| Age | Commit message (Collapse) | Author |
|---|
|
This list is out of date. At least OpenBSD since 2013 does not
allow one user to read the environment variables of a process
run by another user.
While we could try to keep the list updated, I think it's a bad
idea to not use the user/password from the environment, even if
another user on the system could read it. If http_proxy exists
in the environment, and other users can read it, it doesn't
make it more secure for Ruby to ignore it. You could argue that
it encourages poor security practices, but net/http should provide
mechanism, not policy.
Fixes [Bug #18908]
https://github.com/ruby/net-http/commit/1e4585153d
|
|
units
* Returning nil from the `content_range` method instead of raising an
error when the unit in the content-range header is not "bytes".
Fix https://bugs.ruby-lang.org/issues/11450
https://github.com/ruby/net-http/commit/0b5030dd86
Co-Authored-By: Nobuyoshi Nakada <nobu@ruby-lang.org>
|
|
This reverts commit 63546bfc1581d4abec2a0d846106a1c0afc0efa9.
|
|
* Added a nil check in Net::HTTPHeader#initialize_http_header for keys in the header that do not have any value
* Returning nil from the content_range method instead of raising an error when the unit in the content-range header is not bytes
* Modified initialize_http_header to match trunk
fix [Bug #11450]
fix https://github.com/ruby/ruby/pull/1018
Notes:
Merged-By: nurse <naruse@airemix.jp>
|
|
Handle missing session_new_cb= and do not call
session_cache_mode=, as JRuby SSL does not support
these methods.
https://github.com/ruby/net-http/commit/3237ef4d8c
|
|
The ignore_eof setting on HTTPResponse makes it so an EOFError is
raised when reading bodies with a defined Content-Length, if the
body read was truncated due to the socket be closed.
The ignore_eof setting on HTTP sets the values used in responses
that are created by the object.
For backwards compatibility, the default is for both settings is
true. However, unless you are specifically tested for and handling
truncated responses, it's a good idea to set ignore_eof to false so
that errors are raised for truncated responses, instead of those
errors silently being ignored.
Fixes [Bug #14972]
https://github.com/ruby/net-http/commit/4d47e34995
|
|
Previously, the content-encoding header was removed and the body
was modified, but the content-length header was not modified,
resulting in the content-length header not matching the body
length.
Don't delete content-length before yielding inflate body, as that
causes a switch to read the entire body instead of reading in
chunks.
Fixes [Bug #16672]
https://github.com/ruby/net-http/commit/58284e9710
Co-authored-by: st0012 <stan001212@gmail.com>
|
|
encoding
This allows for the ability to opt-in to a method to set the
encoding of response bodies. By setting the accessor to a String
or Encoding instance, it will use the specified encoding.
Setting the value of true will try to detect the encoding of the
response body, either using the Content-Type header (assuming it
specifies charset) or by scanning for a <meta> tag in the document
that specifies the encoding. The default is false in which case
no forcing of encoding will be done (same as before the patch).
Implements [Feature #2567]
Implements [Feature #15517]
https://github.com/ruby/net-http/commit/6233e6b7c1
Co-authored-by: Yui Naruse <naruse@ruby-lang.org>
|
|
This reverts commit https://github.com/ruby/net-http/commit/a7cb30124cf1.
This is causing errors in Ruby's CI, will revert for now and
try again after testing a fix with Ruby's CI.
https://github.com/ruby/net-http/commit/7b852b1feb
|
|
Previously, the content-encoding header was removed and the body
was modified, but the content-length header was not modified,
resulting in the content-length header not matching the body
length.
Fixes [Bug #16672]
https://github.com/ruby/net-http/commit/a7cb30124c
|
|
RFC 6066, section 3, explicitly disallows the use of an IP address
as an SNI server name. So check if the connection is being made
to an IP address using the resolv regexps, and do not set an SNI
hostname in that case.
Recent changes to LibreSSL make it more strictly follow RFC 6066,
resulting an s.hostname= raising an error if passed an IP address.
When such verions of LibreSSL are used, this change not only fixes
the net/http tests, it also fixes tests for webrick and open-uri,
which both make SSL connections to 127.0.0.1 using net/http in
their tests.
Avoid warning in the openssl extension by unsetting
@ssl_context.verify_hostname if connecting to an IP address.
