Index: lib/net/http.rb =================================================================== --- lib/net/http.rb (revision 41908) +++ lib/net/http.rb (working copy) @@ -655,6 +655,7 @@ module Net #:nodoc: @use_ssl = false @ssl_context = nil @ssl_session = nil + @reuse_ssl_session = true @enable_post_connection_check = true @sspi_enabled = false SSL_IVNAMES.each do |ivname| @@ -827,6 +828,11 @@ module Net #:nodoc: # OpenSSL::SSL::VERIFY_NONE or OpenSSL::SSL::VERIFY_PEER are acceptable. attr_accessor :verify_mode + # Disables or enables SSL session reuse. + # + # By default SSL sessions are reused. + attr_accessor :reuse_ssl_session + # Returns the X.509 certificates the server presented. def peer_cert if not use_ssl? or not @socket @@ -912,14 +918,14 @@ module Net #:nodoc: @socket.write(buf) HTTPResponse.read_new(@socket).value end - s.session = @ssl_session if @ssl_session + s.session = @ssl_session if @reuse_ssl_session and @ssl_session # Server Name Indication (SNI) RFC 3546 s.hostname = @address if s.respond_to? :hostname= Timeout.timeout(@open_timeout, Net::OpenTimeout) { s.connect } if @ssl_context.verify_mode != OpenSSL::SSL::VERIFY_NONE s.post_connection_check(@address) end - @ssl_session = s.session + @ssl_session = s.session if @reuse_ssl_session rescue => exception D "Conn close because of connect error #{exception}" @socket.close if @socket and not @socket.closed? Index: test/net/http/test_https.rb =================================================================== --- test/net/http/test_https.rb (revision 41908) +++ test/net/http/test_https.rb (working copy) @@ -84,6 +84,32 @@ class TestNetHTTPS < Test::Unit::TestCas skip $! end + def test_session_reuse_disabled + http = Net::HTTP.new("localhost", config("port")) + http.use_ssl = true + http.reuse_ssl_session = false + http.verify_callback = Proc.new do |preverify_ok, store_ctx| + store_ctx.current_cert.to_der == config('ssl_certificate').to_der + end + + http.start + http.get("/") + http.finish + + http.start + http.get("/") + http.finish # three times due to possible bug in OpenSSL 0.9.8 + + http.start + http.get("/") + + socket = http.instance_variable_get(:@socket).io + + refute socket.session_reused? + rescue SystemCallError + skip $! + end + if ENV["RUBY_OPENSSL_TEST_ALL"] def test_verify http = Net::HTTP.new("ssl.netlab.jp", 443)