* [ruby-core:66388] [ruby-trunk - Bug #10533] [Open] HTTP reconnection with SNI does not send correct hostname
[not found] <redmine.issue-10533.20141121034156@ruby-lang.org>
@ 2014-11-21 3:41 ` drbrain
2014-11-21 23:01 ` [ruby-core:66400] [ruby-trunk - Bug #10533] " drbrain
` (12 subsequent siblings)
13 siblings, 0 replies; 14+ messages in thread
From: drbrain @ 2014-11-21 3:41 UTC (permalink / raw)
To: ruby-core
Issue #10533 has been reported by Eric Hodel.
----------------------------------------
Bug #10533: HTTP reconnection with SNI does not send correct hostname
https://bugs.ruby-lang.org/issues/10533
* Author: Eric Hodel
* Status: Open
* Priority: Normal
* Assignee:
* Category: lib
* Target version:
* ruby -v: ruby 2.1.5p273 (2014-11-13 revision 48405) [x86_64-darwin14.0]
* Backport: 2.0.0: UNKNOWN, 2.1: UNKNOWN
----------------------------------------
When reconnecting after connection timeout on an SNI connection the server name is not sent during reconnect which results in a failed reconnection:
~~~
$ cat test.rb
require 'net/http'
uri = URI 'https://david.shanske.com'
Net::HTTP.start uri.hostname, uri.port, use_ssl: true do |http|
req = Net::HTTP::Get.new uri
response = http.request req
p response.code
sleep 310
req = Net::HTTP::Get.new uri
response = http.request req
p response.code
end
$ ruby -v test.rb
ruby 2.1.5p273 (2014-11-13 revision 48405) [x86_64-darwin14.0]
"200"
/usr/local/lib/ruby/2.1.0/openssl/ssl.rb:178:in `post_connection_check': hostname "david.shanske.com" does not match the server certificate (OpenSSL::SSL::SSLError)
from /usr/local/lib/ruby/2.1.0/net/http.rb:922:in `connect'
from /usr/local/lib/ruby/2.1.0/net/http.rb:1447:in `begin_transport'
from /usr/local/lib/ruby/2.1.0/net/http.rb:1404:in `transport_request'
from /usr/local/lib/ruby/2.1.0/net/http.rb:1378:in `request'
from test.rb:10:in `block in <main>'
from /usr/local/lib/ruby/2.1.0/net/http.rb:853:in `start'
from /usr/local/lib/ruby/2.1.0/net/http.rb:583:in `start'
from test.rb:4:in `<main>'
~~~
--
https://bugs.ruby-lang.org/
^ permalink raw reply [flat|nested] 14+ messages in thread
* [ruby-core:66400] [ruby-trunk - Bug #10533] HTTP reconnection with SNI does not send correct hostname
[not found] <redmine.issue-10533.20141121034156@ruby-lang.org>
2014-11-21 3:41 ` [ruby-core:66388] [ruby-trunk - Bug #10533] [Open] HTTP reconnection with SNI does not send correct hostname drbrain
@ 2014-11-21 23:01 ` drbrain
2014-11-21 23:02 ` [ruby-core:66401] [ruby-trunk - Bug #10533] [Assigned] " drbrain
` (11 subsequent siblings)
13 siblings, 0 replies; 14+ messages in thread
From: drbrain @ 2014-11-21 23:01 UTC (permalink / raw)
To: ruby-core
Issue #10533 has been updated by Eric Hodel.
File net.http.bug10533.patch added
Backport changed from 2.0.0: UNKNOWN, 2.1: UNKNOWN to 2.0.0: REQUIRED, 2.1: REQUIRED
If session resumption is requested with an expired SSL session on an SNI server then the handshake goes wrong and the connection fails as above.
The attached patch only attempts session resumption if the session is still valid.
----------------------------------------
Bug #10533: HTTP reconnection with SNI does not send correct hostname
https://bugs.ruby-lang.org/issues/10533#change-50040
* Author: Eric Hodel
* Status: Open
* Priority: Normal
* Assignee:
* Category: lib
* Target version:
* ruby -v: ruby 2.1.5p273 (2014-11-13 revision 48405) [x86_64-darwin14.0]
* Backport: 2.0.0: REQUIRED, 2.1: REQUIRED
----------------------------------------
When reconnecting after connection timeout on an SNI connection the server name is not sent during reconnect which results in a failed reconnection:
~~~
$ cat test.rb
require 'net/http'
uri = URI 'https://david.shanske.com'
Net::HTTP.start uri.hostname, uri.port, use_ssl: true do |http|
req = Net::HTTP::Get.new uri
response = http.request req
p response.code
sleep 310
req = Net::HTTP::Get.new uri
response = http.request req
p response.code
end
$ ruby -v test.rb
ruby 2.1.5p273 (2014-11-13 revision 48405) [x86_64-darwin14.0]
"200"
/usr/local/lib/ruby/2.1.0/openssl/ssl.rb:178:in `post_connection_check': hostname "david.shanske.com" does not match the server certificate (OpenSSL::SSL::SSLError)
from /usr/local/lib/ruby/2.1.0/net/http.rb:922:in `connect'
from /usr/local/lib/ruby/2.1.0/net/http.rb:1447:in `begin_transport'
from /usr/local/lib/ruby/2.1.0/net/http.rb:1404:in `transport_request'
from /usr/local/lib/ruby/2.1.0/net/http.rb:1378:in `request'
from test.rb:10:in `block in <main>'
from /usr/local/lib/ruby/2.1.0/net/http.rb:853:in `start'
from /usr/local/lib/ruby/2.1.0/net/http.rb:583:in `start'
from test.rb:4:in `<main>'
~~~
---Files--------------------------------
net.http.bug10533.patch (685 Bytes)
--
https://bugs.ruby-lang.org/
^ permalink raw reply [flat|nested] 14+ messages in thread
* [ruby-core:66401] [ruby-trunk - Bug #10533] [Assigned] HTTP reconnection with SNI does not send correct hostname
[not found] <redmine.issue-10533.20141121034156@ruby-lang.org>
2014-11-21 3:41 ` [ruby-core:66388] [ruby-trunk - Bug #10533] [Open] HTTP reconnection with SNI does not send correct hostname drbrain
2014-11-21 23:01 ` [ruby-core:66400] [ruby-trunk - Bug #10533] " drbrain
@ 2014-11-21 23:02 ` drbrain
2014-11-22 5:22 ` [ruby-core:66408] [ruby-trunk - Bug #10533] " drbrain
` (10 subsequent siblings)
13 siblings, 0 replies; 14+ messages in thread
From: drbrain @ 2014-11-21 23:02 UTC (permalink / raw)
To: ruby-core
Issue #10533 has been updated by Eric Hodel.
