Skip to content

Instantly share code, notes, and snippets.

@kch

kch/wtf-sequel.rb Secret

Created September 12, 2012 13:40
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save kch/9f341c7a8662cf6d9c84 to your computer and use it in GitHub Desktop.
Save kch/9f341c7a8662cf6d9c84 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
wtf-sequel.rb
#!/usr/bin/env ruby
# encoding: UTF-8
require 'openssl'
require 'uri'
require 'pg'
a = OpenSSL::X509::Certificate.new "-----BEGIN CERTIFICATE-----
MIIC5zCCAlACAQEwDQYJKoZIhvcNAQEFBQAwgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0
IFZhbGlkYXRpb24gTmV0d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAz
BgNVBAsTLFZhbGlDZXJ0IENsYXNzIDIgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9y
aXR5MSEwHwYDVQQDExhodHRwOi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG
9w0BCQEWEWluZm9AdmFsaWNlcnQuY29tMB4XDTk5MDYyNjAwMTk1NFoXDTE5MDYy
NjAwMTk1NFowgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0IFZhbGlkYXRpb24gTmV0d29y
azEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAzBgNVBAsTLFZhbGlDZXJ0IENs
YXNzIDIgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9yaXR5MSEwHwYDVQQDExhodHRw
Oi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG9w0BCQEWEWluZm9AdmFsaWNl
cnQuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDOOnHK5avIWZJV16vY
dA757tn2VUdZZUcOBVXc65g2PFxTXdMwzzjsvUGJ7SVCCSRrCl6zfN1SLUzm1NZ9
WlmpZdRJEy0kTRxQb7XBhVQ7/nHk01xC+YDgkRoKWzk2Z/M/VXwbP7RfZHM047QS
v4dk+NoS/zcnwbNDu+97bi5p9wIDAQABMA0GCSqGSIb3DQEBBQUAA4GBADt/UG9v
UJSZSWI4OB9L+KXIPqeCgfYrx+jFzug6EILLGACOTb2oWH+heQC1u+mNr0HZDzTu
IYEZoDJJKPTEjlbVUjP9UNV+mWwD5MlM/Mtsq2azSiGM5bUMMj4QssxsodyamEwC
W/POuZ6lcg5Ktz885hZo+L7tdEy8W9ViH0Pd
-----END CERTIFICATE-----"
b = OpenSSL::X509::Certificate.new "-----BEGIN CERTIFICATE-----
MIICPDCCAaUCEDyRMcsf9tAbDpq40ES/Er4wDQYJKoZIhvcNAQEFBQAwXzELMAkG
A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz
cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2
MDEyOTAwMDAwMFoXDTI4MDgwMjIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV
BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt
YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN
ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE
BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is
I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G
CSqGSIb3DQEBBQUAA4GBABByUqkFFBkyCEHwxWsKzH4PIRnN5GfcX6kb5sroc50i
2JhucwNhkcV8sEVAbkSdjbCxlnRhLQ2pRdKkkirWmnWXbj9T/UWZYB2oK0z5XqcJ
2HUw19JlYD1n1khVdWk/kfVIC0dpImmClr7JyDiGSnoscxlIaU5rfGW/D/xwzoiQ
-----END CERTIFICATE-----"
dburl = URI.parse(ENV['DATABASE_URL'])
conn = PGconn.connect host:dburl.host,
port:dburl.port,
dbname:dburl.path.sub(%r[^/], ''),
user:dburl.user,
password:dburl.password,
sslmode:'require'
# works because verify will return true
a.verify(a.public_key)
conn.async_exec 'SELECT 1'
# works fine if run in another thread
Thread.new {a.verify(b.public_key)}.join
conn.async_exec 'SELECT 1'
# borks because verify is false
a.verify(b.public_key)
conn.async_exec 'SELECT 1'
@kch
Copy link
Author

kch commented Sep 13, 2012

Playing in irb:

>> a.verify(a.public_key)                     # => true
>> conn.async_exec 'SELECT 1'                 # => #<PG::Result:0x00000002624998>

>> Thread.new {a.verify(b.public_key)}.join   # => #<Thread:0x00000002615150 dead>
>> conn.async_exec 'SELECT 1'                 # => #<PG::Result:0x000000026101f0>

>> a.verify(b.public_key)                     # => false # <---borks!
>> conn.async_exec 'SELECT 1'
PG::Error: SSL error: block type is not 01

    from (irb):66:in `async_exec'
    from (irb):66
    from bin/irb:16:in `<main>'

@freeformz
Copy link

Does it ever work when verify returns false?

@freeformz
Copy link

Actually nevermind.

@olly
Copy link

olly commented Jan 10, 2014

I'm investigating a similar problem. Does this code still fail? I can't get it to raise an exception with pg v0.17 and OpenSSL "OpenSSL 1.0.1c 10 May 2012"

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment