diff options
author | Julian C. Dunn <jdunn@aquezada.com> | 2015-07-18 16:22:15 -0400 |
---|---|---|
committer | Julian C. Dunn <jdunn@aquezada.com> | 2015-07-18 16:22:15 -0400 |
commit | ecb66fe3ff773ad6232248ad616b0488e1b13674 (patch) | |
tree | bbe22da33eea877e577fccdcff2025e76f776bff | |
parent | 219c7e1a54d283118ae7f1f12966c61e9bbd06b1 (diff) | |
parent | 9f75e7cdfe87ef9666a7c4b66c5bd155b888a35a (diff) | |
download | chef-ecb66fe3ff773ad6232248ad616b0488e1b13674.tar.gz |
Merge pull request #3666 from juliandunn/support-sni-in-knife
Support SNI in 'knife ssl check'.
-rw-r--r-- | CHANGELOG.md | 1 | ||||
-rw-r--r-- | lib/chef/knife/ssl_check.rb | 5 | ||||
-rw-r--r-- | spec/unit/knife/ssl_check_spec.rb | 4 |
3 files changed, 8 insertions, 2 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index e8ef099486..106137e7f2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,6 +12,7 @@ * [pr#3208](https://github.com/chef/chef/pull/3208) Missing require (require what you use). * [pr#3449](https://github.com/chef/chef/pull/3449) correcting minor typo in user_edit knife action * [pr#3572](https://github.com/chef/chef/pull/3572) Use windows paths without case-sensitivity. +* [pr#3666](https://github.com/chef/chef/pull/3666) Support SNI in `knife ssl check`. ## 12.4.1 diff --git a/lib/chef/knife/ssl_check.rb b/lib/chef/knife/ssl_check.rb index c5fe4fc1aa..d71eacfc7e 100644 --- a/lib/chef/knife/ssl_check.rb +++ b/lib/chef/knife/ssl_check.rb @@ -73,11 +73,12 @@ class Chef exit 1 end - def verify_peer_socket @verify_peer_socket ||= begin tcp_connection = TCPSocket.new(host, port) - OpenSSL::SSL::SSLSocket.new(tcp_connection, verify_peer_ssl_context) + ssl_client = OpenSSL::SSL::SSLSocket.new(tcp_connection, verify_peer_ssl_context) + ssl_client.hostname = host + ssl_client end end diff --git a/spec/unit/knife/ssl_check_spec.rb b/spec/unit/knife/ssl_check_spec.rb index 8eda555108..fd46c47d99 100644 --- a/spec/unit/knife/ssl_check_spec.rb +++ b/spec/unit/knife/ssl_check_spec.rb @@ -163,6 +163,7 @@ E expect(ssl_check).to receive(:verify_X509).and_return(true) # X509 valid certs (no warn) expect(ssl_socket).to receive(:connect) # no error expect(ssl_socket).to receive(:post_connection_check).with("foo.example.com") # no error + expect(ssl_socket).to receive(:hostname=).with("foo.example.com") # no error end it "prints a success message" do @@ -197,6 +198,7 @@ E expect(ssl_socket).to receive(:post_connection_check). with("foo.example.com"). and_raise(OpenSSL::SSL::SSLError) + expect(ssl_socket).to receive(:hostname=).with("foo.example.com") # no error expect(ssl_socket_for_debug).to receive(:connect) expect(ssl_socket_for_debug).to receive(:peer_cert).and_return(self_signed_crt) end @@ -215,6 +217,8 @@ E expect(ssl_check).to receive(:verify_X509).and_return(true) # X509 valid certs expect(ssl_socket).to receive(:connect). and_raise(OpenSSL::SSL::SSLError) + expect(ssl_socket).to receive(:hostname=). + with("foo.example.com") # no error expect(ssl_socket_for_debug).to receive(:connect) expect(ssl_socket_for_debug).to receive(:peer_cert).and_return(self_signed_crt) end |