Feature #12558 ยป net-http-ssl-verification-hostname.patch
| lib/net/http.rb | ||
|---|---|---|
|
@ssl_context = nil
|
||
|
@ssl_session = nil
|
||
|
@sspi_enabled = false
|
||
|
@ssl_verification_hostname = nil
|
||
|
SSL_IVNAMES.each do |ivname|
|
||
|
instance_variable_set ivname, nil
|
||
|
end
|
||
| ... | ... | |
|
# Net::WriteTimeout is not raised on Windows.
|
||
|
attr_reader :write_timeout
|
||
|
# The address to use for SSL certificate verification. Should only be
|
||
|
# used when you are connecting to a server that uses an SSL certificate
|
||
|
# that is valid for a different hostname than you are using to connect.
|
||
|
attr_accessor :ssl_verification_hostname
|
||
|
# Maximum number of times to retry an idempotent request in case of
|
||
|
# Net::ReadTimeout, IOError, EOFError, Errno::ECONNRESET,
|
||
|
# Errno::ECONNABORTED, Errno::EPIPE, OpenSSL::SSL::SSLError,
|
||
| ... | ... | |
|
s = OpenSSL::SSL::SSLSocket.new(s, @ssl_context)
|
||
|
s.sync_close = true
|
||
|
# Server Name Indication (SNI) RFC 3546
|
||
|
s.hostname = @address if s.respond_to? :hostname=
|
||
|
s.hostname = @ssl_verification_hostname || @address if s.respond_to? :hostname=
|
||
|
if @ssl_session and
|
||
|
Process.clock_gettime(Process::CLOCK_REALTIME) < @ssl_session.time.to_f + @ssl_session.timeout
|
||
|
s.session = @ssl_session
|
||
|
end
|
||
|
ssl_socket_connect(s, @open_timeout)
|
||
|
if @ssl_context.verify_mode != OpenSSL::SSL::VERIFY_NONE
|
||
|
s.post_connection_check(@address)
|
||
|
s.post_connection_check(@ssl_verification_hostname || @address)
|
||
|
end
|
||
|
D "SSL established, protocol: #{s.ssl_version}, cipher: #{s.cipher[0]}"
|
||
|
end
|
||