Project

General

Profile

Actions

Bug #11724

closed

SNIでsessionが無効だったときにhostnameがサーバに送られない

Added by usa (Usaku NAKAMURA) about 9 years ago. Updated over 8 years ago.

Status:
Closed
Assignee:
-
Target version:
-
[ruby-dev:49376]

Description

これも https://github.com/ruby/ruby/pull/964 を見る限り相当手痛いバグなので要backportと思います。

が、確かにこの修正でnet/httpのSNIできねー問題は直るんでしょうけど、そもそもこれはおかしいのはext/opensslの方だと思いますので、むしろそっちを直すべきだと強く感じます。
あとテストがない。
なので、Closedにはしておきますが、backportする前にどないかしたい(またはしてほしい)ですね。


Related issues 2 (0 open2 closed)

Related to Ruby master - Bug #11401: Net::HTTP SSL session resumption does not send SNIClosedActions
Related to Ruby master - Bug #10398: Server Name Indication support broken when reusing a (dead) sessionClosedActions
Actions #1

Updated by usa (Usaku NAKAMURA) about 9 years ago

  • Is duplicate of Bug #11401: Net::HTTP SSL session resumption does not send SNI added

Updated by nagachika (Tomoyuki Chikanaga) about 9 years ago

r52785 でひとまず r52682 は ruby_2_2 には backport しましたが、openssl の変更がある予定ということで Backport 欄は残しておきます。

Updated by usa (Usaku NAKAMURA) about 9 years ago

  • Subject changed from backport r52682 to SNIでsessionが無効だったときにhostnameがサーバに送られない
  • Status changed from Closed to Open

むしろ ext/openssl においては問題が解決してないわけなのでopenにしておこうかと。

Actions #4

Updated by usa (Usaku NAKAMURA) about 9 years ago

  • Is duplicate of deleted (Bug #11401: Net::HTTP SSL session resumption does not send SNI)
Actions #5

Updated by usa (Usaku NAKAMURA) about 9 years ago

  • Related to Bug #11401: Net::HTTP SSL session resumption does not send SNI added
Actions #6

Updated by Anonymous over 8 years ago

  • Status changed from Open to Closed

Applied in changeset r55191.


openssl: move SSLSocket#initialize to C extension

  • ext/openssl/lib/openssl/ssl.rb (SSLSocket): Move the implementation of
    SSLSocket#initialize to C. Initialize the SSL (OpenSSL object) in it.
    Currently this is delayed until ossl_ssl_setup(), which is called from
    SSLSocket#accept or #connect. Say we call SSLSocket#hostname= with an
    illegal value. We expect an exception to be raised in #hostname= but
    actually we get it in the later SSLSocket#connect. Because the SSL is
    not ready at #hostname=, the actual call of SSL_set_tlsext_host_name()
    is also delayed.
    This also fixes: [ruby-dev:49376] [Bug #11724]

  • ext/openssl/ossl_ssl.c (ossl_ssl_initialize): Added. Almost the same
    as the Ruby version but this instantiate the SSL object at the same
    time.

    (ossl_ssl_setup): Adjust to the changes. Just set the underlying IO to
    the SSL.

    (ssl_started): Added. Make use of SSL_get_fd(). This returns -1 if not
    yet set by SSL_set_fd().

    (ossl_ssl_data_get_struct): Removed. Now GetSSL() checks that the SSL
    exists.

    (ossl_ssl_set_session): Don't call ossl_ssl_setup() here as now the
    SSL is already instantiated in #initialize.

    (ossl_ssl_shutdown, ossl_start_ssl, ossl_ssl_read_internal,
    ossl_ssl_write_internal, ossl_ssl_stop, ossl_ssl_get_cert,
    ossl_ssl_get_peer_cert, ossl_ssl_get_peer_cert_chain,
    ossl_ssl_get_version, ossl_ssl_get_cipher, ossl_ssl_get_state,
    ossl_ssl_pending, ossl_ssl_session_reused,
    ossl_ssl_get_verify_result, ossl_ssl_get_client_ca_list,
    ossl_ssl_npn_protocol, ossl_ssl_alpn_protocol, ossl_ssl_tmp_key): Use
    GetSSL() instead of ossl_ssl_data_get_struct(). Use ssl_started().

    (Init_ossl_ssl): Add method declarations of SSLSocket#{initialize,
    hostname=}.

  • ext/openssl/ossl_ssl.h (GetSSL): Check that the SSL is not NULL. It
    should not be NULL because we now set it in #initialize.

  • ext/openssl/ossl_ssl_session.c (ossl_ssl_session_initialize): No need
    to check if the SSL is NULL.

Actions #7

Updated by rhenium (Kazuki Yamaguchi) over 8 years ago

  • Related to Bug #10398: Server Name Indication support broken when reusing a (dead) session added
Actions

Also available in: Atom PDF

Like0
Like0Like0Like0Like0Like0Like0Like0