Don't print a warning for missing client certs

iconara · iconara · commit 6a4ee35fc260 · 2016-10-26T10:15:08.000+02:00
When you run Ruby with warnings enabled and your (HTTPS) server does not verify clients you don't expect to see a warning about clients not being verified. For example, WEBrick's default configuration does not verify client certificates (https://github.com/jruby/jruby/blob/b610805cd55ef5d56d8e431918753fc92fad5ef5/lib/ruby/stdlib/webrick/ssl.rb#L74), but when running an HTTP server in JRuby it prints "warning: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated" for every request. This does not happen in MRI.
diff --git a/src/main/java/org/jruby/ext/openssl/SSLSocket.java b/src/main/java/org/jruby/ext/openssl/SSLSocket.java
@@ -958,7 +958,7 @@ public IRubyObject peer_cert() {
             throw X509Cert.newCertificateError(runtime, e);
         }
         catch (SSLPeerUnverifiedException e) {
-            if (runtime.isVerbose() || OpenSSL.isDebug(runtime)) {
+            if (OpenSSL.isDebug(runtime)) {
                 runtime.getWarnings().warning(String.format("%s: %s", e.getClass().getName(), e.getMessage()));
             }
         }

Original file line number	Diff line number	Diff line change
`@@ -958,7 +958,7 @@ public IRubyObject peer_cert() {`
`958`	`958`	`throw X509Cert.newCertificateError(runtime, e);`
`959`	`959`	`}`
`960`	`960`	`catch (SSLPeerUnverifiedException e) {`
`961`		`- if (runtime.isVerbose() \|\| OpenSSL.isDebug(runtime)) {`
	`961`	`+ if (OpenSSL.isDebug(runtime)) {`
`962`	`962`	`runtime.getWarnings().warning(String.format("%s: %s", e.getClass().getName(), e.getMessage()));`
`963`	`963`	`}`
`964`	`964`	`}`