Project

General

Profile

Bug #8590 ยป net.http.reuse_ssl_session.patch

drbrain (Eric Hodel), 07/11/2013 08:51 AM

View differences:

lib/net/http.rb (working copy)
@use_ssl = false
@ssl_context = nil
@ssl_session = nil
@reuse_ssl_session = true
@enable_post_connection_check = true
@sspi_enabled = false
SSL_IVNAMES.each do |ivname|
......
# OpenSSL::SSL::VERIFY_NONE or OpenSSL::SSL::VERIFY_PEER are acceptable.
attr_accessor :verify_mode
# Disables or enables SSL session reuse.
#
# By default SSL sessions are reused.
attr_accessor :reuse_ssl_session
# Returns the X.509 certificates the server presented.
def peer_cert
if not use_ssl? or not @socket
......
@socket.write(buf)
HTTPResponse.read_new(@socket).value
end
s.session = @ssl_session if @ssl_session
s.session = @ssl_session if @reuse_ssl_session and @ssl_session
# Server Name Indication (SNI) RFC 3546
s.hostname = @address if s.respond_to? :hostname=
Timeout.timeout(@open_timeout, Net::OpenTimeout) { s.connect }
if @ssl_context.verify_mode != OpenSSL::SSL::VERIFY_NONE
s.post_connection_check(@address)
end
@ssl_session = s.session
@ssl_session = s.session if @reuse_ssl_session
rescue => exception
D "Conn close because of connect error #{exception}"
@socket.close if @socket and not @socket.closed?
test/net/http/test_https.rb (working copy)
skip $!
end
def test_session_reuse_disabled
http = Net::HTTP.new("localhost", config("port"))
http.use_ssl = true
http.reuse_ssl_session = false
http.verify_callback = Proc.new do |preverify_ok, store_ctx|
store_ctx.current_cert.to_der == config('ssl_certificate').to_der
end
http.start
http.get("/")
http.finish
http.start
http.get("/")
http.finish # three times due to possible bug in OpenSSL 0.9.8
http.start
http.get("/")
socket = http.instance_variable_get(:@socket).io
refute socket.session_reused?
rescue SystemCallError
skip $!
end
if ENV["RUBY_OPENSSL_TEST_ALL"]
def test_verify
http = Net::HTTP.new("ssl.netlab.jp", 443)
    (1-1/1)