./www/ruby-httpclient, HTTP accessing library for Ruby

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 2.8.3, Package name: ruby23-httpclient-2.8.3, Maintainer: pkgsrc-users

'httpclient' gives something like the functionality of libwww-perl (LWP) in
Ruby. 'httpclient' formerly known as 'http-access2'.

Required to run:

Required to build:

Master sites:

SHA1: 531c6db0b5f371e3d029cbfb2f8d743f7eeb5c1b
RMD160: a3f0cc9948db755857a91da803ad1ffa7182350d
Filesize: 376.5 KB

Version history: (Expand)

CVS history: (Expand)

   2017-03-20 16:51:33 by Takahiro Kambe | Files touched by this commit (3) | Package updated
Log message:
Update ruby-httpclient to 2.8.3.

Changes in 2.8.3			2016/12/8


* Avoid frozen string errors on Ruby 2.3 - fixed by RJ Walsh #336
* SSL timeouts not working on JRuby - fixed by Dave Golombek #341
* Do not reset SSL connection if unnecessary - fixed by Dave Golombek #344
* Ignore text around PEM file in JRuby fixed by Scott Kolb #352


* Add HTTPClient#tcp_keepalive= for enabling TCP keepalive. false by default. #350
   2016-10-18 17:36:34 by Takahiro Kambe | Files touched by this commit (2) | Package updated
Log message:
Update ruby-httpclient to

Changes in 2.8.2

Aug 15, 2016 - version 2.8.2

  * Bug

    o 2.8.1 introduced JRuby + SSL connection problem; in some cases it cannot
      connect to trusted TLS server. 2.8.1 failed to load multiple CA
      certificates in a file. #327.

Aug 16, 2016 - version

  * Bug

    o 2.8.1 introduced another bug that causes NPE from JRuby when JRuby
      program loads httpclient and uses OpenSSL::X509::Store outside of
      httpclient. 2.8.3 fixed this problem. #325

Aug 28, 2016 - version

  * Bug

    o 2.8.2 fixed VERIFY_NONE at JRuby but the fix was not enough.

Sep 11, 2016 - version

  * Bug

    o 2.8.2 caused unexpected resulting value change of
      OpenSSL::X509::Store#add_cert method. Fixed.

Changes in 2.8.1

Aug 8, 2016 - version 2.8.1

* Changes

    o Use TLSv1.2 always on JRuby #320
    o Do not reset keep-alive connection by configuration change #315
    o Add strict_response_size_check option #316 false by default, meaning it
      behavies like browsers by default.
    o Add MIME type for XML #308

* Bug

    o Direct access to SSLConfig#cert_store in JRuby was broken from 2.7
      #276 #317
    o OpenSSL::SSL::VERIFY_NONE does not work in JRuby #319
    o Allow receiving response body in block when follow_redirects => true. #304
    o Fix blocking issue with request_async when Encoding.default_internal is
      set. #307
    o Apply timeouts for chunked transfer encoding #309

Changes in 2.8.0

Apr 24, 2016 - version 2.8.0

* Changes

    o Force using RSA 2048bit CA cert set

      Use RSA 2048bit CA cert set every time if it runs with OpenSSL (==
      except JRuby.)

      Old openssl (<1.0.1p or <1.0.2d) cannot handle this CA set and causes
      SSL connection failure against some SSL servers including AWS S3
      API. For such case you can manually specify RSA 1024bit CA cert set as a

	c = HTTPClient.new { |c| c.ssl_config.add_trust_ca("cacert1024.pem") }

      RSA 1024bit CA cert set is not maintained over years so you should
      consider updating OpenSSL version so that HTTPClient uses RSA 2048 bit
      CA cert set.

Changes in 2.7.2

Apr 22, 2016 - version 2.7.2

* Changes

    o Use RSA 1024bit CA cert when linked to old openssl

      Based on comments to #297 this commit silently (without warning) accepts
      RSA 1024bit certificate set when runtime ruby is liked with old OpenSSL
      (<1.0.1p or <1.0.2d.)