Status changed from Open to Assigned
Assignee set to Yui NARUSE
----------------------------------------
Bug #10533: HTTP reconnection with SNI does not send correct hostname
https://bugs.ruby-lang.org/issues/10533#change-50041
* Author: Eric Hodel
* Status: Assigned
* Priority: Normal
* Assignee: Yui NARUSE
* Category: lib
* Target version:
* ruby -v: ruby 2.1.5p273 (2014-11-13 revision 48405) [x86_64-darwin14.0]
* Backport: 2.0.0: REQUIRED, 2.1: REQUIRED
----------------------------------------
When reconnecting after connection timeout on an SNI connection the server name is not sent during reconnect which results in a failed reconnection:
~~~
$ cat test.rb
require 'net/http'
uri = URI 'https://david.shanske.com'
Net::HTTP.start uri.hostname, uri.port, use_ssl: true do |http|
req = Net::HTTP::Get.new uri
response = http.request req
p response.code
sleep 310
req = Net::HTTP::Get.new uri
response = http.request req
p response.code
end
$ ruby -v test.rb
ruby 2.1.5p273 (2014-11-13 revision 48405) [x86_64-darwin14.0]
"200"
/usr/local/lib/ruby/2.1.0/openssl/ssl.rb:178:in `post_connection_check': hostname "david.shanske.com" does not match the server certificate (OpenSSL::SSL::SSLError)
from /usr/local/lib/ruby/2.1.0/net/http.rb:922:in `connect'
from /usr/local/lib/ruby/2.1.0/net/http.rb:1447:in `begin_transport'
from /usr/local/lib/ruby/2.1.0/net/http.rb:1404:in `transport_request'
from /usr/local/lib/ruby/2.1.0/net/http.rb:1378:in `request'
from test.rb:10:in `block in <main>'
from /usr/local/lib/ruby/2.1.0/net/http.rb:853:in `start'
from /usr/local/lib/ruby/2.1.0/net/http.rb:583:in `start'
from test.rb:4:in `<main>'
~~~
---Files--------------------------------
net.http.bug10533.patch (685 Bytes)
--
https://bugs.ruby-lang.org/
^ permalink raw reply [flat|nested] 14+ messages in thread
* [ruby-core:66408] [ruby-trunk - Bug #10533] HTTP reconnection with SNI does not send correct hostname
[not found] <redmine.issue-10533.20141121034156@ruby-lang.org>
` (2 preceding siblings ...)
2014-11-21 23:02 ` [ruby-core:66401] [ruby-trunk - Bug #10533] [Assigned] " drbrain
@ 2014-11-22 5:22 ` drbrain
2014-11-25 6:55 ` [ruby-core:66453] " drbrain
` (9 subsequent siblings)
13 siblings, 0 replies; 14+ messages in thread
From: drbrain @ 2014-11-22 5:22 UTC (permalink / raw)
To: ruby-core
Issue #10533 has been updated by Eric Hodel.
Ultimately I think this may be an OpenSSL bug.
Looking at the ClientHello message for the second connection (which uses session resumption) no ServerNameIndication extension is present. Without this the server won't be able to respond with the correct certificate.
