merge revision(s) 56576,56623: [Backport #12678] [Backport #13429]

	* lib/net/smtp.rb (tlsconnect): support timeout for TLS handshake.
	  [ruby-core:76893] [Bug #12678]

	* lib/net/protocol.rb (ssl_socket_connect): new method to implement
	  timeout for TLS handshake.

	* lib/net/http.rb (connect): use Net::Protocol#ssl_socket_connect.

	* test/net/smtp/test_smtp.rb (test_tls_connect, test_tls_connect):
	  use Socket.tcp_server_sockets in case localhost is resolved to ::1.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59533 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

7 files changed, 113 insertions, 18 deletions

diff --git a/ChangeLog b/ChangeLog
index 23a7cfcf21..5f53bf20a2 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,18 @@
+Wed Aug  9 17:10:27 2017  Shugo Maeda  <shugo@ruby-lang.org>
+
+	* test/net/smtp/test_smtp.rb (test_tls_connect, test_tls_connect):
+	  use Socket.tcp_server_sockets in case localhost is resolved to ::1.
+
+Wed Aug  9 17:10:27 2017  Shugo Maeda  <shugo@ruby-lang.org>
+
+	* lib/net/smtp.rb (tlsconnect): support timeout for TLS handshake.
+	  [ruby-core:76893] [Bug #12678]
+
+	* lib/net/protocol.rb (ssl_socket_connect): new method to implement
+	  timeout for TLS handshake.
+
+	* lib/net/http.rb (connect): use Net::Protocol#ssl_socket_connect.
+
 Fri Jul  7 10:58:10 2017  Eric Wong  <e@80x24.org>
 
 	This backport of r58812 is necessary to ease backporting r59028,
diff --git a/lib/net/http.rb b/lib/net/http.rb
index 84951c7697..25fa1d6888 100644
--- a/lib/net/http.rb
+++ b/lib/net/http.rb
@@ -925,21 +925,7 @@ module Net   #:nodoc:
              Process.clock_gettime(Process::CLOCK_REALTIME) < @ssl_session.time.to_f + @ssl_session.timeout
             s.session = @ssl_session if @ssl_session
           end
-          if timeout = @open_timeout
-            while true
-              raise Net::OpenTimeout if timeout <= 0
-              start = Process.clock_gettime Process::CLOCK_MONOTONIC
-              # to_io is required because SSLSocket doesn't have wait_readable yet
-              case s.connect_nonblock(exception: false)
-              when :wait_readable; s.to_io.wait_readable(timeout)
-              when :wait_writable; s.to_io.wait_writable(timeout)
-              else; break
-              end
-              timeout -= Process.clock_gettime(Process::CLOCK_MONOTONIC) - start
-            end
-          else
-            s.connect
-          end
+          ssl_socket_connect(s, @open_timeout)
           if @ssl_context.verify_mode != OpenSSL::SSL::VERIFY_NONE
             s.post_connection_check(@address)
           end
diff --git a/lib/net/protocol.rb b/lib/net/protocol.rb
index b53370931a..6b75b94cda 100644
--- a/lib/net/protocol.rb
+++ b/lib/net/protocol.rb
@@ -34,6 +34,24 @@ module Net # :nodoc:
         end
       End
     end
+
+    def ssl_socket_connect(s, timeout)
+      if timeout
+        while true
+          raise Net::OpenTimeout if timeout <= 0
+          start = Process.clock_gettime Process::CLOCK_MONOTONIC
+          # to_io is required because SSLSocket doesn't have wait_readable yet
+          case s.connect_nonblock(exception: false)
+          when :wait_readable; s.to_io.wait_readable(timeout)
+          when :wait_writable; s.to_io.wait_writable(timeout)
+          else; break
+          end
+          timeout -= Process.clock_gettime(Process::CLOCK_MONOTONIC) - start
+        end
+      else
+        s.connect
+      end
+    end
   end
 
 
diff --git a/lib/net/smtp.rb b/lib/net/smtp.rb
index 78f2181d2a..500916c17e 100644
--- a/lib/net/smtp.rb
+++ b/lib/net/smtp.rb
@@ -170,7 +170,7 @@ module Net
   #     Net::SMTP.start('your.smtp.server', 25, 'mail.from.domain',
   #                     'Your Account', 'Your Password', :cram_md5)
   #
-  class SMTP
+  class SMTP < Protocol
 
