Skip to content

Improve CA certificate verification #75

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
May 18, 2014
Merged

Improve CA certificate verification #75

merged 3 commits into from
May 18, 2014

Conversation

@nitoyon
Copy link
Contributor

@nitoyon nitoyon commented May 11, 2014

When we use secure endpoints, server certificate was not verified and the following warning was shown: warning: peer certificate won't be verified in this SSL session.

By this PR,

  • Change server certificate to be enabled by default.
  • Add FlickRaw.check_certificate to disable server certificate verification
  • Add FlickRaw.ca_file to change the CA certificate file path

@nitoyon
Enable server certificate verification by default
b93e89d 
When https endpoint is used, the following message was shown: "warning:
peer certificate won't be verified in this SSL session".
This is because Net::HTTP#verify_mode is nil.

Now, we verify server certificate by default. If you want to disable it,
set Flickraw.check_certificate to false.
@kueda
Copy link
Contributor

kueda commented May 14, 2014

I altered @nitoyon's code a bit to match the Net::HTTP options a bit better, and support specifying a directory of certifications instead of a single file: kueda@35cc21b. If that's of interest I can issue a separate pull request, or you guys can just pull in that commit. Wasn't really sure how to test it in the test suite, but it seems to be working for me.

nitoyon and others added 2 commits May 14, 2014 23:58
@nitoyon
Add FlickRaw.ca_file option
49a1758 
Secure endpoint connection fails if CA certificate file is old or
is not installed.

So, add FlickRaw.ca_file option to set the CA certificate file path
even if we doesn't have root access right.
@kueda @nitoyon
Changed SSL configs to match Net::HTTP options.
e9964ba
@nitoyon
Copy link
Contributor Author

nitoyon commented May 14, 2014

@kueda I pulled your commit & fix my typo. Thanks:exclamation:

@hanklords hanklords merged commit e9964ba into hanklords:master May 18, 2014
@hanklords
Copy link
Owner

hanklords commented May 18, 2014

Thanks !

@nitoyon nitoyon deleted the ssl-cert branch May 19, 2014 01:27
@nitoyon
Copy link
Contributor Author

nitoyon commented May 19, 2014

You're welcome and thanks too!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@nitoyon @kueda @hanklords