Blob Blame Raw
From fdad6204321a2dea41b9eb71e9579e1e45b64a28 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?V=C3=ADt=20Ondruch?= <vondruch@redhat.com>
Date: Tue, 7 Feb 2017 12:14:06 +0100
Subject: [PATCH] Fix compatility with Ruby OpenSSL 2.x+.

The DEFAULT_PARAMS does not list the ciphers anymore:

https://github.com/ruby/openssl/commit/b9aea270fbe1b3f8e806e86a28d8a27e242ab251
---
 lib/restclient/request.rb |  2 +-
 spec/unit/request_spec.rb | 26 ++++++++------------------
 2 files changed, 9 insertions(+), 19 deletions(-)

diff --git a/lib/restclient/request.rb b/lib/restclient/request.rb
index 67b69e2..52287ce 100644
--- a/lib/restclient/request.rb
+++ b/lib/restclient/request.rb
@@ -195,7 +195,7 @@ module RestClient
           # If we're on a Ruby version that has insecure default ciphers,
           # override it with our default list.
           if WeakDefaultCiphers.include?(
-               OpenSSL::SSL::SSLContext::DEFAULT_PARAMS.fetch(:ciphers))
+               OpenSSL::SSL::SSLContext.new.ciphers)
             @ssl_opts[:ciphers] = DefaultCiphers
           end
         end
diff --git a/spec/unit/request_spec.rb b/spec/unit/request_spec.rb
index d091ae0..0c7cfe2 100644
--- a/spec/unit/request_spec.rb
+++ b/spec/unit/request_spec.rb
@@ -899,15 +899,10 @@ describe RestClient::Request, :include_helpers do
     end
 
     it "should override ssl_ciphers with better defaults with weak default ciphers" do
-      stub_const(
-        '::OpenSSL::SSL::SSLContext::DEFAULT_PARAMS',
-        {
-          :ssl_version=>"SSLv23",
-          :verify_mode=>1,
-          :ciphers=>"ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW",
-          :options=>-2147480577,
-        }
-      )
+      expect(RestClient::Request::WeakDefaultCiphers)
+        .to receive(:include?)
+        .with(OpenSSL::SSL::SSLContext.new.ciphers)
+        .and_return(true)
 
       @request = RestClient::Request.new(
         :method => :put,
@@ -924,15 +919,10 @@ describe RestClient::Request, :include_helpers do
     end
 
     it "should not override ssl_ciphers with better defaults with different default ciphers" do
-      stub_const(
-        '::OpenSSL::SSL::SSLContext::DEFAULT_PARAMS',
-        {
-          :ssl_version=>"SSLv23",
-          :verify_mode=>1,
-          :ciphers=>"HIGH:!aNULL:!eNULL:!EXPORT:!LOW:!MEDIUM:!SSLv2",
-          :options=>-2147480577,
-        }
-      )
+      expect(RestClient::Request::WeakDefaultCiphers)
+        .to receive(:include?)
+        .with(OpenSSL::SSL::SSLContext.new.ciphers)
+        .and_return(false)
 
       @request = RestClient::Request.new(
         :method => :put,
-- 
2.11.0