Feature #12558 ยป net-http-ssl-verification-hostname.patch
lib/net/http.rb | ||
---|---|---|
@ssl_context = nil
|
||
@ssl_session = nil
|
||
@sspi_enabled = false
|
||
@ssl_verification_hostname = nil
|
||
SSL_IVNAMES.each do |ivname|
|
||
instance_variable_set ivname, nil
|
||
end
|
||
... | ... | |
# Net::WriteTimeout is not raised on Windows.
|
||
attr_reader :write_timeout
|
||
# The address to use for SSL certificate verification. Should only be
|
||
# used when you are connecting to a server that uses an SSL certificate
|
||
# that is valid for a different hostname than you are using to connect.
|
||
attr_accessor :ssl_verification_hostname
|
||
# Maximum number of times to retry an idempotent request in case of
|
||
# Net::ReadTimeout, IOError, EOFError, Errno::ECONNRESET,
|
||
# Errno::ECONNABORTED, Errno::EPIPE, OpenSSL::SSL::SSLError,
|
||
... | ... | |
s = OpenSSL::SSL::SSLSocket.new(s, @ssl_context)
|
||
s.sync_close = true
|
||
# Server Name Indication (SNI) RFC 3546
|
||
s.hostname = @address if s.respond_to? :hostname=
|
||
s.hostname = @ssl_verification_hostname || @address if s.respond_to? :hostname=
|
||
if @ssl_session and
|
||
Process.clock_gettime(Process::CLOCK_REALTIME) < @ssl_session.time.to_f + @ssl_session.timeout
|
||
s.session = @ssl_session
|
||
end
|
||
ssl_socket_connect(s, @open_timeout)
|
||
if @ssl_context.verify_mode != OpenSSL::SSL::VERIFY_NONE
|
||
s.post_connection_check(@address)
|
||
s.post_connection_check(@ssl_verification_hostname || @address)
|
||
end
|
||
D "SSL established, protocol: #{s.ssl_version}, cipher: #{s.cipher[0]}"
|
||
end
|