diff --git a/lib/mqtt/client.rb b/lib/mqtt/client.rb index 9b36936..e46d14c 100644 --- a/lib/mqtt/client.rb +++ b/lib/mqtt/client.rb @@ -24,6 +24,9 @@ class Client # @see OpenSSL::SSL::SSLContext::METHODS attr_accessor :ssl + # Set to false to skip tls hostname verification + attr_accessor :verify_host + # Time (in seconds) between pings to remote server (default is 15 seconds) attr_accessor :keep_alive @@ -75,7 +78,8 @@ class Client :will_payload => nil, :will_qos => 0, :will_retain => false, - :ssl => false + :ssl => false, + :verify_host => true } # Create and connect a new MQTT Client @@ -248,6 +252,8 @@ def connect(clientid = nil) @socket.hostname = @host if @socket.respond_to?(:hostname=) @socket.connect + + @socket.post_connection_check(@host) if @verify_host else @socket = tcp_socket end diff --git a/mqtt.gemspec b/mqtt.gemspec index a0b3e49..61f7cac 100755 --- a/mqtt.gemspec +++ b/mqtt.gemspec @@ -29,8 +29,8 @@ Gem::Specification.new do |gem| gem.add_development_dependency 'rubocop', '~> 1.45' elsif Gem.ruby_version > Gem::Version.new('2.0') gem.add_development_dependency 'bundler', '>= 1.11.2' - gem.add_development_dependency 'rake', '>= 10.2.2' - gem.add_development_dependency 'yard', '>= 0.9.11' + gem.add_development_dependency 'rake', '>= 12.3.3' + gem.add_development_dependency 'yard', '>= 0.9.20' gem.add_development_dependency 'rspec', '>= 3.5.0' gem.add_development_dependency 'simplecov','>= 0.9.2' gem.add_development_dependency 'rubocop', '~> 0.48.0' diff --git a/spec/mqtt_client_spec.rb b/spec/mqtt_client_spec.rb index 8e61df5..c09af57 100644 --- a/spec/mqtt_client_spec.rb +++ b/spec/mqtt_client_spec.rb @@ -442,6 +442,7 @@ def now it "should use ssl if it enabled using the :ssl => true parameter" do expect(OpenSSL::SSL::SSLSocket).to receive(:new).and_return(ssl_socket) expect(ssl_socket).to receive(:connect) + expect(ssl_socket).to receive(:post_connection_check).with('mqtt.example.com') client = MQTT::Client.new('mqtt.example.com', :ssl => true) allow(client).to receive(:receive_connack) @@ -451,6 +452,7 @@ def now it "should use ssl if it enabled using the mqtts:// scheme" do expect(OpenSSL::SSL::SSLSocket).to receive(:new).and_return(ssl_socket) expect(ssl_socket).to receive(:connect) + expect(ssl_socket).to receive(:post_connection_check).with('mqtt.example.com') client = MQTT::Client.new('mqtts://mqtt.example.com') allow(client).to receive(:receive_connack) @@ -460,6 +462,7 @@ def now it "should use set the SSL version, if the :ssl parameter is a symbol" do expect(OpenSSL::SSL::SSLSocket).to receive(:new).and_return(ssl_socket) expect(ssl_socket).to receive(:connect) + expect(ssl_socket).to receive(:post_connection_check).with('mqtt.example.com') client = MQTT::Client.new('mqtt.example.com', :ssl => :TLSv1) expect(client.ssl_context).to receive('ssl_version=').with(:TLSv1) @@ -470,11 +473,21 @@ def now it "should use set hostname on the SSL socket for SNI" do expect(OpenSSL::SSL::SSLSocket).to receive(:new).and_return(ssl_socket) expect(ssl_socket).to receive(:hostname=).with('mqtt.example.com') + expect(ssl_socket).to receive(:post_connection_check).with('mqtt.example.com') client = MQTT::Client.new('mqtts://mqtt.example.com') allow(client).to receive(:receive_connack) client.connect end + + it "should skip host verification" do + expect(OpenSSL::SSL::SSLSocket).to receive(:new).and_return(ssl_socket) + expect(ssl_socket).to receive(:connect) + + client = MQTT::Client.new('mqtt.example.com', :ssl => true, :verify_host => false) + allow(client).to receive(:receive_connack) + client.connect + end end context "with a last will and testament set" do