search

rest-client / rest-client

Simple HTTP and REST client for Ruby, inspired by microframework syntax for specifying actions.
https://rubydoc.info/github/rest-client/rest-client/master
MIT License
5.24k stars 931 forks source link

Poll: Remove RestClient::SSLCertificateNotVerified #168

Open jcoyne opened 11 years ago

jcoyne commented 11 years ago

@witlessbird raises some good points in this commit: e03e5e6ce959ae4320063247ebcd7cfdccd3b59b

TLDR; 

    #Exceptions in verify_callback are ignored; RestClient has to catch OpenSSL::SSL::SSLError
    # and either re-throw it as is, or throw SSLCertificateNotVerified
    # based on the contents of the message field of the original exception
    #.
    # The client has to handle OpenSSL::SSL::SSLError exceptions anyway,
    # why make them handle both OpenSSL *AND* RestClient exceptions???

Furthermore, JRuby does not support our current method for doing this classification (#165)

L2G commented 11 years ago

At this time, I'm inclined to agree with the sentiment.

ab commented 10 years ago

This sounds good, but judging from a quick GitHub search it does look like there are libraries relying on SSLCertificateNotVerified, so it seems like we might want to wait for a more major release before removing it.

moolitayer commented 7 years ago

We would very much like to see this issue resolved. What about doing a backward compatible change and deprecating SSLCertificateNotVerified for now?

@ab what say you?

moolitayer commented 7 years ago

@ab @jcoyne any current plan on resolving/improving on this issue?

jcoyne commented 7 years ago

@moolitayer I'm not a maintainer, so no. How about you? Have you considered working this issue?

moolitayer commented 7 years ago

Thanks @jcoyne. If @ab gives some direction I can send a PR. I see it was suggested to wait for a major version for this change. Is there any when that can happen?