Project

General

Profile

Feature #12558 ยป net-http-ssl-verification-hostname.patch

jeremyevans0 (Jeremy Evans), 06/26/2019 04:48 AM

View differences:

lib/net/http.rb
@ssl_context = nil
@ssl_session = nil
@sspi_enabled = false
@ssl_verification_hostname = nil
SSL_IVNAMES.each do |ivname|
instance_variable_set ivname, nil
end
......
# Net::WriteTimeout is not raised on Windows.
attr_reader :write_timeout
# The address to use for SSL certificate verification. Should only be
# used when you are connecting to a server that uses an SSL certificate
# that is valid for a different hostname than you are using to connect.
attr_accessor :ssl_verification_hostname
# Maximum number of times to retry an idempotent request in case of
# Net::ReadTimeout, IOError, EOFError, Errno::ECONNRESET,
# Errno::ECONNABORTED, Errno::EPIPE, OpenSSL::SSL::SSLError,
......
s = OpenSSL::SSL::SSLSocket.new(s, @ssl_context)
s.sync_close = true
# Server Name Indication (SNI) RFC 3546
s.hostname = @address if s.respond_to? :hostname=
s.hostname = @ssl_verification_hostname || @address if s.respond_to? :hostname=
if @ssl_session and
Process.clock_gettime(Process::CLOCK_REALTIME) < @ssl_session.time.to_f + @ssl_session.timeout
s.session = @ssl_session
end
ssl_socket_connect(s, @open_timeout)
if @ssl_context.verify_mode != OpenSSL::SSL::VERIFY_NONE
s.post_connection_check(@address)
s.post_connection_check(@ssl_verification_hostname || @address)
end
D "SSL established, protocol: #{s.ssl_version}, cipher: #{s.cipher[0]}"
end
    (1-1/1)