From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Original-To: poffice@blade.nagaokaut.ac.jp Delivered-To: poffice@blade.nagaokaut.ac.jp Received: from kankan.nagaokaut.ac.jp (kankan.nagaokaut.ac.jp [133.44.2.24]) by blade.nagaokaut.ac.jp (Postfix) with ESMTP id 8285B1960007 for ; Thu, 18 Jun 2015 18:05:25 +0900 (JST) Received: from funfun.nagaokaut.ac.jp (smtp.nagaokaut.ac.jp [133.44.2.201]) by kankan.nagaokaut.ac.jp (Postfix) with ESMTP id 8DF39B5D8BD for ; Thu, 18 Jun 2015 18:28:08 +0900 (JST) Received: from funfun.nagaokaut.ac.jp (localhost.nagaokaut.ac.jp [127.0.0.1]) by funfun.nagaokaut.ac.jp (Postfix) with ESMTP id B0E8B97A82B for ; Thu, 18 Jun 2015 18:28:10 +0900 (JST) X-Virus-Scanned: amavisd-new at nagaokaut.ac.jp Authentication-Results: funfun.nagaokaut.ac.jp (amavisd-new); dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=sendgrid.me Received: from funfun.nagaokaut.ac.jp ([127.0.0.1]) by funfun.nagaokaut.ac.jp (funfun.nagaokaut.ac.jp [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lSpSF3euckyI for ; Thu, 18 Jun 2015 18:28:10 +0900 (JST) Received: from voscc.nagaokaut.ac.jp (voscc.nagaokaut.ac.jp [133.44.1.100]) by funfun.nagaokaut.ac.jp (Postfix) with ESMTP id 4C3A497A827 for ; Thu, 18 Jun 2015 18:28:10 +0900 (JST) Received: from neon.ruby-lang.org (neon.ruby-lang.org [221.186.184.75]) by voscc.nagaokaut.ac.jp (Postfix) with ESMTP id EA99695243E for ; Thu, 18 Jun 2015 18:28:07 +0900 (JST) Received: from [221.186.184.76] (localhost [IPv6:::1]) by neon.ruby-lang.org (Postfix) with ESMTP id E28D6120473; Thu, 18 Jun 2015 18:28:06 +0900 (JST) X-Original-To: ruby-core@ruby-lang.org Delivered-To: ruby-core@ruby-lang.org Received: from o2.heroku.sendgrid.net (o2.heroku.sendgrid.net [67.228.50.55]) by neon.ruby-lang.org (Postfix) with ESMTPS id B399E12046B for ; Thu, 18 Jun 2015 18:27:58 +0900 (JST) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sendgrid.me; h=from:to:references:subject:mime-version:content-type:content-transfer-encoding:list-id; s=smtpapi; bh=P5OF29gmh+kJTWocwkWkyfDSQaU=; b=m8cOuKl08PUtV4e9Sa LTRP9g1KNcsZa5Wv0VW75E1JH4+wSVQ1tQEkB38K7OEGrVo8OP9YWIzLTHRfduR9 2DqcfzIC7HvQHGmBEmzpzXycA1VgqHOsPf+/75T+cMewd3Y2QU/Zq1mLoWpREIcq 5yXr8tNAqZh0kiqseZT6/+huM= Received: by filter0650p1mdw1.sendgrid.net with SMTP id filter0650p1mdw1.10569.55828F1529 2015-06-18 09:27:52.830324137 +0000 UTC Received: from herokuapp.com (ec2-54-146-130-225.compute-1.amazonaws.com [54.146.130.225]) by ismtpd-042 (SG) with ESMTP id 14e05fef872.3ab7.1b2654 Thu, 18 Jun 2015 09:27:52 +0000 (UTC) Date: Thu, 18 Jun 2015 09:27:52 +0000 From: michiel@karnebeek.com To: ruby-core@ruby-lang.org Message-ID: References: Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Redmine-MailingListIntegration-Message-Ids: 44191 X-Redmine-Project: ruby-trunk X-Redmine-Issue-Id: 10533 X-Redmine-Issue-Author: drbrain X-Redmine-Issue-Assignee: drbrain X-Redmine-Sender: mkarnebeek X-Mailer: Redmine