diff options
author | Yuta Iwama <ganmacs@gmail.com> | 2020-01-23 17:23:17 +0900 |
---|---|---|
committer | NARUSE, Yui <nurse@users.noreply.github.com> | 2020-01-23 17:23:17 +0900 |
commit | be6931f7f7d2eed46226f0cc452de64cdeec0dab (patch) | |
tree | 5580616d9863888093e276494313f07d534bf19e /lib/net/http.rb | |
parent | 890200e85e5237d9656a6b72e792effbcaa5460a (diff) | |
download | ruby-be6931f7f7d2eed46226f0cc452de64cdeec0dab.tar.gz |
Add #verify_hostname= and #verify_hostname to skip hostname verification (#2858)
According to https://github.com/ruby/openssl/pull/60,
> Currently an user who wants to do the hostname verification needs to
call SSLSocket#post_connection_check explicitly after the TLS connection
is established.
if an user who wants to skip the hostname verification,
SSLSocket#post_connection_check doesn't need to be called
https://bugs.ruby-lang.org/issues/16555
Diffstat (limited to 'lib/net/http.rb')
-rw-r--r-- | lib/net/http.rb | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/lib/net/http.rb b/lib/net/http.rb index 88a174a248..de9963d18c 100644 --- a/lib/net/http.rb +++ b/lib/net/http.rb @@ -844,6 +844,7 @@ module Net #:nodoc: :@verify_callback, :@verify_depth, :@verify_mode, + :@verify_hostname, ] SSL_ATTRIBUTES = [ :ca_file, @@ -859,6 +860,7 @@ module Net #:nodoc: :verify_callback, :verify_depth, :verify_mode, + :verify_hostname, ] # Sets path of a CA certification file in PEM format. @@ -908,6 +910,10 @@ module Net #:nodoc: # OpenSSL::SSL::VERIFY_NONE or OpenSSL::SSL::VERIFY_PEER are acceptable. attr_accessor :verify_mode + # Sets to check the server certificate is valid for the hostname. + # See OpenSSL::SSL::SSLContext#verify_hostname= + attr_accessor :verify_hostname + # Returns the X.509 certificates the server presented. def peer_cert if not use_ssl? or not @socket @@ -986,9 +992,11 @@ module Net #:nodoc: ssl_parameters = Hash.new iv_list = instance_variables SSL_IVNAMES.each_with_index do |ivname, i| - if iv_list.include?(ivname) and + if iv_list.include?(ivname) value = instance_variable_get(ivname) - ssl_parameters[SSL_ATTRIBUTES[i]] = value if value + unless value.nil? + ssl_parameters[SSL_ATTRIBUTES[i]] = value + end end end @ssl_context = OpenSSL::SSL::SSLContext.new @@ -1007,7 +1015,7 @@ module Net #:nodoc: s.session = @ssl_session end ssl_socket_connect(s, @open_timeout) - if @ssl_context.verify_mode != OpenSSL::SSL::VERIFY_NONE + if (@ssl_context.verify_mode != OpenSSL::SSL::VERIFY_NONE) && @ssl_context.verify_hostname s.post_connection_check(@address) end D "SSL established, protocol: #{s.ssl_version}, cipher: #{s.cipher[0]}" |