From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Original-To: poffice@blade.nagaokaut.ac.jp Delivered-To: poffice@blade.nagaokaut.ac.jp Received: from kankan.nagaokaut.ac.jp (kankan.nagaokaut.ac.jp [133.44.2.24]) by blade.nagaokaut.ac.jp (Postfix) with ESMTP id 87ED51960006 for ; Wed, 17 Jun 2015 22:18:22 +0900 (JST) Received: from funfun.nagaokaut.ac.jp (smtp.nagaokaut.ac.jp [133.44.2.201]) by kankan.nagaokaut.ac.jp (Postfix) with ESMTP id 8F979B5D921 for ; Wed, 17 Jun 2015 22:40:54 +0900 (JST) Received: from funfun.nagaokaut.ac.jp (localhost.nagaokaut.ac.jp [127.0.0.1]) by funfun.nagaokaut.ac.jp (Postfix) with ESMTP id 417EA97A820 for ; Wed, 17 Jun 2015 22:40:57 +0900 (JST) X-Virus-Scanned: amavisd-new at nagaokaut.ac.jp Authentication-Results: funfun.nagaokaut.ac.jp (amavisd-new); dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=sendgrid.me Received: from funfun.nagaokaut.ac.jp ([127.0.0.1]) by funfun.nagaokaut.ac.jp (funfun.nagaokaut.ac.jp [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FE-Ghw-tYcgS for ; Wed, 17 Jun 2015 22:40:56 +0900 (JST) Received: from voscc.nagaokaut.ac.jp (voscc.nagaokaut.ac.jp [133.44.1.100]) by funfun.nagaokaut.ac.jp (Postfix) with ESMTP id B991297A82C for ; Wed, 17 Jun 2015 22:40:56 +0900 (JST) Received: from neon.ruby-lang.org (neon.ruby-lang.org [221.186.184.75]) by voscc.nagaokaut.ac.jp (Postfix) with ESMTP id CE4FB95243E for ; Wed, 17 Jun 2015 22:40:52 +0900 (JST) Received: from [221.186.184.76] (localhost [IPv6:::1]) by neon.ruby-lang.org (Postfix) with ESMTP id 72BB5120473; Wed, 17 Jun 2015 22:40:51 +0900 (JST) X-Original-To: ruby-core@ruby-lang.org Delivered-To: ruby-core@ruby-lang.org Received: from o2.heroku.sendgrid.net (o2.heroku.sendgrid.net [67.228.50.55]) by neon.ruby-lang.org (Postfix) with ESMTPS id 30C1212041F for ; Wed, 17 Jun 2015 22:40:47 +0900 (JST) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sendgrid.me; h=from:to:references:subject:mime-version:content-type:content-transfer-encoding:list-id; s=smtpapi; bh=yswhhX5aaboJH32WD7cTtYO8IPs=; b=PUKtiOvyJzGiGX5cmk TDFBdZ6XEDi6oUXFZtOkILmdG2TNT5xDZYp0jkaGmeHmfIXB7mhYJqqgTaQdAIaX CL+jy8NjidCqCMy4OAAYDTZgFLtR5VG62J38Vi4XDbRGZmeXI4FATAHQxSE1sDlS DLcBD4FvS/OXs+k6lcHogDn5g= Received: by filter0473p1mdw1.sendgrid.net with SMTP id filter0473p1mdw1.27621.558178D62C 2015-06-17 13:40:38.584086456 +0000 UTC Received: from herokuapp.com (ec2-23-20-80-161.compute-1.amazonaws.com [23.20.80.161]) by ismtpd-035 (SG) with ESMTP id 14e01c005b6.116e.329939 Wed, 17 Jun 2015 13:40:38 +0000 (UTC) Date: Wed, 17 Jun 2015 13:40:38 +0000 From: michiel@karnebeek.com To: ruby-core@ruby-lang.org Message-ID: References: Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Redmine-MailingListIntegration-Message-Ids: 44167 X-Redmine-Project: ruby-trunk X-Redmine-Issue-Id: 10533 X-Redmine-Issue-Author: drbrain X-Redmine-Issue-Assignee: drbrain X-Redmine-Sender: mkarnebeek X-Mailer: Redmine X-Redmine-Host: bugs.ruby-lang.org X-Redmine-Site: Ruby Issue Tracking