net.http.reuse_ssl_session.patch

Eric Hodel, 07/11/2013 08:51 AM

Download (2.62 KB)

View differences:

lib/net/http.rb (working copy)
655 655
      @use_ssl = false
656 656
      @ssl_context = nil
657 657
      @ssl_session = nil
658
      @reuse_ssl_session = true
658 659
      @enable_post_connection_check = true
659 660
      @sspi_enabled = false
660 661
      SSL_IVNAMES.each do |ivname|
......
827 828
    # OpenSSL::SSL::VERIFY_NONE or OpenSSL::SSL::VERIFY_PEER are acceptable.
828 829
    attr_accessor :verify_mode
829 830

  
831
    # Disables or enables SSL session reuse.
832
    #
833
    # By default SSL sessions are reused.
834
    attr_accessor :reuse_ssl_session
835

  
830 836
    # Returns the X.509 certificates the server presented.
831 837
    def peer_cert
832 838
      if not use_ssl? or not @socket
......
912 918
            @socket.write(buf)
913 919
            HTTPResponse.read_new(@socket).value
914 920
          end
915
          s.session = @ssl_session if @ssl_session
921
          s.session = @ssl_session if @reuse_ssl_session and @ssl_session
916 922
          # Server Name Indication (SNI) RFC 3546
917 923
          s.hostname = @address if s.respond_to? :hostname=
918 924
          Timeout.timeout(@open_timeout, Net::OpenTimeout) { s.connect }
919 925
          if @ssl_context.verify_mode != OpenSSL::SSL::VERIFY_NONE
920 926
            s.post_connection_check(@address)
921 927
          end
922
          @ssl_session = s.session
928
          @ssl_session = s.session if @reuse_ssl_session
923 929
        rescue => exception
924 930
          D "Conn close because of connect error #{exception}"
925 931
          @socket.close if @socket and not @socket.closed?
test/net/http/test_https.rb (working copy)
84 84
    skip $!
85 85
  end
86 86

  
87
  def test_session_reuse_disabled
88
    http = Net::HTTP.new("localhost", config("port"))
89
    http.use_ssl = true
90
    http.reuse_ssl_session = false
91
    http.verify_callback = Proc.new do |preverify_ok, store_ctx|
92
      store_ctx.current_cert.to_der == config('ssl_certificate').to_der
93
    end
94

  
95
    http.start
96
    http.get("/")
97
    http.finish
98

  
99
    http.start
100
    http.get("/")
101
    http.finish # three times due to possible bug in OpenSSL 0.9.8
102

  
103
    http.start
104
    http.get("/")
105

  
106
    socket = http.instance_variable_get(:@socket).io
107

  
108
    refute socket.session_reused?
109
  rescue SystemCallError
110
    skip $!
111
  end
112

  
87 113
  if ENV["RUBY_OPENSSL_TEST_ALL"]
88 114
    def test_verify
89 115
      http = Net::HTTP.new("ssl.netlab.jp", 443)