----------------------------------------
Bug #10533: HTTP reconnection with SNI does not send correct hostname
https://bugs.ruby-lang.org/issues/10533#change-50046
* Author: Eric Hodel
* Status: Assigned
* Priority: Normal
* Assignee: Yui NARUSE
* Category: lib
* Target version:
* ruby -v: ruby 2.1.5p273 (2014-11-13 revision 48405) [x86_64-darwin14.0]
* Backport: 2.0.0: REQUIRED, 2.1: REQUIRED
----------------------------------------
When reconnecting after connection timeout on an SNI connection the server name is not sent during reconnect which results in a failed reconnection:
~~~
$ cat test.rb
require 'net/http'
uri = URI 'https://david.shanske.com'
Net::HTTP.start uri.hostname, uri.port, use_ssl: true do |http|
req = Net::HTTP::Get.new uri
response = http.request req
p response.code
sleep 310
req = Net::HTTP::Get.new uri
response = http.request req
p response.code
end
$ ruby -v test.rb
ruby 2.1.5p273 (2014-11-13 revision 48405) [x86_64-darwin14.0]
"200"
/usr/local/lib/ruby/2.1.0/openssl/ssl.rb:178:in `post_connection_check': hostname "david.shanske.com" does not match the server certificate (OpenSSL::SSL::SSLError)
from /usr/local/lib/ruby/2.1.0/net/http.rb:922:in `connect'
from /usr/local/lib/ruby/2.1.0/net/http.rb:1447:in `begin_transport'
from /usr/local/lib/ruby/2.1.0/net/http.rb:1404:in `transport_request'
from /usr/local/lib/ruby/2.1.0/net/http.rb:1378:in `request'
from test.rb:10:in `block in <main>'
from /usr/local/lib/ruby/2.1.0/net/http.rb:853:in `start'
from /usr/local/lib/ruby/2.1.0/net/http.rb:583:in `start'
from test.rb:4:in `<main>'
~~~
---Files--------------------------------
net.http.bug10533.patch (685 Bytes)
--
https://bugs.ruby-lang.org/
^ permalink raw reply [flat|nested] 14+ messages in thread
* [ruby-core:66453] [ruby-trunk - Bug #10533] HTTP reconnection with SNI does not send correct hostname
[not found] <redmine.issue-10533.20141121034156@ruby-lang.org>
` (3 preceding siblings ...)
2014-11-22 5:22 ` [ruby-core:66408] [ruby-trunk - Bug #10533] " drbrain
@ 2014-11-25 6:55 ` drbrain
2014-11-25 7:09 ` [ruby-core:66454] [ruby-trunk - Bug #10533] [Closed] " drbrain
` (8 subsequent siblings)
13 siblings, 0 replies; 14+ messages in thread
From: drbrain @ 2014-11-25 6:55 UTC (permalink / raw)
To: ruby-core
Issue #10533 has been updated by Eric Hodel.
Assignee changed from Yui NARUSE to Eric Hodel
Via #ruby-core IRC:
~~~
22:53 nurse: ok > 10533
~~~
So I will commit it.
----------------------------------------
Bug #10533: HTTP reconnection with SNI does not send correct hostname
https://bugs.ruby-lang.org/issues/10533#change-50076
* Author: Eric Hodel
* Status: Assigned
* Priority: Normal
* Assignee: Eric Hodel
* Category: lib
* Target version:
* ruby -v: ruby 2.1.5p273 (2014-11-13 revision 48405) [x86_64-darwin14.0]
* Backport: 2.0.0: REQUIRED, 2.1: REQUIRED
----------------------------------------
When reconnecting after connection timeout on an SNI connection the server name is not sent during reconnect which results in a failed reconnection:
~~~
$ cat test.rb
require 'net/http'
uri = URI 'https://david.shanske.com'
Net::HTTP.start uri.hostname, uri.port, use_ssl: true do |http|
req = Net::HTTP::Get.new uri
response = http.request req
p response.code
sleep 310
req = Net::HTTP::Get.new uri
response = http.request req
p response.code
end
$ ruby -v test.rb
ruby 2.1.5p273 (2014-11-13 revision 48405) [x86_64-darwin14.0]
"200"
/usr/local/lib/ruby/2.1.0/openssl/ssl.rb:178:in `post_connection_check': hostname "david.shanske.com" does not match the server certificate (OpenSSL::SSL::SSLError)
from /usr/local/lib/ruby/2.1.0/net/http.rb:922:in `connect'
from /usr/local/lib/ruby/2.1.0/net/http.rb:1447:in `begin_transport'
from /usr/local/lib/ruby/2.1.0/net/http.rb:1404:in `transport_request'
from /usr/local/lib/ruby/2.1.0/net/http.rb:1378:in `request'
from test.rb:10:in `block in <main>'
from /usr/local/lib/ruby/2.1.0/net/http.rb:853:in `start'
from /usr/local/lib/ruby/2.1.0/net/http.rb:583:in `start'
from test.rb:4:in `<main>'
~~~
---Files--------------------------------
net.http.bug10533.patch (685 Bytes)
--
https://bugs.ruby-lang.org/
^ permalink raw reply [flat|nested] 14+ messages in thread
* [ruby-core:66454] [ruby-trunk - Bug #10533] [Closed] HTTP reconnection with SNI does not send correct hostname
[not found] <redmine.issue-10533.20141121034156@ruby-lang.org>
` (4 preceding siblings ...)
2014-11-25 6:55 ` [ruby-core:66453] " drbrain
@ 2014-11-25 7:09 ` drbrain
2014-11-28 7:44 ` [ruby-core:66547] [ruby-trunk - Bug #10533] " usa
` (7 subsequent siblings)
13 siblings, 0 replies; 14+ messages in thread
From: drbrain @ 2014-11-25 7:09 UTC (permalink / raw)
To: ruby-core
Issue #10533 has been updated by Eric Hodel.
Status changed from Assigned to Closed
% Done changed from 0 to 100
Applied in changeset r48563.
