From: drbrain@segment7.net
To: ruby-core@ruby-lang.org
Subject: [ruby-core:66400] [ruby-trunk - Bug #10533] HTTP reconnection with SNI does not send correct hostname
Date: Fri, 21 Nov 2014 23:01:17 +0000 [thread overview]
Message-ID: <redmine.journal-50040.20141121230117.1888899d6a5a2397@ruby-lang.org> (raw)
In-Reply-To: redmine.issue-10533.20141121034156@ruby-lang.org
Issue #10533 has been updated by Eric Hodel.
File net.http.bug10533.patch added
Backport changed from 2.0.0: UNKNOWN, 2.1: UNKNOWN to 2.0.0: REQUIRED, 2.1: REQUIRED
If session resumption is requested with an expired SSL session on an SNI server then the handshake goes wrong and the connection fails as above.
The attached patch only attempts session resumption if the session is still valid.
----------------------------------------
Bug #10533: HTTP reconnection with SNI does not send correct hostname
https://bugs.ruby-lang.org/issues/10533#change-50040
* Author: Eric Hodel
* Status: Open
* Priority: Normal
* Assignee:
* Category: lib
* Target version:
* ruby -v: ruby 2.1.5p273 (2014-11-13 revision 48405) [x86_64-darwin14.0]
* Backport: 2.0.0: REQUIRED, 2.1: REQUIRED
----------------------------------------
When reconnecting after connection timeout on an SNI connection the server name is not sent during reconnect which results in a failed reconnection:
~~~
$ cat test.rb
require 'net/http'
uri = URI 'https://david.shanske.com'
Net::HTTP.start uri.hostname, uri.port, use_ssl: true do |http|
req = Net::HTTP::Get.new uri
response = http.request req
p response.code
sleep 310
req = Net::HTTP::Get.new uri
response = http.request req
p response.code
end
$ ruby -v test.rb
ruby 2.1.5p273 (2014-11-13 revision 48405) [x86_64-darwin14.0]
"200"
/usr/local/lib/ruby/2.1.0/openssl/ssl.rb:178:in `post_connection_check': hostname "david.shanske.com" does not match the server certificate (OpenSSL::SSL::SSLError)
from /usr/local/lib/ruby/2.1.0/net/http.rb:922:in `connect'
from /usr/local/lib/ruby/2.1.0/net/http.rb:1447:in `begin_transport'
from /usr/local/lib/ruby/2.1.0/net/http.rb:1404:in `transport_request'
from /usr/local/lib/ruby/2.1.0/net/http.rb:1378:in `request'
from test.rb:10:in `block in <main>'
from /usr/local/lib/ruby/2.1.0/net/http.rb:853:in `start'
from /usr/local/lib/ruby/2.1.0/net/http.rb:583:in `start'
from test.rb:4:in `<main>'
~~~
---Files--------------------------------
net.http.bug10533.patch (685 Bytes)
--
https://bugs.ruby-lang.org/
next prev parent reply other threads:[~2014-11-21 23:11 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <redmine.issue-10533.20141121034156@ruby-lang.org>
2014-11-21 3:41 ` [ruby-core:66388] [ruby-trunk - Bug #10533] [Open] HTTP reconnection with SNI does not send correct hostname drbrain
2014-11-21 23:01 ` drbrain [this message]
2014-11-21 23:02 ` [ruby-core:66401] [ruby-trunk - Bug #10533] [Assigned] " drbrain
2014-11-22 5:22 ` [ruby-core:66408] [ruby-trunk - Bug #10533] " drbrain
2014-11-25 6:55 ` [ruby-core:66453] " drbrain
2014-11-25 7:09 ` [ruby-core:66454] [ruby-trunk - Bug #10533] [Closed] " drbrain
2014-11-28 7:44 ` [ruby-core:66547] [ruby-trunk - Bug #10533] " usa
2015-02-17 17:09 ` [ruby-core:68155] [Ruby trunk " nagachika00
2015-06-12 9:02 ` [ruby-core:69544] " michiel
2015-06-17 13:40 ` [ruby-core:69631] " michiel
2015-06-18 8:36 ` [ruby-core:69648] " michiel
2015-06-18 8:51 ` [ruby-core:69649] " michiel
2015-06-18 9:27 ` [ruby-core:69650] " michiel
2015-06-24 8:41 ` [ruby-core:69727] " aholstvoogd
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.ruby-lang.org/en/community/mailing-lists/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=redmine.journal-50040.20141121230117.1888899d6a5a2397@ruby-lang.org \
--to=ruby-core@ruby-lang.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).