diff options
author | rhe <rhe@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2018-08-08 14:13:55 +0000 |
---|---|---|
committer | rhe <rhe@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2018-08-08 14:13:55 +0000 |
commit | 1dfc377ae3b174b043d3f0ed36de57b0296b34d0 (patch) | |
tree | 88227c69fed008bdf8302805af933dfd4dbb9844 /lib/net/ftp.rb | |
parent | a0f292bbcd6421b0cb87b84cb34887c7e020727b (diff) | |
download | ruby-1dfc377ae3b174b043d3f0ed36de57b0296b34d0.tar.gz |
net/http, net/ftp: fix session resumption with TLS 1.3
When TLS 1.3 is in use, the session ticket may not have been sent yet
even though a handshake has finished. Also, the ticket could change if
multiple session ticket messages are sent by the server. Use
SSLContext#session_new_cb instead of calling SSLSocket#session
immediately after a handshake. This way also works with earlier protocol
versions.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@64234 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'lib/net/ftp.rb')
-rw-r--r-- | lib/net/ftp.rb | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/lib/net/ftp.rb b/lib/net/ftp.rb index c3ee47ef4d..9902f9dc65 100644 --- a/lib/net/ftp.rb +++ b/lib/net/ftp.rb @@ -230,6 +230,10 @@ module Net if defined?(VerifyCallbackProc) @ssl_context.verify_callback = VerifyCallbackProc end + @ssl_context.session_cache_mode = + OpenSSL::SSL::SSLContext::SESSION_CACHE_CLIENT | + OpenSSL::SSL::SSLContext::SESSION_CACHE_NO_INTERNAL_STORE + @ssl_context.session_new_cb = proc {|sock, sess| @ssl_session = sess } @ssl_session = nil if options[:private_data_connection].nil? @private_data_connection = true @@ -349,7 +353,6 @@ module Net if @ssl_context.verify_mode != VERIFY_NONE ssl_sock.post_connection_check(@host) end - @ssl_session = ssl_sock.session return ssl_sock end private :start_tls_session |