Bug #8590 ยป net.http.reuse_ssl_session.patch
lib/net/http.rb (working copy) | ||
---|---|---|
@use_ssl = false
|
||
@ssl_context = nil
|
||
@ssl_session = nil
|
||
@reuse_ssl_session = true
|
||
@enable_post_connection_check = true
|
||
@sspi_enabled = false
|
||
SSL_IVNAMES.each do |ivname|
|
||
... | ... | |
# OpenSSL::SSL::VERIFY_NONE or OpenSSL::SSL::VERIFY_PEER are acceptable.
|
||
attr_accessor :verify_mode
|
||
# Disables or enables SSL session reuse.
|
||
#
|
||
# By default SSL sessions are reused.
|
||
attr_accessor :reuse_ssl_session
|
||
# Returns the X.509 certificates the server presented.
|
||
def peer_cert
|
||
if not use_ssl? or not @socket
|
||
... | ... | |
@socket.write(buf)
|
||
HTTPResponse.read_new(@socket).value
|
||
end
|
||
s.session = @ssl_session if @ssl_session
|
||
s.session = @ssl_session if @reuse_ssl_session and @ssl_session
|
||
# Server Name Indication (SNI) RFC 3546
|
||
s.hostname = @address if s.respond_to? :hostname=
|
||
Timeout.timeout(@open_timeout, Net::OpenTimeout) { s.connect }
|
||
if @ssl_context.verify_mode != OpenSSL::SSL::VERIFY_NONE
|
||
s.post_connection_check(@address)
|
||
end
|
||
@ssl_session = s.session
|
||
@ssl_session = s.session if @reuse_ssl_session
|
||
rescue => exception
|
||
D "Conn close because of connect error #{exception}"
|
||
@socket.close if @socket and not @socket.closed?
|
test/net/http/test_https.rb (working copy) | ||
---|---|---|
skip $!
|
||
end
|
||
def test_session_reuse_disabled
|
||
http = Net::HTTP.new("localhost", config("port"))
|
||
http.use_ssl = true
|
||
http.reuse_ssl_session = false
|
||
http.verify_callback = Proc.new do |preverify_ok, store_ctx|
|
||
store_ctx.current_cert.to_der == config('ssl_certificate').to_der
|
||
end
|
||
http.start
|
||
http.get("/")
|
||
http.finish
|
||
http.start
|
||
http.get("/")
|
||
http.finish # three times due to possible bug in OpenSSL 0.9.8
|
||
http.start
|
||
http.get("/")
|
||
socket = http.instance_variable_get(:@socket).io
|
||
refute socket.session_reused?
|
||
rescue SystemCallError
|
||
skip $!
|
||
end
|
||
if ENV["RUBY_OPENSSL_TEST_ALL"]
|
||
def test_verify
|
||
http = Net::HTTP.new("ssl.netlab.jp", 443)
|