----------
* lib/net/http.rb: Do not attempt SSL session resumption when the
session is expired. [Bug #10533]
----------------------------------------
Bug #10533: HTTP reconnection with SNI does not send correct hostname
https://bugs.ruby-lang.org/issues/10533#change-50077
* Author: Eric Hodel
* Status: Closed
* Priority: Normal
* Assignee: Eric Hodel
* Category: lib
* Target version:
* ruby -v: ruby 2.1.5p273 (2014-11-13 revision 48405) [x86_64-darwin14.0]
* Backport: 2.0.0: REQUIRED, 2.1: REQUIRED
----------------------------------------
When reconnecting after connection timeout on an SNI connection the server name is not sent during reconnect which results in a failed reconnection:
~~~
$ cat test.rb
require 'net/http'
uri = URI 'https://david.shanske.com'
Net::HTTP.start uri.hostname, uri.port, use_ssl: true do |http|
req = Net::HTTP::Get.new uri
response = http.request req
p response.code
sleep 310
req = Net::HTTP::Get.new uri
response = http.request req
p response.code
end
$ ruby -v test.rb
ruby 2.1.5p273 (2014-11-13 revision 48405) [x86_64-darwin14.0]
"200"
/usr/local/lib/ruby/2.1.0/openssl/ssl.rb:178:in `post_connection_check': hostname "david.shanske.com" does not match the server certificate (OpenSSL::SSL::SSLError)
from /usr/local/lib/ruby/2.1.0/net/http.rb:922:in `connect'
from /usr/local/lib/ruby/2.1.0/net/http.rb:1447:in `begin_transport'
from /usr/local/lib/ruby/2.1.0/net/http.rb:1404:in `transport_request'
from /usr/local/lib/ruby/2.1.0/net/http.rb:1378:in `request'
from test.rb:10:in `block in <main>'
from /usr/local/lib/ruby/2.1.0/net/http.rb:853:in `start'
from /usr/local/lib/ruby/2.1.0/net/http.rb:583:in `start'
from test.rb:4:in `<main>'
~~~
---Files--------------------------------
net.http.bug10533.patch (685 Bytes)
--
https://bugs.ruby-lang.org/
^ permalink raw reply [flat|nested] 14+ messages in thread
* [ruby-core:66547] [ruby-trunk - Bug #10533] HTTP reconnection with SNI does not send correct hostname
[not found] <redmine.issue-10533.20141121034156@ruby-lang.org>
` (5 preceding siblings ...)
2014-11-25 7:09 ` [ruby-core:66454] [ruby-trunk - Bug #10533] [Closed] " drbrain
@ 2014-11-28 7:44 ` usa
2015-02-17 17:09 ` [ruby-core:68155] [Ruby trunk " nagachika00
` (6 subsequent siblings)
13 siblings, 0 replies; 14+ messages in thread
From: usa @ 2014-11-28 7:44 UTC (permalink / raw)
To: ruby-core
Issue #10533 has been updated by Usaku NAKAMURA.
Backport changed from 2.0.0: REQUIRED, 2.1: REQUIRED to 2.0.0: DONE, 2.1: REQUIRED
Backported into `ruby_2_0_0` at r48636.
----------------------------------------
Bug #10533: HTTP reconnection with SNI does not send correct hostname
https://bugs.ruby-lang.org/issues/10533#change-50163
* Author: Eric Hodel
* Status: Closed
* Priority: Normal
* Assignee: Eric Hodel
* Category: lib
* Target version:
* ruby -v: ruby 2.1.5p273 (2014-11-13 revision 48405) [x86_64-darwin14.0]
* Backport: 2.0.0: DONE, 2.1: REQUIRED
----------------------------------------
When reconnecting after connection timeout on an SNI connection the server name is not sent during reconnect which results in a failed reconnection:
~~~
$ cat test.rb
require 'net/http'
uri = URI 'https://david.shanske.com'
Net::HTTP.start uri.hostname, uri.port, use_ssl: true do |http|
req = Net::HTTP::Get.new uri
response = http.request req
p response.code
sleep 310
req = Net::HTTP::Get.new uri
response = http.request req
p response.code
end
$ ruby -v test.rb
ruby 2.1.5p273 (2014-11-13 revision 48405) [x86_64-darwin14.0]
"200"
/usr/local/lib/ruby/2.1.0/openssl/ssl.rb:178:in `post_connection_check': hostname "david.shanske.com" does not match the server certificate (OpenSSL::SSL::SSLError)
from /usr/local/lib/ruby/2.1.0/net/http.rb:922:in `connect'
from /usr/local/lib/ruby/2.1.0/net/http.rb:1447:in `begin_transport'
from /usr/local/lib/ruby/2.1.0/net/http.rb:1404:in `transport_request'
from /usr/local/lib/ruby/2.1.0/net/http.rb:1378:in `request'
from test.rb:10:in `block in <main>'
from /usr/local/lib/ruby/2.1.0/net/http.rb:853:in `start'
from /usr/local/lib/ruby/2.1.0/net/http.rb:583:in `start'
from test.rb:4:in `<main>'
~~~
---Files--------------------------------
net.http.bug10533.patch (685 Bytes)
--
https://bugs.ruby-lang.org/
^ permalink raw reply [flat|nested] 14+ messages in thread
* [ruby-core:68155] [Ruby trunk - Bug #10533] HTTP reconnection with SNI does not send correct hostname
[not found] <redmine.issue-10533.20141121034156@ruby-lang.org>
` (6 preceding siblings ...)
2014-11-28 7:44 ` [ruby-core:66547] [ruby-trunk - Bug #10533] " usa
@ 2015-02-17 17:09 ` nagachika00
2015-06-12 9:02 ` [ruby-core:69544] " michiel
` (5 subsequent siblings)
13 siblings, 0 replies; 14+ messages in thread
From: nagachika00 @ 2015-02-17 17:09 UTC (permalink / raw)
To: ruby-core
Issue #10533 has been updated by Tomoyuki Chikanaga.
