search

oesmith / puffing-billy

A rewriting web proxy for testing interactions between your browser and external sites. Works with ruby + rspec.
MIT License
656 stars 170 forks source link

specify verify_peer option to EM::HttpRequest #293

Closed aharbick closed 4 years ago

aharbick commented 4 years ago

See: https://github.com/igrigorik/em-http-request/issues/339

I think this is basically the code. I'd open a PR but I couldn't figure out how to get the tests to pass.

diff --git a/lib/billy/handlers/proxy_handler.rb b/lib/billy/handlers/proxy_handler.rb
index baa4af4..49ce41f 100644
--- a/lib/billy/handlers/proxy_handler.rb
+++ b/lib/billy/handlers/proxy_handler.rb
@@ -15,6 +15,7 @@ module Billy
       if handles_request?(method, url, headers, body)
         opts = { inactivity_timeout: Billy.config.proxied_request_inactivity_timeout,
                  connect_timeout:    Billy.config.proxied_request_connect_timeout }
+        opts.merge!(tls: {verify_peer: true}) if url =~ /^https/

         if Billy.config.proxied_request_host && !bypass_internal_proxy?(url)

All of the HTTPS tests fail with this error

123145345359872:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:ssl/statem/statem_clnt.c:1915
ronwsmith commented 4 years ago

I suspect a lot of non-production environments would have invalid/missing certs, so maybe the default should be verify_peer: false and make it configurable for your needs?

aharbick commented 4 years ago

Created PR as #294