Bug #17766: Net::HTTP verify_callback is called three times when opening a connection - Ruby master - Ruby Issue Tracking System

Actions

Copy link

Bug #17766

closed

Net::HTTP verify_callback is called three times when opening a connection

Added by jecain (Jim Cain) about 3 years ago. Updated about 3 years ago.

Status:

Rejected

Assignee:

Target version:

ruby -v:

2.7.2

Backport:

2.5: UNKNOWN, 2.6: UNKNOWN, 2.7: UNKNOWN, 3.0: UNKNOWN

[ruby-core:103129]

Description

I've noticed that verify_callback is called three times when opening a connection. Here is an example: (Change "localhost" to whatever host can receive an HTTPS connection.)

ruby -e 'require "net/http"; Net::HTTP.start("localhost", 443, nil, nil, nil, nil, use_ssl: true, verify_callback: ->(v,s){puts "verify_callback"; true}) {}'

The output:

verify_callback
verify_callback
verify_callback

This requires awkwardness in the callback to account for the multiple calls per single connection.

Actions

Copy link

#1 [ruby-core:103133]

Updated by jecain (Jim Cain) about 3 years ago

This is being called once for each cert in the chain, so it's an expected behavior, and this bug can be closed.

ruby -e 'require "net/http"; Net::HTTP.start("www.ebay.com", 443, nil, nil, nil, nil, use_ssl: true, verify_callback: ->(v,s){puts "verify_callback"; puts s.current_cert.subject.to_s; true}) {}'

output:

verify_callback
/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root CA
verify_callback
/C=US/O=DigiCert Inc/CN=DigiCert SHA2 Secure Server CA
verify_callback
/C=US/ST=California/L=San Jose/O=eBay, Inc./OU=Slot9428 v2/CN=www.ebay.com

Actions

Copy link