summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorshyouhei <shyouhei@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2007-09-24 08:12:24 +0000
committershyouhei <shyouhei@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2007-09-24 08:12:24 +0000
commitdf067e31c0cc3ced138b0f53767cfd458c7a5fc0 (patch)
treedb2ffcfc5b281fc21a36381aceb0bdef492b1490 /lib
parent50b224dd15c5e4aab0d04c5c5ad7d224fbeb1855 (diff)
* lib/net/http.rb: an SSL verification (the server hostname should
be matched with its certificate's commonName) is added. this verification can be skipped by "Net::HTTP#enable_post_connection_check=(false)". suggested by Chris Clark <cclark at isecpartners.com> * lib/net/open-uri.rb: use Net::HTTP#enable_post_connection_check to perform SSL post connection check. * ext/openssl/lib/openssl/ssl.c (OpenSSL::SSL::SSLSocket#post_connection_check): refine error message. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_6@13504 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'lib')
-rw-r--r--lib/net/http.rb12
-rw-r--r--lib/open-uri.rb11
2 files changed, 13 insertions, 10 deletions
diff --git a/lib/net/http.rb b/lib/net/http.rb
index 46d95b2..b48a91b 100644
--- a/lib/net/http.rb
+++ b/lib/net/http.rb
@@ -470,6 +470,7 @@ module Net #:nodoc:
@debug_output = nil
@use_ssl = false
@ssl_context = nil
+ @enable_post_connection_check = false
end
def inspect
@@ -526,6 +527,9 @@ module Net #:nodoc:
false # redefined in net/https
end
+ # specify enabling SSL server certificate and hostname checking.
+ attr_accessor :enable_post_connection_check
+
# Opens TCP connection and HTTP session.
#
# When this method is called with block, gives a HTTP object
@@ -584,6 +588,14 @@ module Net #:nodoc:
HTTPResponse.read_new(@socket).value
end
s.connect
+ if @ssl_context.verify_mode != OpenSSL::SSL::VERIFY_NONE
+ begin
+ s.post_connection_check(@address)
+ rescue OpenSSL::SSL::SSLError => ex
+ raise ex if @enable_post_connection_check
+ warn ex.message
+ end
+ end
end
on_connect
end
diff --git a/lib/open-uri.rb b/lib/open-uri.rb
index d69f7db..36a0639 100644
--- a/lib/open-uri.rb
+++ b/lib/open-uri.rb
@@ -229,6 +229,7 @@ module OpenURI
if target.class == URI::HTTPS
require 'net/https'
http.use_ssl = true
+ http.enable_post_connection_check = true
http.verify_mode = OpenSSL::SSL::VERIFY_PEER
store = OpenSSL::X509::Store.new
store.set_default_paths
@@ -240,16 +241,6 @@ module OpenURI
resp = nil
http.start {
- if target.class == URI::HTTPS
- # xxx: information hiding violation
- sock = http.instance_variable_get(:@socket)
- if sock.respond_to?(:io)
- sock = sock.io # 1.9
- else
- sock = sock.instance_variable_get(:@socket) # 1.8
- end
- sock.post_connection_check(target_host)
- end
req = Net::HTTP::Get.new(request_uri, header)
if options.include? :http_basic_authentication
user, pass = options[:http_basic_authentication]