merge revision(s) 13657:

	* lib/net/http.rb, lib/open-uri.rb: remove
	  Net::HTTP#enable_post_connection_check.  [ruby-dev:31960]
	* lib/net/imap.rb: hostname should be verified against server's
	  indentity as persented in the server's certificate. [ruby-dev:31960]
	* ext/openssl/lib/net/telnets.rb, ext/openssl/lib/net/ftptls.rb: ditto.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_6@16878 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

2 files changed, 13 insertions, 0 deletions

diff --git a/ext/openssl/lib/net/ftptls.rb b/ext/openssl/lib/net/ftptls.rb
index f433457923..a21c1f6c3c 100644
--- a/ext/openssl/lib/net/ftptls.rb
+++ b/ext/openssl/lib/net/ftptls.rb
@@ -29,13 +29,23 @@ require 'net/ftp'
 
 module Net
   class FTPTLS < FTP
+    def connect(host, port=FTP_PORT)
+      @hostname = host
+      super
+    end
+
     def login(user = "anonymous", passwd = nil, acct = nil)
+       store = OpenSSL::X509::Store.new
+       store.set_default_paths
        ctx = OpenSSL::SSL::SSLContext.new('SSLv23')
+       ctx.cert_store = store
+       ctx.verify_mode = OpenSSL::SSL::VERIFY_PEER
        ctx.key = nil
        ctx.cert = nil
        voidcmd("AUTH TLS")
        @sock = OpenSSL::SSL::SSLSocket.new(@sock, ctx)
        @sock.connect
+       @sock.post_connection_check(@hostname)
        super(user, passwd, acct)
        voidcmd("PBSZ 0")
     end
diff --git a/ext/openssl/lib/net/telnets.rb b/ext/openssl/lib/net/telnets.rb
index a872f41e6a..2b69280432 100644
--- a/ext/openssl/lib/net/telnets.rb
+++ b/ext/openssl/lib/net/telnets.rb
@@ -134,6 +134,9 @@ module Net
             @sock.verify_callback = @options['VerifyCallback']
             @sock.verify_depth    = @options['VerifyDepth']
             @sock.connect
+            if @options['VerifyMode'] != OpenSSL::SSL::VERIFY_NONE
+              @sock.post_connection_check(@options['Host'])
+            end
             @ssl = true
           end
           ''