      If you're unsure that your OpenSSL is patched or not, and want to make
      sure to use RSA 2048bit certificate set, please call

	c = HTTPClient.new { |c| c.ssl_config.add_trust_ca("cacert.pem") }

      I'm going to remove RSA 1024bit certificate set and bump httpclient
      version to 2.8.0 soon after I release this as 2.7.2. I believe almost
      all OpenSSL installation is patched quickly these days so it should not
      cause SSL connectivity problem.
   2016-01-03 09:12:11 by Takahiro Kambe | Files touched by this commit (3) | Package updated
Log message:
Update ruby-httpclient to 2.7.1.

pkgsrc changes:
* Add completely support for pkg_alternatives (adding ALTERNATIVES).
* Remove ruby18 specific description in Makefile.

Changes in 2.7.1

Jan 1, 2016 - version 2.7.1

* Changes

  - Symbol aware header key comparison
    Normalizes symbol to String for header key.

  - Show warning message only once
    Added HTTPClient::Util.warning that cached warning message and supress
    the message if it's already dumped.
  - Use Timeout.timeout instead of Kernel.timeout that is deprecated from
    ruby 2.3.0.

* Bug fixes

  - [JRuby] Set ssl_version properly
   2015-12-13 16:37:44 by Takahiro Kambe | Files touched by this commit (3) | Package updated
Log message:
Update ruby-httpclient to

Changes summary is not available, please refer:
   2015-11-04 03:47:43 by Alistair G. Crooks | Files touched by this commit (758)
Log message:
Add SHA512 digests for distfiles for www category

Problems found locating distfiles:
	Package haskell-cgi: missing distfile haskell-cgi-20001206.tar.gz
	Package nginx: missing distfile array-var-nginx-module-0.04.tar.gz
	Package nginx: missing distfile encrypted-session-nginx-module-0.04.tar.gz
	Package nginx: missing distfile headers-more-nginx-module-0.261.tar.gz
	Package nginx: missing distfile nginx_http_push_module-0.692.tar.gz
	Package nginx: missing distfile set-misc-nginx-module-0.29.tar.gz
	Package nginx-devel: missing distfile echo-nginx-module-0.58.tar.gz
	Package nginx-devel: missing distfile form-input-nginx-module-0.11.tar.gz
	Package nginx-devel: missing distfile lua-nginx-module-0.9.16.tar.gz
	Package nginx-devel: missing distfile nginx_http_push_module-0.692.tar.gz
	Package nginx-devel: missing distfile set-misc-nginx-module-0.29.tar.gz
	Package php-owncloud: missing distfile owncloud-8.2.0.tar.bz2

Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden).  All existing
SHA1 digests retained for now as an audit trail.
   2015-03-15 21:13:25 by Hiramatsu Yoshifumi | Files touched by this commit (18)
Log message:
Set MAINTAINER to pkgsrc-users.
   2015-01-20 12:47:17 by OBATA Akio | Files touched by this commit (3) | Package updated
Log message:
Update ruby-httpclient to
(with post 2.6.0 fix: bin/httpclient one-liner broken)

## Changes

### Changes in 2.6.0

This release includes internal CookieManager implementation change. It
involves compatibility layer but for the case your library depends on internal
implementation it also provides a way to restore the implementation. See below
for more details.

 * Changes

   * feat: use http-cookie if available for better Cookies spec compliance.

     Instead of WebAgent 0.6.2 that is not maintained over 10 years. To omit
     maintaining that library use http-cookie for better spec compliance and
     healthy development.

     This introduces following incompatibility from existing cookies

     * Expired cookies are not saved. With the old implementation expired
       cookies are saved in file and not be sent to the server. With the new
       implementation the expired cookies are not saved to the file and not
       be sent to the server.
     * Cookie#domain returns dot-less domain for domain cookies. Instead,
       Cookie#dot_domain returns with dot.

     http-cookie is used by default if available but you can restore original
     CookieManager behavior by loading 'httpclient/webagent-cookie' feature
     before 'httpclient' like this;

     require 'httpclient/webagent-cookie'
     require 'httpclient'

     The new implementation dumps warnings to help you migrate to http-cookie.
     Please follow the suggestion to avoid future compatibility.

      WebAgent::Cookie is deprecated and will be replaced with HTTP::Cookie in \ 
the near future. Please use Cookie#origin= instead of Cookie#url= for the \ 
      Cookie#domain returns dot-less domain name now. Use Cookie#dot_domain if \ 
you need "." at the beginning.
      CookieManager#find is deprecated and will be removed in near future. Use \ 
HTTP::Cookie.cookie_value(CookieManager#cookies) instead

   * feat: Message#previous to get responses in negotiation

     HTTP::Message#previous keeps previous response in negotiation.  For
     redirection, authorization negotiation and retry from custom filter.
     Closes #234.