X-Redmine-Host: bugs.ruby-lang.org X-Redmine-Site: Ruby Issue Tracking System X-Auto-Response-Suppress: All Auto-Submitted: auto-generated X-SG-EID: ync6xU2WACa70kv/Ymy4QrNMhiuLXJG8OTL2vJD1yS5GTgsfBxIrJKYt2F+YPfEVm798vHAk1eQH4m LbpLQjuamWCH0s+K1HAiVlOCmrtoqQm+sVAgYNWS/0bMvxdRmuab9F1cjbhgmNVsplesbav3GG0ZF5 zbol6wDiMbX46GjoXnCbZgr9K/fZ7+kWH94l X-ML-Name: ruby-core X-Mail-Count: 69650 Subject: [ruby-core:69650] [Ruby trunk - Bug #10533] HTTP reconnection with SNI does not send correct hostname X-BeenThere: ruby-core@ruby-lang.org X-Mailman-Version: 2.1.15 Precedence: list Reply-To: Ruby developers List-Id: Ruby developers List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: ruby-core-bounces@ruby-lang.org Sender: "ruby-core" Issue #10533 has been updated by Michiel Karnebeek. Root cause seems to be in ossl_ssl.c: Net::Http calls `s.session=` (C-method `ossl_ssl_set_session`), which calls C-method `ossl_ssl_setup`, which only sets up the ssl client (`ssl`) once due to "`if(!ssl){`". The problem is that the hostname setting (the call to `SSL_set_tlsext_host_name`) is done within that "`if(!ssl){`" block. When later Net::Http calls `s.connect` (C-method `ossl_ssl_connect`), `ossl_ssl_setup` is called a second time, but it does not set up the hostname. ---------------------------------------- Bug #10533: HTTP reconnection with SNI does not send correct hostname https://bugs.ruby-lang.org/issues/10533#change-53004 * Author: Eric Hodel * Status: Closed * Priority: Normal * Assignee: Eric Hodel * ruby -v: ruby 2.1.5p273 (2014-11-13 revision 48405) [x86_64-darwin14.0] * Backport: 2.0.0: DONE, 2.1: DONE ---------------------------------------- When reconnecting after connection timeout on an SNI connection the server name is not sent during reconnect which results in a failed reconnection: ~~~ $ cat test.rb require 'net/http' uri = URI 'https://david.shanske.com' Net::HTTP.start uri.hostname, uri.port, use_ssl: true do |http| req = Net::HTTP::Get.new uri response = http.request req p response.code sleep 310 req = Net::HTTP::Get.new uri response = http.request req p response.code end $ ruby -v test.rb ruby 2.1.5p273 (2014-11-13 revision 48405) [x86_64-darwin14.0] "200" /usr/local/lib/ruby/2.1.0/openssl/ssl.rb:178:in `post_connection_check': hostname "david.shanske.com" does not match the server certificate (OpenSSL::SSL::SSLError) from /usr/local/lib/ruby/2.1.0/net/http.rb:922:in `connect' from /usr/local/lib/ruby/2.1.0/net/http.rb:1447:in `begin_transport' from /usr/local/lib/ruby/2.1.0/net/http.rb:1404:in `transport_request' from /usr/local/lib/ruby/2.1.0/net/http.rb:1378:in `request' from test.rb:10:in `block in
' from /usr/local/lib/ruby/2.1.0/net/http.rb:853:in `start' from /usr/local/lib/ruby/2.1.0/net/http.rb:583:in `start' from test.rb:4:in `
' ~~~ ---Files-------------------------------- net.http.bug10533.patch (685 Bytes) net.http.bug10533-2.patch (884 Bytes) -- https://bugs.ruby-lang.org/