Project

General

Profile

Feature #13729 » webrick_sni_support.patch

Tietew (Toru Iwase), 07/07/2017 08:43 AM

View differences:

lib/webrick/https.rb
# $IPR: https.rb,v 1.15 2003/07/22 19:20:42 gotoyuzo Exp $
require 'webrick/ssl'
require 'webrick/httpserver'
module WEBrick
module Config
......
# :startdoc:
end
##
#--
# Fake WEBrick::HTTPRequest for lookup_server
class SNIRequest
##
# The SNI hostname
attr_reader :host
##
# The socket address of the server
attr_reader :addr
##
# The port this request is for
attr_reader :port
##
# Creates a new SNIRequest.
def initialize(sslsocket, hostname)
@host = hostname
@addr = sslsocket.addr
@port = @addr[1]
end
end
##
#--
# Adds SSL functionality to WEBrick::HTTPServer
class HTTPServer < ::WEBrick::GenericServer
##
# ServerNameIndication callback
def ssl_servername_callback(sslsocket, hostname = nil)
req = SNIRequest.new(sslsocket, hostname)
server = lookup_server(req)
server ? server.ssl_context : nil
end
end
end
lib/webrick/ssl.rb
# Number of CA certificates to walk when verifying a certificate chain
# :SSLVerifyCallback ::
# Custom certificate verification callback
# :SSLServerNameCallback::
# Custom servername indication callback
# :SSLTimeout ::
# Maximum session lifetime
# :SSLOptions ::
......
ctx.verify_mode = config[:SSLVerifyClient]
ctx.verify_depth = config[:SSLVerifyDepth]
ctx.verify_callback = config[:SSLVerifyCallback]
ctx.servername_cb = config[:SSLServerNameCallback] || proc { |args| ssl_servername_callback(*args) }
ctx.timeout = config[:SSLTimeout]
ctx.options = config[:SSLOptions]
ctx.ciphers = config[:SSLCiphers]
ctx
end
##
# ServerNameIndication callback
def ssl_servername_callback(sslsocket, hostname = nil)
# default
end
end
end
test/webrick/test_https.rb
# frozen_string_literal: false
require "test/unit"
require "net/http"
require "webrick"
require "webrick/https"
require "webrick/utils"
require_relative "utils"
class TestWEBrickHTTPS < Test::Unit::TestCase
empty_log = Object.new
def empty_log.<<(str)
assert_equal('', str)
self
end
NoLog = WEBrick::Log.new(empty_log, WEBrick::BasicLog::WARN)
class HTTPSNITest < ::Net::HTTP
attr_accessor :sni_hostname
def ssl_socket_connect(s, timeout)
s.hostname = sni_hostname
super
end
end
def teardown
WEBrick::Utils::TimeoutHandler.terminate
super
end
def https_get(addr, port, hostname, path)
http = HTTPSNITest.new(addr, port)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
http.sni_hostname = hostname
req = Net::HTTP::Get.new(path)
req["Host"] = "#{hostname}:#{port}"
http.request(req).body
end
def test_sni
config = {
:ServerName => "localhost",
:SSLEnable => true,
:SSLCertName => "/CN=locahost",
}
TestWEBrick.start_httpserver(config){|server, addr, port, log|
server.mount_proc("/") {|req, res| res.body = "master" }
vhost_config1 = {
:ServerName => "vhost1",
:Port => port,
:DoNotListen => true,
:Logger => NoLog,
:AccessLog => [],
:SSLEnable => true,
:SSLCertName => "/CN=vhost1",
}
vhost1 = WEBrick::HTTPServer.new(vhost_config1)
vhost1.mount_proc("/") {|req, res| res.body = "vhost1" }
server.virtual_host(vhost1)
vhost_config2 = {
:ServerName => "vhost2",
:ServerAlias => ["vhost2alias"],
:Port => port,
:DoNotListen => true,
:Logger => NoLog,
:AccessLog => [],
:SSLEnable => true,
:SSLCertName => "/CN=vhost2",
}
vhost2 = WEBrick::HTTPServer.new(vhost_config2)
vhost2.mount_proc("/") {|req, res| res.body = "vhost2" }
server.virtual_host(vhost2)
assert_equal("master", https_get(addr, port, "localhost", "/localhost"))
assert_equal("master", https_get(addr, port, "unknown", "/unknown"))
assert_equal("vhost1", https_get(addr, port, "vhost1", "/vhost1"))
assert_equal("vhost2", https_get(addr, port, "vhost2", "/vhost2"))
assert_equal("vhost2", https_get(addr, port, "vhost2alias", "/vhost2alias"))
}
end
end
(1-1/2)