Feature #19641
open
Allow setting OpenSSL::SSL::SSLContext in Net::HTTP
Description
[Abstract]
Allow setting OpenSSL::SSL::SSLContext in Net::HTTP.
[Background]
The current implementation of Net::HTTP in Ruby allows setting certain properties of SSLContext, but not SSLContext itself. This limits the flexibility when communicating with servers that are not under our control, as we need to keep adding options to Net::HTTP every time someone wants to set properties that are not already supported.
- https://bugs.ruby-lang.org/issues/9450
- https://bugs.ruby-lang.org/issues/9758
- https://bugs.ruby-lang.org/issues/16555
- https://bugs.ruby-lang.org/issues/18418
[Proposal]
This proposal suggests allowing setting SSLContext itself to Net::HTTP, in addition to the current options. This would increase the flexibility and allow users to perform more complex SSL configurations.
[Use cases]
A user wants to set OpenSSL::SSL::Context#security_level which is not currently supported by the existing SSL options in Net::HTTP.
[Discussion]
This feature is necessary because it gives more flexibility to users who need to communicate with servers that require custom SSL configurations. It is better than using existing features because it allows users to set up SSL configurations that are not currently supported by the existing options, and it can potentially simplify the API by allowing users to set SSLContext itself instead of having to provide multiple options for every possible SSL configuration.
A potential drawback is conflict handling may not be obvious to users. For example, what happens if a user both sets Net::HTTP#verify_hostname and OpenSSL::SSL::Context#verify_hostname?
[See also]
Python allows users to pass context to HTTPSConnection and key_file and cert_file options are deprecated in favor of context.
https://docs.python.org/3/library/http.client.html#http.client.HTTPSConnection
No data to display