9e8 + 9a253bc commit 7d6a761
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 5 deletions.
2 changes: 1 addition & 1 deletion lib/ably/realtime/connection.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -295,7 +295,7 @@ def ping(&block)
def internet_up?
url = "http#{'s' if client.use_tls?}:#{Ably::INTERNET_CHECK.fetch(:url)}"
EventMachine::DefaultDeferrable.new.tap do |deferrable|
EventMachine::HttpRequest.new(url).get.tap do |http|
EventMachine::HttpRequest.new(url, tls: { verify_peer: true }).get.tap do |http|
http.errback do
yield false if block_given?
deferrable.fail Ably::Exceptions::ConnectionFailed.new("Unable to connect to #{url}", nil, Ably::Exceptions::Codes::CONNECTION_FAILED)
Expand Down
8 changes: 4 additions & 4 deletions spec/acceptance/realtime/connection_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1454,7 +1454,7 @@ def self.available_states
let(:client_options) { default_options.merge(tls: true) }

it 'uses TLS for the Internet check to https://internet-up.ably-realtime.com/is-the-internet-up.txt' do
expect(EventMachine::HttpRequest).to receive(:new).with('https://internet-up.ably-realtime.com/is-the-internet-up.txt').and_return(http_request)
expect(EventMachine::HttpRequest).to receive(:new).with('https://internet-up.ably-realtime.com/is-the-internet-up.txt', { tls: { verify_peer: true } }).and_return(http_request)
connection.internet_up?
stop_reactor
end
Expand All @@ -1464,7 +1464,7 @@ def self.available_states
let(:client_options) { default_options.merge(tls: false, use_token_auth: true) }

it 'uses TLS for the Internet check to http://internet-up.ably-realtime.com/is-the-internet-up.txt' do
expect(EventMachine::HttpRequest).to receive(:new).with('http://internet-up.ably-realtime.com/is-the-internet-up.txt').and_return(http_request)
expect(EventMachine::HttpRequest).to receive(:new).with('http://internet-up.ably-realtime.com/is-the-internet-up.txt', { tls: { verify_peer: true } }).and_return(http_request)
connection.internet_up?
stop_reactor
end
Expand All @@ -1478,7 +1478,7 @@ def self.available_states
let(:client_options) { default_options.merge(tls: true) }

it 'checks the Internet up URL over TLS' do
expect(EventMachine::HttpRequest).to receive(:new).with("https:#{Ably::INTERNET_CHECK.fetch(:url)}").and_return(double('request', get: EventMachine::DefaultDeferrable.new))
expect(EventMachine::HttpRequest).to receive(:new).with("https:#{Ably::INTERNET_CHECK.fetch(:url)}", { tls: { verify_peer: true } }).and_return(double('request', get: EventMachine::DefaultDeferrable.new))
connection.internet_up?
stop_reactor
end
Expand All @@ -1488,7 +1488,7 @@ def self.available_states
let(:client_options) { default_options.merge(tls: false, use_token_auth: true) }

it 'checks the Internet up URL over TLS' do
expect(EventMachine::HttpRequest).to receive(:new).with("http:#{Ably::INTERNET_CHECK.fetch(:url)}").and_return(double('request', get: EventMachine::DefaultDeferrable.new))
expect(EventMachine::HttpRequest).to receive(:new).with("http:#{Ably::INTERNET_CHECK.fetch(:url)}", { tls: { verify_peer: true } }).and_return(double('request', get: EventMachine::DefaultDeferrable.new))
connection.internet_up?
stop_reactor
end
Expand Down

0 comments on commit 7d6a761

Please sign in to comment.