Backport changed from 2.0.0: DONE, 2.1: REQUIRED to 2.0.0: DONE, 2.1: DONE
r48563 and test for it (r46261,r48581) were backported into `ruby_2_1` branch at r49631.
----------------------------------------
Bug #10533: HTTP reconnection with SNI does not send correct hostname
https://bugs.ruby-lang.org/issues/10533#change-51534
* Author: Eric Hodel
* Status: Closed
* Priority: Normal
* Assignee: Eric Hodel
* ruby -v: ruby 2.1.5p273 (2014-11-13 revision 48405) [x86_64-darwin14.0]
* Backport: 2.0.0: DONE, 2.1: DONE
----------------------------------------
When reconnecting after connection timeout on an SNI connection the server name is not sent during reconnect which results in a failed reconnection:
~~~
$ cat test.rb
require 'net/http'
uri = URI 'https://david.shanske.com'
Net::HTTP.start uri.hostname, uri.port, use_ssl: true do |http|
req = Net::HTTP::Get.new uri
response = http.request req
p response.code
sleep 310
req = Net::HTTP::Get.new uri
response = http.request req
p response.code
end
$ ruby -v test.rb
ruby 2.1.5p273 (2014-11-13 revision 48405) [x86_64-darwin14.0]
"200"
/usr/local/lib/ruby/2.1.0/openssl/ssl.rb:178:in `post_connection_check': hostname "david.shanske.com" does not match the server certificate (OpenSSL::SSL::SSLError)
from /usr/local/lib/ruby/2.1.0/net/http.rb:922:in `connect'
from /usr/local/lib/ruby/2.1.0/net/http.rb:1447:in `begin_transport'
from /usr/local/lib/ruby/2.1.0/net/http.rb:1404:in `transport_request'
from /usr/local/lib/ruby/2.1.0/net/http.rb:1378:in `request'
from test.rb:10:in `block in <main>'
from /usr/local/lib/ruby/2.1.0/net/http.rb:853:in `start'
from /usr/local/lib/ruby/2.1.0/net/http.rb:583:in `start'
from test.rb:4:in `<main>'
~~~
---Files--------------------------------
net.http.bug10533.patch (685 Bytes)
--
https://bugs.ruby-lang.org/
^ permalink raw reply [flat|nested] 14+ messages in thread
* [ruby-core:69544] [Ruby trunk - Bug #10533] HTTP reconnection with SNI does not send correct hostname
[not found] <redmine.issue-10533.20141121034156@ruby-lang.org>
` (7 preceding siblings ...)
2015-02-17 17:09 ` [ruby-core:68155] [Ruby trunk " nagachika00
@ 2015-06-12 9:02 ` michiel
2015-06-17 13:40 ` [ruby-core:69631] " michiel
` (4 subsequent siblings)
13 siblings, 0 replies; 14+ messages in thread
From: michiel @ 2015-06-12 9:02 UTC (permalink / raw)
To: ruby-core
Issue #10533 has been updated by Michiel Karnebeek.
The patch does not seem to solve the reported issue.
Reconnecting HTTP connections still do not send an SNI.
I'm running ruby 2.2.2p95 (2015-04-13 revision 50295) [x86_64-darwin14] and checked using Wireshark.
----------------------------------------
Bug #10533: HTTP reconnection with SNI does not send correct hostname
https://bugs.ruby-lang.org/issues/10533#change-52875
* Author: Eric Hodel
* Status: Closed
* Priority: Normal
* Assignee: Eric Hodel
* ruby -v: ruby 2.1.5p273 (2014-11-13 revision 48405) [x86_64-darwin14.0]
* Backport: 2.0.0: DONE, 2.1: DONE
----------------------------------------
When reconnecting after connection timeout on an SNI connection the server name is not sent during reconnect which results in a failed reconnection:
~~~
$ cat test.rb
require 'net/http'
uri = URI 'https://david.shanske.com'
Net::HTTP.start uri.hostname, uri.port, use_ssl: true do |http|
req = Net::HTTP::Get.new uri
response = http.request req
p response.code
sleep 310
req = Net::HTTP::Get.new uri
response = http.request req
p response.code
end
$ ruby -v test.rb
ruby 2.1.5p273 (2014-11-13 revision 48405) [x86_64-darwin14.0]
"200"
/usr/local/lib/ruby/2.1.0/openssl/ssl.rb:178:in `post_connection_check': hostname "david.shanske.com" does not match the server certificate (OpenSSL::SSL::SSLError)
from /usr/local/lib/ruby/2.1.0/net/http.rb:922:in `connect'
from /usr/local/lib/ruby/2.1.0/net/http.rb:1447:in `begin_transport'
from /usr/local/lib/ruby/2.1.0/net/http.rb:1404:in `transport_request'
from /usr/local/lib/ruby/2.1.0/net/http.rb:1378:in `request'
from test.rb:10:in `block in <main>'
from /usr/local/lib/ruby/2.1.0/net/http.rb:853:in `start'
from /usr/local/lib/ruby/2.1.0/net/http.rb:583:in `start'
from test.rb:4:in `<main>'
~~~
---Files--------------------------------
net.http.bug10533.patch (685 Bytes)
--
https://bugs.ruby-lang.org/
^ permalink raw reply [flat|nested] 14+ messages in thread
* [ruby-core:69631] [Ruby trunk - Bug #10533] HTTP reconnection with SNI does not send correct hostname
[not found] <redmine.issue-10533.20141121034156@ruby-lang.org>
` (8 preceding siblings ...)
