net.http.reuse_ssl_session.patch - Ruby master - Ruby Issue Tracking System

Bug #8590 » net.http.reuse_ssl_session.patch

drbrain (Eric Hodel), 07/11/2013 08:51 AM

           @use_ssl = false
           @ssl_context = nil
           @ssl_session = nil
           @reuse_ssl_session = true
           @enable_post_connection_check = true
           @sspi_enabled = false
           SSL_IVNAMES.each do |ivname|
-...
         # OpenSSL::SSL::VERIFY_NONE or OpenSSL::SSL::VERIFY_PEER are acceptable.
         attr_accessor :verify_mode
         # Disables or enables SSL session reuse.
+        #
         # By default SSL sessions are reused.
         attr_accessor :reuse_ssl_session
         # Returns the X.509 certificates the server presented.
         def peer_cert
           if not use_ssl? or not @socket
-...
                 @socket.write(buf)
                 HTTPResponse.read_new(@socket).value
               end
               s.session = @ssl_session if @ssl_session
               s.session = @ssl_session if @reuse_ssl_session and @ssl_session
               # Server Name Indication (SNI) RFC 3546
               s.hostname = @address if s.respond_to? :hostname=
               Timeout.timeout(@open_timeout, Net::OpenTimeout) { s.connect }
               if @ssl_context.verify_mode != OpenSSL::SSL::VERIFY_NONE
                 s.post_connection_check(@address)
               end
               @ssl_session = s.session
               @ssl_session = s.session if @reuse_ssl_session
             rescue => exception
               D "Conn close because of connect error #{exception}"
               @socket.close if @socket and not @socket.closed?

         skip $!
       end
       def test_session_reuse_disabled
         http = Net::HTTP.new("localhost", config("port"))
         http.use_ssl = true
         http.reuse_ssl_session = false
         http.verify_callback = Proc.new do |preverify_ok, store_ctx|
           store_ctx.current_cert.to_der == config('ssl_certificate').to_der
         end
         http.start
         http.get("/")
         http.finish
         http.start
         http.get("/")
         http.finish # three times due to possible bug in OpenSSL 0.9.8
         http.start
         http.get("/")
         socket = http.instance_variable_get(:@socket).io
         refute socket.session_reused?
       rescue SystemCallError
         skip $!
       end
       if ENV["RUBY_OPENSSL_TEST_ALL"]
         def test_verify
           http = Net::HTTP.new("ssl.netlab.jp", 443)

(1-1/1)

Project

General

Profile

Ruby » Ruby master

Bug #8590 » net.http.reuse_ssl_session.patch