   * feat: Add JSONClient

     JSONClient auto-converts Hash <-> JSON in request and response.
     * For POST or PUT request, convert Hash body to JSON String with
       'application/json; charset=utf-8' header.
     * For response, convert JSON String to Hash when content-type is

     This commit include bin/jsonclient that works as same as bin/httpclient
     not with HTTPClient but with JSONClient.

   * feat: Add download command

     % httpclient download http://host/path > file

 * Bug fixes

   * fix: duplicated query params by follow_redirect

     When the original request has query and the server returns redirection
     response with Location, HTTPClient wrongly adds query to the new URI. In
     such case the Location header could include query part;

      -> Location: http://otherhost/api/call?limit=10

     HTTPClient should just hit the new location '/api/call?limit=10' not
     '/api/call?limit=10&limit=10'. Closes #236.

   * fix: NTLM & Basic dual auth

     When a server returns two or more WWW-Authenticate headers and the first
     one is NTLM, say WWW-Authenticate: NTLM and WWW-Authenticate: Basic in
     this order, HTTPClient sent Basic Authorization header after finishing
     NTLM auth negotiation.

     NTLM auth is a connection authentication scheme so HTTPClient deleted
     the internal auth negotiation state so that NTLM authenticator does not
     do anything after the negotiation has completed. In such case, for the
     subsequent requests, NTLM authenticator does nothing but Basic
     authenticator sends Basic Authorization header to the server that is
     already negotiated via NTLM authenticator. This can cause authentication

     This commit changes the internal state handling not to delete the state
     but introduce :done state. NTLM authenticator returns :skip for the
     request to the server that auth negotiation has completed. WWWAuth skips
     other authenticator to avoid above issue.  Closes #157.

   * fix: transplant IO positions to new request in negotiation

     In authorization negotiation HTTP::Message for request is generated for
     each request, of course, but HTTPClient did not care the IO position
     recorded in the previous requests in the subsequent requests.  Closes #130.

   * fix: avoid inconsistent Content-Length and actual body

     If lengths of all posted arguments are known HTTPClient sends
     'Content-Length' as a sum length of all arguments. But the length of
     actual body was wrong because it read as much as possible regardless of
     what IO#size returned. So if the file is getting bigger while HTTPClient
     is processing a request the request has inconsistent Content-Length and

     This bug is found, and the fix is proposed both by @Teshootub7. Thank
     you very much for patient trouble shooting!  Fixes #117.

   * fix: KeepAliveDisconnected race condition

     As details explained in #84, current HTTPClient's KeepAliveDisconnected
     handling has a race condition bug that allows a client to have
     invalidated connection two or more times. This could be a cause of #185.

     To avoid this, make HTTPClient acquire new connection for retry of
     KeepAliveDisconnected.  Closes #84. Closes #185.

### Changes in 2.5.3

This release includes behavior changes of POST and PUT requests that has
nil as a body. See changes below. Emtpty String as a body is not affected.

 * Changes

   * Update cacert. "Certificate data from Mozilla as of: Tue Oct 28 \ 
22:03:58 2014"
     -> Reverted in because it caused unexpected SSLError. See

   * Allow no content POST and PUT.
     Previously POST or PUT with :body => nil meant that 'POST or PUT with 0
     length entity body'. But sometimes you need to POST or PUT actually no
     content which should not have Content-Type nor Content-Length.
     It could be incompatible change for user who POST/PUT-ed with empty body
     but it should be rare, actually WEBrick cannot handle such 'no content'
     POST and PUT. #128.

   * Add default_header property.
     :default_header is for providing default headers Hash that all HTTP
     requests should have, such as custom 'Authorization' header in API.  You
     can override :default_header with :header Hash parameter in HTTP request

   * raise if redirect res does not have Location header. #155.

 * Bug fixes

   * Avoid NPE by a cookie without domain=.
     The root cause is still uncertain though. Closes #123

   * Suppress verify_callback warning.
     Because OpenSSL can try multiple certificate chains and some of it can
     fail, and one of them succeeds. For that case warning is irrelevant.
     Let it warn only in $DEBUG mode. #221.

