3 files changed, 82 insertions, 35 deletions

diff --git a/lib/webrick/https.rb b/lib/webrick/https.rb
index 1494973e74..4826654d3a 100644
--- a/lib/webrick/https.rb
+++ b/lib/webrick/https.rb
@@ -131,5 +131,22 @@ module WEBrick
       server = lookup_server(req)
       server ? server.ssl_context : nil
     end
+
+    # :stopdoc:
+
+    ##
+    # Check whether +server+ is also SSL server.
+    # Also +server+'s SSL context will be created.
+
+    alias orig_virtual_host virtual_host
+
+    def virtual_host(server)
+      if @config[:SSLEnable] && !server.ssl_context
+        raise ArgumentError, "virtual host must set SSLEnable to true"
+      end
+      orig_virtual_host(server)
+    end
+
+    # :startdoc:
   end
 end
diff --git a/lib/webrick/ssl.rb b/lib/webrick/ssl.rb
index a30cbc3699..8a334eaff1 100644
--- a/lib/webrick/ssl.rb
+++ b/lib/webrick/ssl.rb
@@ -147,7 +147,13 @@ module WEBrick
     # SSL context for the server when run in SSL mode
 
     def ssl_context # :nodoc:
-      @ssl_context ||= nil
+      @ssl_context ||= begin
+        if @config[:SSLEnable]
+          ssl_context = setup_ssl_context(@config)
+          @logger.info("\n" + @config[:SSLCertificate].to_text)
+          ssl_context
+        end
+      end
     end
 
     undef listen
@@ -158,10 +164,6 @@ module WEBrick
     def listen(address, port) # :nodoc:
       listeners = Utils::create_listeners(address, port)
       if @config[:SSLEnable]
-        unless ssl_context
-          @ssl_context = setup_ssl_context(@config)
-          @logger.info("\n" + @config[:SSLCertificate].to_text)
-        end
         listeners.collect!{|svr|
           ssvr = ::OpenSSL::SSL::SSLServer.new(svr, ssl_context)
           ssvr.start_immediately = @config[:SSLStartImmediately]
diff --git a/test/webrick/test_https.rb b/test/webrick/test_https.rb
index 30c8019c92..ec0aac354a 100644
--- a/test/webrick/test_https.rb
+++ b/test/webrick/test_https.rb
@@ -28,57 +28,85 @@ class TestWEBrickHTTPS < Test::Unit::TestCase
     super
   end
 
-  def https_get(addr, port, hostname, path)
+  def https_get(addr, port, hostname, path, verifyname = nil)
+    subject = nil
     http = HTTPSNITest.new(addr, port)
     http.use_ssl = true
     http.verify_mode = OpenSSL::SSL::VERIFY_NONE
+    http.verify_callback = proc { |x, store| subject = store.chain[0].subject.to_s; x }
     http.sni_hostname = hostname
     req = Net::HTTP::Get.new(path)
     req["Host"] = "#{hostname}:#{port}"
-    http.request(req).body
+    response = http.start { http.request(req).body }
+    assert_equal("/CN=#{verifyname || hostname}", subject)
+    response
   end
 
   def test_sni
     config = {
       :ServerName => "localhost",
       :SSLEnable => true,
-      :SSLCertName => "/CN=locahost",
+      :SSLCertName => "/CN=localhost",
     }
     TestWEBrick.start_httpserver(config){|server, addr, port, log|
       server.mount_proc("/") {|req, res| res.body = "master" }
 
-      vhost_config1 = {
-        :ServerName => "vhost1",
-        :Port => port,
-        :DoNotListen => true,
-        :Logger => NoLog,
-        :AccessLog => [],
-        :SSLEnable => true,
-        :SSLCertName => "/CN=vhost1",
-      }
-      vhost1 = WEBrick::HTTPServer.new(vhost_config1)
-      vhost1.mount_proc("/") {|req, res| res.body = "vhost1" }
-      server.virtual_host(vhost1)
+      # catch stderr in create_self_signed_cert
+      stderr_buffer = StringIO.new
+      old_stderr, $stderr = $stderr, stderr_buffer
 
-      vhost_config2 = {
-        :ServerName => "vhost2",
-        :ServerAlias => ["vhost2alias"],
-        :Port => port,
-        :DoNotListen => true,
-        :Logger => NoLog,
-        :AccessLog => [],
-        :SSLEnable => true,
-        :SSLCertName => "/CN=vhost2",
-      }
-      vhost2 = WEBrick::HTTPServer.new(vhost_config2)
-      vhost2.mount_proc("/") {|req, res| res.body = "vhost2" }
-      server.virtual_host(vhost2)
+      begin
+        vhost_config1 = {
+          :ServerName => "vhost1",
+          :Port => port,
+          :DoNotListen => true,
+          :Logger => NoLog,
+          :AccessLog => [],
+          :SSLEnable => true,
+          :SSLCertName => "/CN=vhost1",
+        }
+        vhost1 = WEBrick::HTTPServer.new(vhost_config1)
+        vhost1.mount_proc("/") {|req, res| res.body = "vhost1" }
+        server.virtual_host(vhost1)
 
+        vhost_config2 = {
+          :ServerName => "vhost2",
+          :ServerAlias => ["vhost2alias"],
+          :Port => port,
+          :DoNotListen => true,
+          :Logger => NoLog,
+          :AccessLog => [],
+          :SSLEnable => true,
+          :SSLCertName => "/CN=vhost2",
+        }
+        vhost2 = WEBrick::HTTPServer.new(vhost_config2)
+        vhost2.mount_proc("/") {|req, res| res.body = "vhost2" }
+        server.virtual_host(vhost2)
+      ensure
+        # restore stderr
+        $stderr = old_stderr
+      end
+
+      assert_match(/\A([.+*]+\n)+\z/, stderr_buffer.string)
       assert_equal("master", https_get(addr, port, "localhost", "/localhost"))
-      assert_equal("master", https_get(addr, port, "unknown", "/unknown"))
+      assert_equal("master", https_get(addr, port, "unknown", "/unknown", "localhost"))
       assert_equal("vhost1", https_get(addr, port, "vhost1", "/vhost1"))
       assert_equal("vhost2", https_get(addr, port, "vhost2", "/vhost2"))
-      assert_equal("vhost2", https_get(addr, port, "vhost2alias", "/vhost2alias"))
+      assert_equal("vhost2", https_get(addr, port, "vhost2alias", "/vhost2alias", "vhost2"))
+    }
+  end
+
+  def test_check_ssl_virtual
+    config = {
+      :ServerName => "localhost",
+      :SSLEnable => true,
+      :SSLCertName => "/CN=localhost",
+    }
+    TestWEBrick.start_httpserver(config){|server, addr, port, log|
+      assert_raise ArgumentError do
+        vhost = WEBrick::HTTPServer.new({:DoNotListen => true, :Logger => NoLog})
+        server.virtual_host(vhost)
+      end
     }
   end
 end