     Revision = %q$Revision$.split[1]
 
@@ -584,7 +584,7 @@ module Net
       s = ssl_socket(s, @ssl_context)
       logging "TLS connection started"
       s.sync_close = true
-      s.connect
+      ssl_socket_connect(s, @open_timeout)
       if @ssl_context.verify_mode != OpenSSL::SSL::VERIFY_NONE
         s.post_connection_check(@address)
       end
diff --git a/test/net/smtp/test_smtp.rb b/test/net/smtp/test_smtp.rb
index 3bcceb6fc5..da85331805 100644
--- a/test/net/smtp/test_smtp.rb
+++ b/test/net/smtp/test_smtp.rb
@@ -5,6 +5,10 @@ require 'test/unit'
 
 module Net
   class TestSMTP < Test::Unit::TestCase
+    CA_FILE = File.expand_path("../imap/cacert.pem", __dir__)
+    SERVER_KEY = File.expand_path("../imap/server.key", __dir__)
+    SERVER_CERT = File.expand_path("../imap/server.crt", __dir__)
+
     class FakeSocket
       attr_reader :write_io
 
@@ -98,5 +102,72 @@ module Net
         smtp.rcptto("foo\r\nbar")
       end
     end
+
+    def test_tls_connect
+      servers = Socket.tcp_server_sockets("localhost", 0)
+      ctx = OpenSSL::SSL::SSLContext.new
+      ctx.ca_file = CA_FILE
+      ctx.key = File.open(SERVER_KEY) { |f|
+        OpenSSL::PKey::RSA.new(f)
+      }
+      ctx.cert = File.open(SERVER_CERT) { |f|
+        OpenSSL::X509::Certificate.new(f)
+      }
+      begin
+        sock = nil
+        Thread.start do
+          s = accept(servers)
+          sock = OpenSSL::SSL::SSLSocket.new(s, ctx)
+          sock.sync_close = true
+          sock.accept
+          sock.write("220 localhost Service ready\r\n")
+          sock.gets
+          sock.write("250 localhost\r\n")
+          sock.gets
+          sock.write("221 localhost Service closing transmission channel\r\n")
+        end
+        smtp = Net::SMTP.new("localhost", servers[0].local_address.ip_port)
+        smtp.enable_tls
+        smtp.open_timeout = 0.1
+        smtp.start do
+        end
+      ensure
+        sock.close if sock
+        servers.each(&:close)
+      end
+    end
+
+    def test_tls_connect_timeout
+      servers = Socket.tcp_server_sockets("localhost", 0)
+      begin
+        sock = nil
+        Thread.start do
+          sock = accept(servers)
+        end
+        smtp = Net::SMTP.new("localhost", servers[0].local_address.ip_port)
+        smtp.enable_tls
+        smtp.open_timeout = 0.1
+        assert_raise(Net::OpenTimeout) do
+          smtp.start do
+          end
+        end
+      ensure
+        sock.close if sock
+        servers.each(&:close)
+      end
+    end
+
+    private
+
+    def accept(servers)
+      loop do
+        readable, = IO.select(servers.map(&:to_io))
+        readable.each do |r|
+          sock, addr = r.accept_nonblock(exception: false)
+          next if sock == :wait_readable
+          return sock
+        end
+      end
+    end
   end
 end
diff --git a/test/net/smtp/test_ssl_socket.rb b/test/net/smtp/test_ssl_socket.rb
index 20792190c8..354f413040 100644
--- a/test/net/smtp/test_ssl_socket.rb
+++ b/test/net/smtp/test_ssl_socket.rb
@@ -7,6 +7,11 @@ module Net
     class MySMTP < SMTP
       attr_accessor :fake_tcp, :fake_ssl
 
+      def initialize(*args)
+        super(*args)
+        @open_timeout = nil
+      end
+
       def tcp_socket address, port
         fake_tcp
       end
diff --git a/version.h b/version.h
index da35261ff3..9817a2657a 100644
--- a/version.h
+++ b/version.h
@@ -1,6 +1,6 @@
 #define RUBY_VERSION "2.3.5"
 #define RUBY_RELEASE_DATE "2017-08-09"
-#define RUBY_PATCHLEVEL 345
+#define RUBY_PATCHLEVEL 346
 
 #define RUBY_RELEASE_YEAR 2017
 #define RUBY_RELEASE_MONTH 8