Project

General

Profile

Feature #15215 ยป ssl_server_name.patch

Patch: Introduce new attribute ssl_server_name in Net::HTTP - aspettl (Aaron Spettl), 10/07/2018 09:15 AM

View differences:

ruby-ssl_server_name/lib/net/http.rb 2018-10-07 10:36:31.815452755 +0200
686 686
      @proxy_pass     = nil
687 687

  
688 688
      @use_ssl = false
689
      @ssl_server_name = address
689 690
      @ssl_context = nil
690 691
      @ssl_session = nil
691 692
      @sspi_enabled = false
......
820 821
      @use_ssl = flag
821 822
    end
822 823

  
824
    # The server_name parameter used for establishing the SSL connection (only
825
    # if SNI is supported by OpenSSL). Defaults to the +address+ used to create
826
    # this HTTP object.
827
    attr_accessor :ssl_server_name
828

  
823 829
    SSL_IVNAMES = [
824 830
      :@ca_file,
825 831
      :@ca_path,
......
991 997
        s = OpenSSL::SSL::SSLSocket.new(s, @ssl_context)
992 998
        s.sync_close = true
993 999
        # Server Name Indication (SNI) RFC 3546
994
        s.hostname = @address if s.respond_to? :hostname=
1000
        s.hostname = @ssl_server_name if s.respond_to? :hostname=
995 1001
        if @ssl_session and
996 1002
           Process.clock_gettime(Process::CLOCK_REALTIME) < @ssl_session.time.to_f + @ssl_session.timeout
997 1003
          s.session = @ssl_session
998 1004
        end
999 1005
        ssl_socket_connect(s, @open_timeout)
1000 1006
        if @ssl_context.verify_mode != OpenSSL::SSL::VERIFY_NONE
1001
          s.post_connection_check(@address)
1007
          s.post_connection_check(@ssl_server_name)
1002 1008
        end
1003 1009
        D "SSL established"
1004 1010
      end
ruby-ssl_server_name/test/net/http/test_https.rb 2018-10-07 10:36:31.815452755 +0200
166 166
    assert_match(re_msg, ex.message)
167 167
  end
168 168

  
169
  def test_server_name_used_for_verify
170
    http = Net::HTTP.new("127.0.0.1", config("port"))
171
    http.use_ssl = true
172
    http.ssl_server_name = "localhost"
173
    http.cert_store = TEST_STORE
174

  
175
    assert_nothing_raised{
176
      http.request_get("/") {|res| }
177
    }
178
  end
179

  
169 180
  def test_timeout_during_SSL_handshake
170 181
    bug4246 = "expected the SSL connection to have timed out but have not. [ruby-core:34203]"
171 182