Make changes so that the post_connection_check still happens
when connecting to an IP address, which is necessary to keep
checking that the certificate returned includes the IP address,
which one of the tests depends on.
Revert the previous change that modified the regexp used for
checking the error message.
https://github.com/ruby/net-http/commit/fa68e64bee
|
|
ref https://github.com/ruby/ruby/commit/da0f67c0383f57129c7a76255964b1ee739d8db8
https://github.com/ruby/net-http/commit/dbeb5f1c8f
|
|
Use `include?` instead.
https://github.com/ruby/net-http/commit/05022744a9
|
|
https://github.com/ruby/net-http/commit/843d4548de
|
|
Server Name Indication does not allow IP addresses (RFC 6066, section 3:
`Literal IPv4 and IPv6 addresses are not permitted in "HostName".`).
Recent versions of LibreSSL enforce this restriction, which raises
when setting the hostname to an IP address (s.hostname=), before
attempting to setup the SSL connection.
Since the certificate used in the test is already for localhost,
we cannot connect to localhost. However, as all the test does is
check for a specific exception, just modify the regexp used so it
handles both cases.
https://github.com/ruby/net-http/commit/6ab399db45
|
|
Notes:
Merged-By: k0kubun <takashikkbn@gmail.com>
|
|
|
|
https://github.com/ruby/net-http/commit/ca7bb8c51c
|
|
https://github.com/ruby/ruby/commit/52ab9bbee918c63faad32e3851b162691b984d40 makes a failure.
```
1) Failure:
HTTPRequestTest#test_initialize_HEAD [/tmp/ruby/v3/src/trunk/test/net/http/test_http_request.rb:53]:
<{"accept"=>["*/*"], "user-agent"=>["Ruby"]}> expected but was
<{"accept-encoding"=>["gzip;q=1.0,deflate;q=0.6,identity;q=0.3"],
"accept"=>["*/*"],
"user-agent"=>["Ruby"]}>.
```
I'm not sure it is correct, so please review later.
|
|
The last_communicated timestamp is for HTTP persistent connection, to
decide whether the current TCP connection may be reused for the
subsequent requests or not. Naturally, the timer must be reset if the
connection is recreated since it is no longer relevant.
https://github.com/ruby/net-http/commit/0a013de42d
|
|
https://github.com/ruby/net-http/commit/5bb14fd3bc
|
|
Notes:
Merged: https://github.com/ruby/ruby/pull/4691
|
|
The existing implementation of `Net::HTTP#write_timeout` relies on
`Net::BefferedIO` to trigger the `Net::WriteTimeout` error. This commit
changes `send_request_with_body_stream` to remove the optimization that
was making `Net::HTTP#write_timeout` not work when `body_stream` is
used.
Open issue:
https://bugs.ruby-lang.org/issues/17933
https://github.com/ruby/net-http/commit/a0fab1ab52
|
|
It is not used in net/http library code since commit 15ccd0118c13
(r36473 in ruby svn trunk, 2012).
require's in test suite are also cleaned up.
https://github.com/ruby/net-http/commit/996d18a43f
|
|
Notes:
Merged: https://github.com/ruby/ruby/pull/4424
|
|
|
|
If someone sets an env variable defining a http_proxy, containing a
username / password with percent-encoded characters, then the resulting
base64 encoded auth header will be wrong.
For example, suppose a username is `Y\X` and the password is `R%S] ?X`.
Properly URL encoded the proxy url would be:
http://Y%5CX:R%25S%5D%20%3FX@proxy.example:8000
The resulting proxy auth header should be: `WVxYOlIlU10gP1g=`, but the
getters defined by ruby StdLib `URI` return a username `Y%5CX` and
password `R%25S%5D%20%3FX`, resulting in `WSU1Q1g6UiUyNVMlNUQlMjAlM0ZY`.
As a result the proxy will deny the request.
Please note that this is my first contribution to the ruby ecosystem, to
standard lib especially and I am not a ruby developer.
