diff options
Diffstat (limited to 'lib')
-rw-r--r-- | lib/net/http.rb | 12 | ||||
-rw-r--r-- | lib/open-uri.rb | 11 |
2 files changed, 13 insertions, 10 deletions
diff --git a/lib/net/http.rb b/lib/net/http.rb index b62f97d374..54721a49a4 100644 --- a/lib/net/http.rb +++ b/lib/net/http.rb @@ -470,6 +470,7 @@ module Net #:nodoc: @debug_output = nil @use_ssl = false @ssl_context = nil + @enable_post_connection_check = false end def inspect @@ -526,6 +527,9 @@ module Net #:nodoc: false # redefined in net/https end + # specify enabling SSL server certificate and hostname checking. + attr_accessor :enable_post_connection_check + # Opens TCP connection and HTTP session. # # When this method is called with block, gives a HTTP object @@ -584,6 +588,14 @@ module Net #:nodoc: HTTPResponse.read_new(@socket).value end s.connect + if @ssl_context.verify_mode != OpenSSL::SSL::VERIFY_NONE + begin + s.post_connection_check(@address) + rescue OpenSSL::SSL::SSLError => ex + raise ex if @enable_post_connection_check + warn ex.message + end + end end on_connect end diff --git a/lib/open-uri.rb b/lib/open-uri.rb index d69f7dbe41..36a0639a80 100644 --- a/lib/open-uri.rb +++ b/lib/open-uri.rb @@ -229,6 +229,7 @@ module OpenURI if target.class == URI::HTTPS require 'net/https' http.use_ssl = true + http.enable_post_connection_check = true http.verify_mode = OpenSSL::SSL::VERIFY_PEER store = OpenSSL::X509::Store.new store.set_default_paths @@ -240,16 +241,6 @@ module OpenURI resp = nil http.start { - if target.class == URI::HTTPS - # xxx: information hiding violation - sock = http.instance_variable_get(:@socket) - if sock.respond_to?(:io) - sock = sock.io # 1.9 - else - sock = sock.instance_variable_get(:@socket) # 1.8 - end - sock.post_connection_check(target_host) - end req = Net::HTTP::Get.new(request_uri, header) if options.include? :http_basic_authentication user, pass = options[:http_basic_authentication] |