System X-Auto-Response-Suppress: All Auto-Submitted: auto-generated X-SG-EID: ync6xU2WACa70kv/Ymy4QrNMhiuLXJG8OTL2vJD1yS7q6Ped0v+nskZtf5TLPYvFl9IXkYJrYLy3nD II5H2M8i/3mJnuYDLy37s14jA8ckZDej/aJhSAEeB/Tyn6d6X+yae8dMEhXvgTgvYyZmrWydKosrYb Or4ic7gVALVKjlTsthCTc5bdTVi141cMauij X-SendGrid-Contentd-ID: {"test_id":"1434548440"} X-ML-Name: ruby-core X-Mail-Count: 69631 Subject: [ruby-core:69631] [Ruby trunk - Bug #10533] HTTP reconnection with SNI does not send correct hostname X-BeenThere: ruby-core@ruby-lang.org X-Mailman-Version: 2.1.15 Precedence: list Reply-To: Ruby developers List-Id: Ruby developers List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: ruby-core-bounces@ruby-lang.org Sender: "ruby-core" Issue #10533 has been updated by Michiel Karnebeek. Following up on my comment a few days ago: I ran a test in python using https://github.com/nabla-c0d3/sslyze (with OpenSSL 1.0.2a, same version as in Ruby) and introduced a sleep longer than the ssl session TTL at https://github.com/nabla-c0d3/sslyze/blob/master/plugins/PluginSessionResumption.py#L248 to see if this did supply the SNI According to Wireshark, this correctly put both the SNI and session ticket in the Client Hello packet. I think this is evidence that the OpenSSL used is capable of doing this, and that either Net::Http or the c-bindings for ruby to OpenSSL are doing something wrong. ---------------------------------------- Bug #10533: HTTP reconnection with SNI does not send correct hostname https://bugs.ruby-lang.org/issues/10533#change-52982 * Author: Eric Hodel * Status: Closed * Priority: Normal * Assignee: Eric Hodel * ruby -v: ruby 2.1.5p273 (2014-11-13 revision 48405) [x86_64-darwin14.0] * Backport: 2.0.0: DONE, 2.1: DONE ---------------------------------------- When reconnecting after connection timeout on an SNI connection the server name is not sent during reconnect which results in a failed reconnection: ~~~ $ cat test.rb require 'net/http' uri = URI 'https://david.shanske.com' Net::HTTP.start uri.hostname, uri.port, use_ssl: true do |http| req = Net::HTTP::Get.new uri response = http.request req p response.code sleep 310 req = Net::HTTP::Get.new uri response = http.request req p response.code end $ ruby -v test.rb ruby 2.1.5p273 (2014-11-13 revision 48405) [x86_64-darwin14.0] "200" /usr/local/lib/ruby/2.1.0/openssl/ssl.rb:178:in `post_connection_check': hostname "david.shanske.com" does not match the server certificate (OpenSSL::SSL::SSLError) from /usr/local/lib/ruby/2.1.0/net/http.rb:922:in `connect' from /usr/local/lib/ruby/2.1.0/net/http.rb:1447:in `begin_transport' from /usr/local/lib/ruby/2.1.0/net/http.rb:1404:in `transport_request' from /usr/local/lib/ruby/2.1.0/net/http.rb:1378:in `request' from test.rb:10:in `block in
' from /usr/local/lib/ruby/2.1.0/net/http.rb:853:in `start' from /usr/local/lib/ruby/2.1.0/net/http.rb:583:in `start' from test.rb:4:in `
' ~~~ ---Files-------------------------------- net.http.bug10533.patch (685 Bytes) -- https://bugs.ruby-lang.org/