[rubygems/rubygems] Diagnose the bare net/http connection

https://github.com/rubygems/rubygems/commit/38a0bdc123
author: Edouard CHIN <[email protected]> 2025-04-10 00:11:48 +0200
committer: Hiroshi SHIBATA <[email protected]> 2025-04-22 11:27:23 +0900
commit: 19477ef2875221ff38bdc934897d32d94af0da05 (patch)
tree: 55b6577934ed468d1915f8cc408a937a1a26c725 /spec
parent: 7a10ce8c95a714e6eb37250687828508e133dddc (diff)
1 files changed, 94 insertions, 0 deletions
diff --git a/spec/bundler/commands/ssl_spec.rb b/spec/bundler/commands/ssl_spec.rb
index 1172bc9da7..4fc9db0016 100644
--- a/spec/bundler/commands/ssl_spec.rb
+++ b/spec/bundler/commands/ssl_spec.rb
@@ -67,6 +67,15 @@ RSpec.describe "bundle doctor ssl" do
       expected_err = <<~MSG
         Bundler:       failed     (certificate verification)
         RubyGems:      failed     (certificate verification)
+        Ruby net/http: failed
+
+        Unfortunately, this Ruby can't connect to rubygems.org.
+
+        Below affect only Ruby net/http connections:
+        SSL_CERT_FILE: exists     #{OpenSSL::X509::DEFAULT_CERT_FILE}
+        SSL_CERT_DIR:  exists     #{OpenSSL::X509::DEFAULT_CERT_DIR}
+
+        Your Ruby can't connect to rubygems.org because you are missing the certificate files OpenSSL needs to verify you are connecting to the genuine rubygems.org servers.
 
       MSG
 
@@ -100,11 +109,54 @@ RSpec.describe "bundle doctor ssl" do
       expected_err = <<~MSG
         Bundler:       failed     (SSL/TLS protocol version mismatch)
         RubyGems:      failed     (SSL/TLS protocol version mismatch)
+        Ruby net/http: failed
+
+        Unfortunately, this Ruby can't connect to rubygems.org.
+
+        Your Ruby can't connect to rubygems.org because your version of OpenSSL is too old.
+        You'll need to upgrade your OpenSSL install and/or recompile Ruby to use a newer OpenSSL.
+
+      MSG
+
+      expect { subject.run }.to output(expected_out).to_stdout.and output(expected_err).to_stderr
+    end
+
+    it "fails due to unsupported tls 1.3 version" do
+      net_http = Class.new(Artifice::Net::HTTP) do
+        def connect
+          raise OpenSSL::SSL::SSLError, "read server hello A"
+        end
+      end
+
+      Artifice.replace_net_http(net_http)
+      Gem::Request::ConnectionPools.client = net_http
+      Gem::RemoteFetcher.fetcher.close_all
+
+      expected_out = <<~MSG
+        Here's your OpenSSL environment:
+
+        OpenSSL:       #{OpenSSL::VERSION}
+        Compiled with: #{OpenSSL::OPENSSL_VERSION}
+        Loaded with:   #{OpenSSL::OPENSSL_LIBRARY_VERSION}
+
+        Trying connections to https://rubygems.org:
+      MSG
+
+      expected_err = <<~MSG
+        Bundler:       failed     (SSL/TLS protocol version mismatch)
+        RubyGems:      failed     (SSL/TLS protocol version mismatch)
+        Ruby net/http: failed
+
+        Unfortunately, this Ruby can't connect to rubygems.org.
+
+        Your Ruby can't connect to rubygems.org because TLS1_3 isn't supported yet.
 
       MSG
 
+      subject = Bundler::CLI::Doctor::SSL.new("tls-version": "1.3")
       expect { subject.run }.to output(expected_out).to_stdout.and output(expected_err).to_stderr
     end
+
   end
 
   context "when no diagnostic fails" do
@@ -119,11 +171,53 @@ RSpec.describe "bundle doctor ssl" do
         Trying connections to https://rubygems.org:
         Bundler:       success
         RubyGems:      success
+        Ruby net/http: success
 
       MSG
 
       subject = Bundler::CLI::Doctor::SSL.new({})
       expect { subject.run }.to output(expected_out).to_stdout.and output("").to_stderr
     end
+
+    it "uses the tls_version verify mode and host when given as option" do
+      net_http = Class.new(Artifice::Net::HTTP) do
+        class << self
+          attr_accessor :verify_mode, :min_version, :max_version
+        end
+
+        def connect
+          self.class.verify_mode = verify_mode
+          self.class.min_version = min_version
+          self.class.max_version = max_version
+
+          super
+        end
+      end
+
+      net_http.endpoint = @dummy_endpoint
+      Artifice.replace_net_http(net_http)
+      Gem::Request::ConnectionPools.client = net_http
+      Gem::RemoteFetcher.fetcher.close_all
+
+      expected_out = <<~MSG
+        Here's your OpenSSL environment:
+
+        OpenSSL:       #{OpenSSL::VERSION}
+        Compiled with: #{OpenSSL::OPENSSL_VERSION}
+        Loaded with:   #{OpenSSL::OPENSSL_LIBRARY_VERSION}
+
+        Trying connections to https://example.org:
+        Bundler:       success
+        RubyGems:      success
+        Ruby net/http: success
+
+      MSG
+
+      subject = Bundler::CLI::Doctor::SSL.new("tls-version": "1.3", "verify-mode": :none, host: "example.org")
+      expect { subject.run }.to output(expected_out).to_stdout.and output("").to_stderr
+      expect(net_http.verify_mode).to eq(0)
+      expect(net_http.min_version.to_s).to eq("TLS1_3")
+      expect(net_http.max_version.to_s).to eq("TLS1_3")
+    end
   end
 end
author	Edouard CHIN <[email protected]>	2025-04-10 00:11:48 +0200
committer	Hiroshi SHIBATA <[email protected]>	2025-04-22 11:27:23 +0900
commit	19477ef2875221ff38bdc934897d32d94af0da05 (patch)
tree	55b6577934ed468d1915f8cc408a937a1a26c725 /spec
parent	7a10ce8c95a714e6eb37250687828508e133dddc (diff)