### Changes in 2.5.2

Oct 29, 2014 - version 2.5.2

  * Changes
    * Add :force_basic_auth config - #166, #179, #181.
	  Generally HTTP client must send Authorization header after it gets 401
	  error from server from security reason. But in some situation (e.g.
	  API client) you might want to send Authorization from the beginning.
	  You can turn on/off force_basic_auth flag for sending Authorization
	  header from the beginning. (Of cource, if a request URI matches with
	  the URI you set in set_auth method)

      HTTPClient.new(:force_basic_auth => true)
      # or
      c = HTTPClient.new
      c.force_basic_auth = true

    * Add :base_url to HTTPClient configuration.
    Passing path to get, post, etc. is recognized as a request to
    :base_url + uri.  If you pass full URL :base_url is ignored.

      api = HTTPClient.new(:base_url => 'https://api.example.com/v1')
      api.get("/users.json") # => Get \ 
      api.get("https://localhost/path") # => https://localhost/path

### Changes in 2.5.1

Oct 19, 2014 - version 2.5.1

  * Changes
	* Allow to specify :query in POST, PUT, DELETE and OPTIONS requests.
      Closes #83.
    * Allow to specify :body in OPTIONS request. Closes #136.

### Changes in 2.5.0

Oct 17, 2014 - version 2.5.0


This version changes (again) default SSL options to help
BEAST/CRIME/POODLE Attack prevension.

 * Disabled SSLv3 in favor of POODLE Attack prevention.
 * Enabled 1/n-1 fragment in favor of BEAST Attack prevention.
 * No TLS compression in favor of CRIME Attack prevention.

You can restore the previous SSL configuration like this;

client = HTTPClient.new
client.ssl_config.ssl_version = :SSLv23
client.ssl_config.options = OpenSSL::SSL::OP_ALL | OpenSSL::SSL::OP_NO_SSLv2

  * Changes
	* Change default SSL options. See above.
    * Keep cause error of KeepAliveDisconnected. It allows caller to
	  investigate the cause of KeepAliveDisconnected.

### Changes in 2.4.0

Jun 8, 2014 - version 2.4.0


This version changes default SSL version to :auto (same as nil) to use SSL/TLS
version negotiation.  Former versions use SSLv3 as default that does not connect
via TLS.  This change makes underlying OpenSSL library decide which SSL/TLS
version to use but SSLv2 is disabled.

This change makes your secure connection safer but if you see SSL connection
failure with this version try specifying SSL version to use SSLv3 like;
client = HTTPClient.new
client.ssl_config.ssl_version = :SSLv3

  * Bug fixes
    * Avoid unnecessary connection retries for OAuth error.
	* Make authentication drivers Thread-safe.  Note that HTTPClient instance is
	  Thread-safe for authentication state update but it shares authentication
	  state across threads by design.  If you don't want to share authentication
	  state, such as for using different authentication username/password pair
	  per thread, create HTTPClient instance for each Thread.
    * Avoid chunked String recycle in callback block.
    * Do not send empty 'oauth_token' in signed request for compatibility.
    * Ignore negative Content-Length header from server.
    * Fix incorrect use of absolute URL for HTTPS proxy requests.
    * Handle UTF characters in chunked bodies.
    * A new cookie never be accepted if an HTTPClient has the same expired cookie.
	* Allow spaces in NO_PROXY environment like; "hosta, hostb"
	* Avoid HttpClient::Message::Body#dump causes Encoding::CompatibilityError.

  * Changes
	* Change default SSL version to :auto to use version negotiation.
    * Allow to pass client private key passphrase in SSLConfig.
    * Convert README to markdown syntax
    * Update default CA certificates: change the source from JDK's to Firefox's.
      The file is downloaded from
	  https://raw.githubusercontent.com/bagde … bundle.crt
	  (Certificate data from Mozilla as of: Tue Apr 22 08:29:31 2014)
	* Callback block can be defined as to get 2 arguments to retrieve the
	  response object.
    * Remove [] from given address for IPv6 compat.
    * Update API endpoints to those of Twitter REST API v1.1.
   2015-01-07 01:50:40 by OBATA Akio | Files touched by this commit (1)
Log message:
Use valid ruby version suffix variable.