Ruby

I dont't use Ruby directly but indirectly via Fluentd-1.16.1 (https://www.fluentd.org/). Fluentd uses Ruby 3.1.4.

The problem is, that a TLS connection from a Fluentd Client to a Fluentd Server fails, if the connection is established using the IP address of the server and tls_verify_hostname is switched to on. In the servers certificate, in the SubjectAlternativeNames extention, there is the servers IP address set with the correct value. I get the error message " address family must be specified ".

Probable cause :

ext/openssl/lib/openssl/ ssl.rb line 288:
Here the Methode IPAddr.new(hostname) is called with just one argument:
return true if san.value == IPAddr.new( hostname ).hton

lib/ ipaddr.rb line 594:
Here the exception is raised with the observed error message:
when Socket::AF_UNSPEC
raise AddressFamilyError, " address family must be specified "

The exception is raised, because the variable "family" has the value " Socket::AF_UNSPEC " because thats the default value of "family" if there is no additional parameter in the call to "initialize()".

The documumentation of "initialize()" says in line 575/576/577: "Although the address family is determined automatically from a specified string, you can specify one explicitly by the optional second argument."
But that automatic address determination is done too late. If no second parameter is given, it is not done at all because that exception is raised (assumption: the addr i always a string).

Probable solution :
If the address family is set to Socket::AF_UNSPEC with the call of "initialize()", dont't raise an exception now but do the in the comment announced automatic adress family detection here.