2015-06-12 9:02 ` [ruby-core:69544] " michiel
@ 2015-06-17 13:40 ` michiel
2015-06-18 8:36 ` [ruby-core:69648] " michiel
` (3 subsequent siblings)
13 siblings, 0 replies; 14+ messages in thread
From: michiel @ 2015-06-17 13:40 UTC (permalink / raw)
To: ruby-core
Issue #10533 has been updated by Michiel Karnebeek.
Following up on my comment a few days ago:
I ran a test in python using https://github.com/nabla-c0d3/sslyze (with OpenSSL 1.0.2a, same version as in Ruby) and introduced a sleep longer than the ssl session TTL at https://github.com/nabla-c0d3/sslyze/blob/master/plugins/PluginSessionResumption.py#L248 to see if this did supply the SNI
According to Wireshark, this correctly put both the SNI and session ticket in the Client Hello packet.
I think this is evidence that the OpenSSL used is capable of doing this, and that either Net::Http or the c-bindings for ruby to OpenSSL are doing something wrong.
----------------------------------------
Bug #10533: HTTP reconnection with SNI does not send correct hostname
https://bugs.ruby-lang.org/issues/10533#change-52982
* Author: Eric Hodel
* Status: Closed
* Priority: Normal
* Assignee: Eric Hodel
* ruby -v: ruby 2.1.5p273 (2014-11-13 revision 48405) [x86_64-darwin14.0]
* Backport: 2.0.0: DONE, 2.1: DONE
----------------------------------------
When reconnecting after connection timeout on an SNI connection the server name is not sent during reconnect which results in a failed reconnection:
~~~
$ cat test.rb
require 'net/http'
uri = URI 'https://david.shanske.com'
Net::HTTP.start uri.hostname, uri.port, use_ssl: true do |http|
req = Net::HTTP::Get.new uri
response = http.request req
p response.code
sleep 310
req = Net::HTTP::Get.new uri
response = http.request req
p response.code
end
$ ruby -v test.rb
ruby 2.1.5p273 (2014-11-13 revision 48405) [x86_64-darwin14.0]
"200"
/usr/local/lib/ruby/2.1.0/openssl/ssl.rb:178:in `post_connection_check': hostname "david.shanske.com" does not match the server certificate (OpenSSL::SSL::SSLError)
from /usr/local/lib/ruby/2.1.0/net/http.rb:922:in `connect'
from /usr/local/lib/ruby/2.1.0/net/http.rb:1447:in `begin_transport'
from /usr/local/lib/ruby/2.1.0/net/http.rb:1404:in `transport_request'
from /usr/local/lib/ruby/2.1.0/net/http.rb:1378:in `request'
from test.rb:10:in `block in <main>'
from /usr/local/lib/ruby/2.1.0/net/http.rb:853:in `start'
from /usr/local/lib/ruby/2.1.0/net/http.rb:583:in `start'
from test.rb:4:in `<main>'
~~~
---Files--------------------------------
net.http.bug10533.patch (685 Bytes)
--
https://bugs.ruby-lang.org/
^ permalink raw reply [flat|nested] 14+ messages in thread
* [ruby-core:69648] [Ruby trunk - Bug #10533] HTTP reconnection with SNI does not send correct hostname
[not found] <redmine.issue-10533.20141121034156@ruby-lang.org>
` (9 preceding siblings ...)
2015-06-17 13:40 ` [ruby-core:69631] " michiel
@ 2015-06-18 8:36 ` michiel
2015-06-18 8:51 ` [ruby-core:69649] " michiel
` (2 subsequent siblings)
13 siblings, 0 replies; 14+ messages in thread
From: michiel @ 2015-06-18 8:36 UTC (permalink / raw)
To: ruby-core
Issue #10533 has been updated by Michiel Karnebeek.
File net.http.bug10533-2.patch added
It looks like i've solved it: Moving `s.hostname = @hostname` before `s.session = @ssl_session` has solved it on my end.
See the attached patch
----------------------------------------
Bug #10533: HTTP reconnection with SNI does not send correct hostname
https://bugs.ruby-lang.org/issues/10533#change-53002
* Author: Eric Hodel
* Status: Closed
* Priority: Normal
* Assignee: Eric Hodel
* ruby -v: ruby 2.1.5p273 (2014-11-13 revision 48405) [x86_64-darwin14.0]
* Backport: 2.0.0: DONE, 2.1: DONE
----------------------------------------
When reconnecting after connection timeout on an SNI connection the server name is not sent during reconnect which results in a failed reconnection:
~~~
$ cat test.rb
require 'net/http'
uri = URI 'https://david.shanske.com'
Net::HTTP.start uri.hostname, uri.port, use_ssl: true do |http|
req = Net::HTTP::Get.new uri
response = http.request req
p response.code
sleep 310
req = Net::HTTP::Get.new uri
response = http.request req
p response.code
end
$ ruby -v test.rb
ruby 2.1.5p273 (2014-11-13 revision 48405) [x86_64-darwin14.0]
"200"
/usr/local/lib/ruby/2.1.0/openssl/ssl.rb:178:in `post_connection_check': hostname "david.shanske.com" does not match the server certificate (OpenSSL::SSL::SSLError)
from /usr/local/lib/ruby/2.1.0/net/http.rb:922:in `connect'
from /usr/local/lib/ruby/2.1.0/net/http.rb:1447:in `begin_transport'
from /usr/local/lib/ruby/2.1.0/net/http.rb:1404:in `transport_request'
from /usr/local/lib/ruby/2.1.0/net/http.rb:1378:in `request'
from test.rb:10:in `block in <main>'
from /usr/local/lib/ruby/2.1.0/net/http.rb:853:in `start'
from /usr/local/lib/ruby/2.1.0/net/http.rb:583:in `start'
from test.rb:4:in `<main>'
~~~
---Files--------------------------------
net.http.bug10533.patch (685 Bytes)
net.http.bug10533-2.patch (884 Bytes)
--
https://bugs.ruby-lang.org/
^ permalink raw reply [flat|nested] 14+ messages in thread
* [ruby-core:69649] [Ruby trunk - Bug #10533] HTTP reconnection with SNI does not send correct hostname
[not found] <redmine.issue-10533.20141121034156@ruby-lang.org>
` (10 preceding siblings ...)
