Project

General

Profile

Feature #13729 » webrick_sni_support_fix.patch

Tietew (Toru Iwase), 07/14/2017 05:43 AM

View differences:

lib/webrick/https.rb
server = lookup_server(req)
server ? server.ssl_context : nil
end
# :stopdoc:
##
# Check whether +server+ is also SSL server.
# Also +server+'s SSL context will be created.
alias orig_virtual_host virtual_host
def virtual_host(server)
if @config[:SSLEnable] && !server.ssl_context
raise ArgumentError, "virtual host must set SSLEnable to true"
end
orig_virtual_host(server)
end
# :startdoc:
end
end
lib/webrick/ssl.rb
# SSL context for the server when run in SSL mode
def ssl_context # :nodoc:
@ssl_context ||= nil
@ssl_context ||= begin
if @config[:SSLEnable]
ssl_context = setup_ssl_context(@config)
@logger.info("\n" + @config[:SSLCertificate].to_text)
ssl_context
end
end
end
undef listen
......
def listen(address, port) # :nodoc:
listeners = Utils::create_listeners(address, port)
if @config[:SSLEnable]
unless ssl_context
@ssl_context = setup_ssl_context(@config)
@logger.info("\n" + @config[:SSLCertificate].to_text)
end
listeners.collect!{|svr|
ssvr = ::OpenSSL::SSL::SSLServer.new(svr, ssl_context)
ssvr.start_immediately = @config[:SSLStartImmediately]
test/webrick/test_https.rb
super
end
def https_get(addr, port, hostname, path)
def https_get(addr, port, hostname, path, verifyname = nil)
subject = nil
http = HTTPSNITest.new(addr, port)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
http.verify_callback = proc { |x, store| subject = store.chain[0].subject.to_s; x }
http.sni_hostname = hostname
req = Net::HTTP::Get.new(path)
req["Host"] = "#{hostname}:#{port}"
http.request(req).body
response = http.start { http.request(req).body }
assert_equal("/CN=#{verifyname || hostname}", subject)
response
end
def test_sni
config = {
:ServerName => "localhost",
:SSLEnable => true,
:SSLCertName => "/CN=locahost",
:SSLCertName => "/CN=localhost",
}
TestWEBrick.start_httpserver(config){|server, addr, port, log|
server.mount_proc("/") {|req, res| res.body = "master" }
vhost_config1 = {
:ServerName => "vhost1",
:Port => port,
:DoNotListen => true,
:Logger => NoLog,
:AccessLog => [],
:SSLEnable => true,
:SSLCertName => "/CN=vhost1",
}
vhost1 = WEBrick::HTTPServer.new(vhost_config1)
vhost1.mount_proc("/") {|req, res| res.body = "vhost1" }
server.virtual_host(vhost1)
# catch stderr in create_self_signed_cert
stderr_buffer = StringIO.new
old_stderr, $stderr = $stderr, stderr_buffer
vhost_config2 = {
:ServerName => "vhost2",
:ServerAlias => ["vhost2alias"],
:Port => port,
:DoNotListen => true,
:Logger => NoLog,
:AccessLog => [],
:SSLEnable => true,
:SSLCertName => "/CN=vhost2",
}
vhost2 = WEBrick::HTTPServer.new(vhost_config2)
vhost2.mount_proc("/") {|req, res| res.body = "vhost2" }
server.virtual_host(vhost2)
begin
vhost_config1 = {
:ServerName => "vhost1",
:Port => port,
:DoNotListen => true,
:Logger => NoLog,
:AccessLog => [],
:SSLEnable => true,
:SSLCertName => "/CN=vhost1",
}
vhost1 = WEBrick::HTTPServer.new(vhost_config1)
vhost1.mount_proc("/") {|req, res| res.body = "vhost1" }
server.virtual_host(vhost1)
vhost_config2 = {
:ServerName => "vhost2",
:ServerAlias => ["vhost2alias"],
:Port => port,
:DoNotListen => true,
:Logger => NoLog,
:AccessLog => [],
:SSLEnable => true,
:SSLCertName => "/CN=vhost2",
}
vhost2 = WEBrick::HTTPServer.new(vhost_config2)
vhost2.mount_proc("/") {|req, res| res.body = "vhost2" }
server.virtual_host(vhost2)
ensure
# restore stderr
$stderr = old_stderr
end
assert_match(/\A([.+*]+\n)+\z/, stderr_buffer.string)
assert_equal("master", https_get(addr, port, "localhost", "/localhost"))
assert_equal("master", https_get(addr, port, "unknown", "/unknown"))
assert_equal("master", https_get(addr, port, "unknown", "/unknown", "localhost"))
assert_equal("vhost1", https_get(addr, port, "vhost1", "/vhost1"))
assert_equal("vhost2", https_get(addr, port, "vhost2", "/vhost2"))
assert_equal("vhost2", https_get(addr, port, "vhost2alias", "/vhost2alias"))
assert_equal("vhost2", https_get(addr, port, "vhost2alias", "/vhost2alias", "vhost2"))
}
end
def test_check_ssl_virtual
config = {
:ServerName => "localhost",
:SSLEnable => true,
:SSLCertName => "/CN=localhost",
}
TestWEBrick.start_httpserver(config){|server, addr, port, log|
assert_raise ArgumentError do
vhost = WEBrick::HTTPServer.new({:DoNotListen => true, :Logger => NoLog})
server.virtual_host(vhost)
end
}
end
end
(2-2/2)