Project

General

Profile

Feature #12558 ยป net-http-ssl-verification-hostname.patch

jeremyevans0 (Jeremy Evans), 06/26/2019 04:48 AM

View differences:

lib/net/http.rb
686 686
      @ssl_context = nil
687 687
      @ssl_session = nil
688 688
      @sspi_enabled = false
689
      @ssl_verification_hostname = nil
689 690
      SSL_IVNAMES.each do |ivname|
690 691
        instance_variable_set ivname, nil
691 692
      end
......
746 747
    # Net::WriteTimeout is not raised on Windows.
747 748
    attr_reader :write_timeout
748 749

  
750
    # The address to use for SSL certificate verification.  Should only be
751
    # used when you are connecting to a server that uses an SSL certificate
752
    # that is valid for a different hostname than you are using to connect.
753
    attr_accessor :ssl_verification_hostname
754

  
749 755
    # Maximum number of times to retry an idempotent request in case of
750 756
    # Net::ReadTimeout, IOError, EOFError, Errno::ECONNRESET,
751 757
    # Errno::ECONNABORTED, Errno::EPIPE, OpenSSL::SSL::SSLError,
......
988 994
        s = OpenSSL::SSL::SSLSocket.new(s, @ssl_context)
989 995
        s.sync_close = true
990 996
        # Server Name Indication (SNI) RFC 3546
991
        s.hostname = @address if s.respond_to? :hostname=
997
        s.hostname = @ssl_verification_hostname || @address if s.respond_to? :hostname=
992 998
        if @ssl_session and
993 999
           Process.clock_gettime(Process::CLOCK_REALTIME) < @ssl_session.time.to_f + @ssl_session.timeout
994 1000
          s.session = @ssl_session
995 1001
        end
996 1002
        ssl_socket_connect(s, @open_timeout)
997 1003
        if @ssl_context.verify_mode != OpenSSL::SSL::VERIFY_NONE
998
          s.post_connection_check(@address)
1004
          s.post_connection_check(@ssl_verification_hostname || @address)
999 1005
        end
1000 1006
        D "SSL established, protocol: #{s.ssl_version}, cipher: #{s.cipher[0]}"
1001 1007
      end
1002
-