Skip to content

Commit

Permalink
Workaround for old CAs in httpclient (2factorauth#6150)
Browse files Browse the repository at this point in the history
* Workaround for old CAs in httpclient

See nahi/httpclient#445.

The default implementation uses a list of CAs from 2015, and resetting
it to use default paths uses CA certificates from the underlying OS.

* Refactor for rubocop/readability

* Set proxy argument to nil

Co-authored-by: Carlgo11 <Carlgo11@users.noreply.github.com>
  • Loading branch information
anurag and Carlgo11 authored Oct 1, 2021
1 parent 2c54e90 commit f915c19
Showing 1 changed file with 10 additions and 4 deletions.
14 changes: 10 additions & 4 deletions tests/validate-urls.rb
Original file line number Diff line number Diff line change
Expand Up @@ -9,11 +9,17 @@
# Fetch created/modified files in entries/**
diff = `git diff --name-only --diff-filter=AM origin/master...HEAD entries/`.split("\n")

def new_http_client
agent_name = 'Mozilla/5.0 (compatible; MSIE 7.01; Windows NT 5.0)'
from = '2fa.directory'
client = HTTPClient.new(nil, agent_name, from)
client.ssl_config.set_default_paths # ignore built-in CA and use system defaults
client.receive_timeout = 8
client
end

def curl(url)
headers = { 'User-Agent' => 'Mozilla/5.0 (compatible; MSIE 7.01; Windows NT 5.0)', 'FROM' => '2fa.directory' }
req = HTTPClient.new
req.receive_timeout = 8
res = req.get(url, nil, headers, follow_redirect: true)
res = new_http_client.get(url, nil, follow_redirect: true)
return if res.status == 200
raise(nil) unless res.status.to_s.match(/50\d|403/)

Expand Down

0 comments on commit f915c19

Please sign in to comment.