2015-06-18 8:36 ` [ruby-core:69648] " michiel
@ 2015-06-18 8:51 ` michiel
2015-06-18 9:27 ` [ruby-core:69650] " michiel
2015-06-24 8:41 ` [ruby-core:69727] " aholstvoogd
13 siblings, 0 replies; 14+ messages in thread
From: michiel @ 2015-06-18 8:51 UTC (permalink / raw)
To: ruby-core
Issue #10533 has been updated by Michiel Karnebeek.
Created https://github.com/ruby/ruby/pull/940
----------------------------------------
Bug #10533: HTTP reconnection with SNI does not send correct hostname
https://bugs.ruby-lang.org/issues/10533#change-53003
* Author: Eric Hodel
* Status: Closed
* Priority: Normal
* Assignee: Eric Hodel
* ruby -v: ruby 2.1.5p273 (2014-11-13 revision 48405) [x86_64-darwin14.0]
* Backport: 2.0.0: DONE, 2.1: DONE
----------------------------------------
When reconnecting after connection timeout on an SNI connection the server name is not sent during reconnect which results in a failed reconnection:
~~~
$ cat test.rb
require 'net/http'
uri = URI 'https://david.shanske.com'
Net::HTTP.start uri.hostname, uri.port, use_ssl: true do |http|
req = Net::HTTP::Get.new uri
response = http.request req
p response.code
sleep 310
req = Net::HTTP::Get.new uri
response = http.request req
p response.code
end
$ ruby -v test.rb
ruby 2.1.5p273 (2014-11-13 revision 48405) [x86_64-darwin14.0]
"200"
/usr/local/lib/ruby/2.1.0/openssl/ssl.rb:178:in `post_connection_check': hostname "david.shanske.com" does not match the server certificate (OpenSSL::SSL::SSLError)
from /usr/local/lib/ruby/2.1.0/net/http.rb:922:in `connect'
from /usr/local/lib/ruby/2.1.0/net/http.rb:1447:in `begin_transport'
from /usr/local/lib/ruby/2.1.0/net/http.rb:1404:in `transport_request'
from /usr/local/lib/ruby/2.1.0/net/http.rb:1378:in `request'
from test.rb:10:in `block in <main>'
from /usr/local/lib/ruby/2.1.0/net/http.rb:853:in `start'
from /usr/local/lib/ruby/2.1.0/net/http.rb:583:in `start'
from test.rb:4:in `<main>'
~~~
---Files--------------------------------
net.http.bug10533.patch (685 Bytes)
net.http.bug10533-2.patch (884 Bytes)
--
https://bugs.ruby-lang.org/
^ permalink raw reply [flat|nested] 14+ messages in thread
* [ruby-core:69650] [Ruby trunk - Bug #10533] HTTP reconnection with SNI does not send correct hostname
[not found] <redmine.issue-10533.20141121034156@ruby-lang.org>
` (11 preceding siblings ...)
2015-06-18 8:51 ` [ruby-core:69649] " michiel
@ 2015-06-18 9:27 ` michiel
2015-06-24 8:41 ` [ruby-core:69727] " aholstvoogd
13 siblings, 0 replies; 14+ messages in thread
From: michiel @ 2015-06-18 9:27 UTC (permalink / raw)
To: ruby-core
Issue #10533 has been updated by Michiel Karnebeek.
Root cause seems to be in ossl_ssl.c:
Net::Http calls `s.session=` (C-method `ossl_ssl_set_session`), which calls C-method `ossl_ssl_setup`, which only sets up the ssl client (`ssl`) once due to "`if(!ssl){`". The problem is that the hostname setting (the call to `SSL_set_tlsext_host_name`) is done within that "`if(!ssl){`" block.
When later Net::Http calls `s.connect` (C-method `ossl_ssl_connect`), `ossl_ssl_setup` is called a second time, but it does not set up the hostname.
