1berry/ruby
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[rubygems/rubygems] Warn if TLS 1.2 is not supported

Browse Source 
https://github.com/rubygems/rubygems/commit/e4f70a3e4f
This commit is contained in:
Edouard CHIN 2025-04-10 00:31:55 +02:00 committed by Hiroshi SHIBATA
parent ff2e0e4173
commit 56c1a15eb7
No known key found for this signature in database
GPG Key ID: F9CF13417264FAC2
3 changed files with 57 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
lib/bundler/cli/doctor/ssl.rb
View File

@ -105,6 +105,7 @@ module Bundler
end.start end.start
Bundler.ui.info("Ruby net/http: success") Bundler.ui.info("Ruby net/http: success")
warn_on_unsupported_tls12
true true
rescue StandardError => error rescue StandardError => error
@ -119,6 +120,28 @@ module Bundler
false false
end end
def warn_on_unsupported_tls12
ctx = OpenSSL::SSL::SSLContext.new
supported = true
if ctx.respond_to?(:min_version=)
begin
ctx.min_version = ctx.max_version = OpenSSL::SSL::TLS1_2_VERSION
rescue OpenSSL::SSL::SSLError, NameError
supported = false
end
else
supported = OpenSSL::SSL::SSLContext::METHODS.include?(:TLSv1_2) # rubocop:disable Naming/VariableNumber
end
Bundler.ui.warn(<<~EOM) unless supported
WARNING: Although your Ruby can connect to #{host} today, your OpenSSL is very old!
WARNING: You will need to upgrade OpenSSL to use #{host}.
EOM
end
module Explanation module Explanation
extend self extend self

20
libexec/ssl_check.rb
View File

@ -29,23 +29,3 @@ puts
puts "Ruby: %s" % ruby_version puts "Ruby: %s" % ruby_version
puts "RubyGems: %s" % Gem::VERSION if defined?(Gem::VERSION) puts "RubyGems: %s" % Gem::VERSION if defined?(Gem::VERSION)
puts "Bundler: %s" % Bundler::VERSION if defined?(Bundler::VERSION) puts "Bundler: %s" % Bundler::VERSION if defined?(Bundler::VERSION)
def tls12_supported?
ctx = OpenSSL::SSL::SSLContext.new
if ctx.methods.include?(:min_version=)
ctx.min_version = ctx.max_version = OpenSSL::SSL::TLS1_2_VERSION
true
else
OpenSSL::SSL::SSLContext::METHODS.include?(:TLSv1_2)
end
rescue
end
# We were able to connect, but perhaps this Ruby will have trouble when we require TLSv1.2
unless tls12_supported?
puts "\nWARNING: Although your Ruby can connect to #{host} today, your OpenSSL is very old! 👴",
"WARNING: You will need to upgrade OpenSSL to use #{host}."
exit 1
end
exit 0

34
spec/bundler/commands/ssl_spec.rb
View File

@ -334,5 +334,39 @@ RSpec.describe "bundle doctor ssl" do
expect(net_http.min_version.to_s).to eq("TLS1_3") expect(net_http.min_version.to_s).to eq("TLS1_3")
expect(net_http.max_version.to_s).to eq("TLS1_3") expect(net_http.max_version.to_s).to eq("TLS1_3")
end end
it "warns when TLS1.2 is not supported" do
expected_out = <<~MSG
Here's your OpenSSL environment:
OpenSSL: #{OpenSSL::VERSION}
Compiled with: #{OpenSSL::OPENSSL_VERSION}
Loaded with: #{OpenSSL::OPENSSL_LIBRARY_VERSION}
Trying connections to https://rubygems.org:
Bundler: success
RubyGems: success
Ruby net/http: success
Hooray! This Ruby can connect to rubygems.org.
You are all set to use Bundler and RubyGems.
MSG
expected_err = <<~MSG
WARNING: Although your Ruby can connect to rubygems.org today, your OpenSSL is very old!
WARNING: You will need to upgrade OpenSSL to use rubygems.org.
MSG
previous_version = OpenSSL::SSL::TLS1_2_VERSION
OpenSSL::SSL.send(:remove_const, :TLS1_2_VERSION)
subject = Bundler::CLI::Doctor::SSL.new({})
expect { subject.run }.to output(expected_out).to_stdout.and output(expected_err).to_stderr
ensure
OpenSSL::SSL.const_set(:TLS1_2_VERSION, previous_version)
end
end end
end end