diff options
| author | Samuel Giddins <segiddins@segiddins.me> | 2017-05-03 12:21:19 -0500 |
|---|---|---|
| committer | Samuel Giddins <segiddins@segiddins.me> | 2017-08-12 11:19:37 -0300 |
| commit | e9be76d50623647c31dfcd0f9c9da558cda76f40 (patch) | |
| tree | 1dbf35d343d84e0845355b8147113c327f99d8d1 | |
| parent | 66facbb67665f30e97db2b2c4c9c127399e9a935 (diff) | |
| download | bundler-e9be76d50623647c31dfcd0f9c9da558cda76f40.tar.gz | |
Warn when making an outdated TLS connection to rubygems.org
| -rw-r--r-- | lib/bundler/fetcher.rb | 4 | ||||
| -rw-r--r-- | lib/bundler/vendored_persistent.rb | 30 |
2 files changed, 32 insertions, 2 deletions
diff --git a/lib/bundler/fetcher.rb b/lib/bundler/fetcher.rb index 01a0679f7c..ee4af27920 100644 --- a/lib/bundler/fetcher.rb +++ b/lib/bundler/fetcher.rb @@ -238,7 +238,7 @@ module Bundler Bundler.settings[:ssl_client_cert] raise SSLError if needs_ssl && !defined?(OpenSSL::SSL) - con = Bundler::Persistent::Net::HTTP::Persistent.new "bundler", :ENV + con = PersistentHTTP.new "bundler", :ENV if gem_proxy = Bundler.rubygems.configuration[:http_proxy] con.proxy = URI.parse(gem_proxy) if gem_proxy != :no_proxy end @@ -274,7 +274,7 @@ module Bundler Timeout::Error, EOFError, SocketError, Errno::ENETDOWN, Errno::ENETUNREACH, Errno::EINVAL, Errno::ECONNRESET, Errno::ETIMEDOUT, Errno::EAGAIN, Net::HTTPBadResponse, Net::HTTPHeaderSyntaxError, Net::ProtocolError, - Bundler::Persistent::Net::HTTP::Persistent::Error, Zlib::BufError, Errno::EHOSTUNREACH + PersistentHTTP::Error, Zlib::BufError, Errno::EHOSTUNREACH ].freeze def bundler_cert_store diff --git a/lib/bundler/vendored_persistent.rb b/lib/bundler/vendored_persistent.rb index ecbf21e30a..b5901c2e92 100644 --- a/lib/bundler/vendored_persistent.rb +++ b/lib/bundler/vendored_persistent.rb @@ -16,3 +16,33 @@ module Bundler end end require "bundler/vendor/net-http-persistent/lib/net/http/persistent" + +module Bundler + class PersistentHTTP < Persistent::Net::HTTP::Persistent + def connection_for(uri) + connection = super + warn_old_tls_version_rubygems_connection(uri, connection) + connection + end + + def warn_old_tls_version_rubygems_connection(uri, connection) + return unless connection.use_ssl? + return unless (uri.hostname || "").end_with?("rubygems.org") + + socket = connection.instance_variable_get(:@socket) + socket_io = socket.io + return unless socket_io.respond_to?(:ssl_version) + ssl_version = socket_io.ssl_version + + case ssl_version + when /TLSv([\d\.]+)/ + version = Gem::Version.new($1) + if version < Gem::Version.new("1.1") + Bundler.ui.warn "Your Ruby version does not support TLSv1.1 or newer" \ + ", which will be required to connect to https://#{uri.hostname}" \ + " by January 2018." + end + end + end + end +end |