diff options
| author | nagachika <nagachika@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2019-03-12 23:23:17 +0000 |
|---|---|---|
| committer | nagachika <nagachika@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2019-03-12 23:23:17 +0000 |
| commit | 0fd238c72f2952c5fa22841c1828c39e8c2faa95 (patch) | |
| tree | a19fde51048be687aa2726f7534a7a7970fe4526 /spec/ruby/shared/basicobject/method_missing.rb | |
| parent | b828c95bcac62b96adb64b602fa51cbd1c00b342 (diff) | |
merge revision(s) 64234,64252: [Backport #15219]
net/http, net/ftp: fix session resumption with TLS 1.3
When TLS 1.3 is in use, the session ticket may not have been sent yet
even though a handshake has finished. Also, the ticket could change if
multiple session ticket messages are sent by the server. Use
SSLContext#session_new_cb instead of calling SSLSocket#session
immediately after a handshake. This way also works with earlier protocol
versions.
net/http, net/ftp: skip SSL/TLS session resumption tests
Due to a bug in OpenSSL 1.1.0h[1] (it's only in this specific version;
it was introduced just before the release and is already fixed in their
stable branch), the callback set by SSLContext#session_new_cb= does not
get called for clients, making net/http and net/ftp not attempt session
resumption.
Let's disable the affected test cases for now. Another option would be
to fallback to using SSLSocket#session as we did before r64234. But
since only a single version is affected and hopefully a new stable
version containing the fix will be released in near future, I chose not
to add such workaround code to lib/.
[1] https://github.com/openssl/openssl/pull/5967
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_5@67237 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'spec/ruby/shared/basicobject/method_missing.rb')
0 files changed, 0 insertions, 0 deletions