----------------------------------------
Bug #10533: HTTP reconnection with SNI does not send correct hostname
https://bugs.ruby-lang.org/issues/10533#change-53004
* Author: Eric Hodel
* Status: Closed
* Priority: Normal
* Assignee: Eric Hodel
* ruby -v: ruby 2.1.5p273 (2014-11-13 revision 48405) [x86_64-darwin14.0]
* Backport: 2.0.0: DONE, 2.1: DONE
----------------------------------------
When reconnecting after connection timeout on an SNI connection the server name is not sent during reconnect which results in a failed reconnection:
~~~
$ cat test.rb
require 'net/http'
uri = URI 'https://david.shanske.com'
Net::HTTP.start uri.hostname, uri.port, use_ssl: true do |http|
req = Net::HTTP::Get.new uri
response = http.request req
p response.code
sleep 310
req = Net::HTTP::Get.new uri
response = http.request req
p response.code
end
$ ruby -v test.rb
ruby 2.1.5p273 (2014-11-13 revision 48405) [x86_64-darwin14.0]
"200"
/usr/local/lib/ruby/2.1.0/openssl/ssl.rb:178:in `post_connection_check': hostname "david.shanske.com" does not match the server certificate (OpenSSL::SSL::SSLError)
from /usr/local/lib/ruby/2.1.0/net/http.rb:922:in `connect'
from /usr/local/lib/ruby/2.1.0/net/http.rb:1447:in `begin_transport'
from /usr/local/lib/ruby/2.1.0/net/http.rb:1404:in `transport_request'
from /usr/local/lib/ruby/2.1.0/net/http.rb:1378:in `request'
from test.rb:10:in `block in <main>'
from /usr/local/lib/ruby/2.1.0/net/http.rb:853:in `start'
from /usr/local/lib/ruby/2.1.0/net/http.rb:583:in `start'
from test.rb:4:in `<main>'
~~~
---Files--------------------------------
net.http.bug10533.patch (685 Bytes)
net.http.bug10533-2.patch (884 Bytes)
--
https://bugs.ruby-lang.org/
^ permalink raw reply [flat|nested] 14+ messages in thread
* [ruby-core:69727] [Ruby trunk - Bug #10533] HTTP reconnection with SNI does not send correct hostname
[not found] <redmine.issue-10533.20141121034156@ruby-lang.org>
` (12 preceding siblings ...)
2015-06-18 9:27 ` [ruby-core:69650] " michiel
@ 2015-06-24 8:41 ` aholstvoogd
13 siblings, 0 replies; 14+ messages in thread
From: aholstvoogd @ 2015-06-24 8:41 UTC (permalink / raw)
To: ruby-core
Issue #10533 has been updated by Arthur Holstvoogd.
Related i.e same issue: #10398
----------------------------------------
Bug #10533: HTTP reconnection with SNI does not send correct hostname
https://bugs.ruby-lang.org/issues/10533#change-53108
* Author: Eric Hodel
* Status: Closed
* Priority: Normal
* Assignee: Eric Hodel
* ruby -v: ruby 2.1.5p273 (2014-11-13 revision 48405) [x86_64-darwin14.0]
* Backport: 2.0.0: DONE, 2.1: DONE
----------------------------------------
When reconnecting after connection timeout on an SNI connection the server name is not sent during reconnect which results in a failed reconnection:
~~~
$ cat test.rb
require 'net/http'
uri = URI 'https://david.shanske.com'
Net::HTTP.start uri.hostname, uri.port, use_ssl: true do |http|
req = Net::HTTP::Get.new uri
response = http.request req
p response.code
sleep 310
req = Net::HTTP::Get.new uri
response = http.request req
p response.code
end
$ ruby -v test.rb
ruby 2.1.5p273 (2014-11-13 revision 48405) [x86_64-darwin14.0]
"200"
/usr/local/lib/ruby/2.1.0/openssl/ssl.rb:178:in `post_connection_check': hostname "david.shanske.com" does not match the server certificate (OpenSSL::SSL::SSLError)
from /usr/local/lib/ruby/2.1.0/net/http.rb:922:in `connect'
from /usr/local/lib/ruby/2.1.0/net/http.rb:1447:in `begin_transport'
from /usr/local/lib/ruby/2.1.0/net/http.rb:1404:in `transport_request'
from /usr/local/lib/ruby/2.1.0/net/http.rb:1378:in `request'
from test.rb:10:in `block in <main>'
from /usr/local/lib/ruby/2.1.0/net/http.rb:853:in `start'
from /usr/local/lib/ruby/2.1.0/net/http.rb:583:in `start'
from test.rb:4:in `<main>'
~~~
---Files--------------------------------
net.http.bug10533.patch (685 Bytes)
net.http.bug10533-2.patch (884 Bytes)
--
https://bugs.ruby-lang.org/
^ permalink raw reply [flat|nested] 14+ messages in thread
end of thread, other threads:[~2015-06-24 8:17 UTC | newest]
Thread overview: 14+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <redmine.issue-10533.20141121034156@ruby-lang.org>
2014-11-21 3:41 ` [ruby-core:66388] [ruby-trunk - Bug #10533] [Open] HTTP reconnection with SNI does not send correct hostname drbrain
2014-11-21 23:01 ` [ruby-core:66400] [ruby-trunk - Bug #10533] " drbrain
2014-11-21 23:02 ` [ruby-core:66401] [ruby-trunk - Bug #10533] [Assigned] " drbrain
2014-11-22 5:22 ` [ruby-core:66408] [ruby-trunk - Bug #10533] " drbrain
2014-11-25 6:55 ` [ruby-core:66453] " drbrain
2014-11-25 7:09 ` [ruby-core:66454] [ruby-trunk - Bug #10533] [Closed] " drbrain
2014-11-28 7:44 ` [ruby-core:66547] [ruby-trunk - Bug #10533] " usa
2015-02-17 17:09 ` [ruby-core:68155] [Ruby trunk " nagachika00
2015-06-12 9:02 ` [ruby-core:69544] " michiel
2015-06-17 13:40 ` [ruby-core:69631] " michiel
2015-06-18 8:36 ` [ruby-core:69648] " michiel
2015-06-18 8:51 ` [ruby-core:69649] " michiel
2015-06-18 9:27 ` [ruby-core:69650] " michiel
2015-06-24 8:41 ` [ruby-core:69727] " aholstvoogd
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).