From: michiel@karnebeek.com
To: ruby-core@ruby-lang.org
Subject: [ruby-core:69650] [Ruby trunk - Bug #10533] HTTP reconnection with SNI does not send correct hostname
Date: Thu, 18 Jun 2015 09:27:52 +0000 [thread overview]
Message-ID: <redmine.journal-53004.20150618092751.2f3f568216d47bb4@ruby-lang.org> (raw)
In-Reply-To: redmine.issue-10533.20141121034156@ruby-lang.org
Issue #10533 has been updated by Michiel Karnebeek.
Root cause seems to be in ossl_ssl.c:
Net::Http calls `s.session=` (C-method `ossl_ssl_set_session`), which calls C-method `ossl_ssl_setup`, which only sets up the ssl client (`ssl`) once due to "`if(!ssl){`". The problem is that the hostname setting (the call to `SSL_set_tlsext_host_name`) is done within that "`if(!ssl){`" block.
When later Net::Http calls `s.connect` (C-method `ossl_ssl_connect`), `ossl_ssl_setup` is called a second time, but it does not set up the hostname.
----------------------------------------
Bug #10533: HTTP reconnection with SNI does not send correct hostname
https://bugs.ruby-lang.org/issues/10533#change-53004
* Author: Eric Hodel
* Status: Closed
* Priority: Normal
* Assignee: Eric Hodel
* ruby -v: ruby 2.1.5p273 (2014-11-13 revision 48405) [x86_64-darwin14.0]
* Backport: 2.0.0: DONE, 2.1: DONE
----------------------------------------
When reconnecting after connection timeout on an SNI connection the server name is not sent during reconnect which results in a failed reconnection:
~~~
$ cat test.rb
require 'net/http'
uri = URI 'https://david.shanske.com'
Net::HTTP.start uri.hostname, uri.port, use_ssl: true do |http|
req = Net::HTTP::Get.new uri
response = http.request req
p response.code
sleep 310
req = Net::HTTP::Get.new uri
response = http.request req
p response.code
end
$ ruby -v test.rb
ruby 2.1.5p273 (2014-11-13 revision 48405) [x86_64-darwin14.0]
"200"
/usr/local/lib/ruby/2.1.0/openssl/ssl.rb:178:in `post_connection_check': hostname "david.shanske.com" does not match the server certificate (OpenSSL::SSL::SSLError)
from /usr/local/lib/ruby/2.1.0/net/http.rb:922:in `connect'
from /usr/local/lib/ruby/2.1.0/net/http.rb:1447:in `begin_transport'
from /usr/local/lib/ruby/2.1.0/net/http.rb:1404:in `transport_request'
from /usr/local/lib/ruby/2.1.0/net/http.rb:1378:in `request'
from test.rb:10:in `block in <main>'
from /usr/local/lib/ruby/2.1.0/net/http.rb:853:in `start'
from /usr/local/lib/ruby/2.1.0/net/http.rb:583:in `start'
from test.rb:4:in `<main>'
~~~
---Files--------------------------------
net.http.bug10533.patch (685 Bytes)
net.http.bug10533-2.patch (884 Bytes)
--
https://bugs.ruby-lang.org/
next prev parent reply other threads:[~2015-06-18 9:05 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <redmine.issue-10533.20141121034156@ruby-lang.org>
2014-11-21 3:41 ` [ruby-core:66388] [ruby-trunk - Bug #10533] [Open] HTTP reconnection with SNI does not send correct hostname drbrain
2014-11-21 23:01 ` [ruby-core:66400] [ruby-trunk - Bug #10533] " drbrain
2014-11-21 23:02 ` [ruby-core:66401] [ruby-trunk - Bug #10533] [Assigned] " drbrain
2014-11-22 5:22 ` [ruby-core:66408] [ruby-trunk - Bug #10533] " drbrain
2014-11-25 6:55 ` [ruby-core:66453] " drbrain
2014-11-25 7:09 ` [ruby-core:66454] [ruby-trunk - Bug #10533] [Closed] " drbrain
2014-11-28 7:44 ` [ruby-core:66547] [ruby-trunk - Bug #10533] " usa
2015-02-17 17:09 ` [ruby-core:68155] [Ruby trunk " nagachika00
2015-06-12 9:02 ` [ruby-core:69544] " michiel
2015-06-17 13:40 ` [ruby-core:69631] " michiel
2015-06-18 8:36 ` [ruby-core:69648] " michiel
2015-06-18 8:51 ` [ruby-core:69649] " michiel
2015-06-18 9:27 ` michiel [this message]
2015-06-24 8:41 ` [ruby-core:69727] " aholstvoogd
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.ruby-lang.org/en/community/mailing-lists/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=redmine.journal-53004.20150618092751.2f3f568216d47bb4@ruby-lang.org \
--to=ruby-core@ruby-lang.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).