References:
- https://gitlab.com/gitlab-org/gitlab/-/issues/289836
- https://bugs.ruby-lang.org/projects/ruby-master/repository/trunk/revisions/58461
- https://bugs.ruby-lang.org/issues/17542
https://github.com/ruby/net-http/commit/e57d4f38aa
|
|
```
.../ruby/test/net/http/test_httpresponse.rb:81: warning: constant RubyVM::MJIT is deprecated
```
|
|
https://github.com/ruby/net-http/commit/abc6ea1877
|
|
because the name "MJIT" is an internal code name, it's inconsistent with
--jit while they are related to each other, and I want to discourage future
JIT implementation-specific (e.g. MJIT-specific) APIs by this rename.
[Feature #17490]
|
|
* Otherwise those tests, etc cannot run on alternative Ruby implementations.
|
|
The expected certs must be `[CA_CERT, SERVER_CERT]` before 1.1.1g and
`[SERVER_CERT]` after 1.1.1h.
|
|
... depending upon the environment.
|
|
On some environments that uses OpenSSL 1.1.1h, the two tests now fail.
http://rubyci.s3.amazonaws.com/android29-x86_64/ruby-master/log/20200924T062352Z.fail.html.gz
https://github.com/ruby/ruby/runs/1159288773?check_suite_focus=true
```
1) Failure:
TestNetHTTPS#test_get [/data/data/com.termux/files/home/cb/tmp/build/20200924T062352Z/ruby/test/net/http/test_https.rb:47]:
<"0\x82\x03\xED0\x82\x02\xD5\xA0\x03..."> expected but was
<"0\x82\x03\xE30\x82\x02\xCB\xA0\x03...">.
```
Not sure why, but verify_callback now seems to receive only SERVER_CERT
but not CA_CERT.
It would be good to investigate the issue furthermore, but tentatively,
I want to stop the failures.
|
|
https://github.com/ruby/net-http/commit/5ae9620fbc
|
|
invalid_servername is not a valid name in an SSL request due to
the use of the underscore, and LibreSSL 3.2.0 will raise an
exception for this. These tests are not testing the allowed
characters in the server name, but how net/http handles cases where
the server name provided does not match the IP address you are
trying to connect to, so I think it's better to just modify the
tests to use a correct format.
While here, fix a typo in a test name, and use better code in the
ensure block so the same test doesn't issue both a failure and an
error.
https://github.com/ruby/net-http/commit/0e8dc91120
|
|
|
|
It failed again
http://ci.rvm.jp/results/trunk-mjit-wait@silicon-docker/3018488
|
|
This tries to fix a random failure like
http://ci.rvm.jp/results/trunk-mjit-wait@silicon-docker/3017837
|
|
The test fails randomly on the CI of OpenCSW SPARC Solaris 10:
https://rubyci.org/logs/rubyci.s3.amazonaws.com/unstable10s/ruby-master/log/20200321T091909Z.fail.html.gz
```
1) Failure:
TestNetHTTP_v1_2_chunked#test_timeout_during_HTTP_session [/export/home/rubyci/unstable10s/tmp/build/20200321T091909Z/ruby/test/net/http/test_http.rb:575]:
[Net::ReadTimeout] exception expected, not #<Net::OpenTimeout: execution expired>.
```
The environment uses RUBY_TEST_SUBPROCESS_TIMEOUT_SCALE=20, so the open
timeout 0.1 sec. means 2.0 sec. for the environment, but it seems too
strict because the environment is painfully slow.
|
|
* Let Net::HTTP.get take request headers
* Add more test cases for no header usages
* Add examples with request headers
* Add a NEWS entry [ci skip]
[Feature #16686]
Notes:
Merged-By: k0kubun <takashikkbn@gmail.com>
|
|
|
|
test/net/http/test_https.rb: rename fixture methods to read_fixture
because it conflicts with test-unit gem.
|
|
According to https://github.com/ruby/openssl/pull/60,
> Currently an user who wants to do the hostname verification needs to
call SSLSocket#post_connection_check explicitly after the TLS connection
is established.
if an user who wants to skip the hostname verification,
SSLSocket#post_connection_check doesn't need to be called
https://bugs.ruby-lang.org/issues/16555
|
|
This reverts commit 5105240b1e851410020b3b3f1a2bead7ffdd4291.
In RFC 2616:
```
deflate
The "zlib" format defined in RFC 1950 [31] in combination with
the "deflate" compression mechanism described in RFC 1951 [29].
```
So "Content-Encoding: deflate" means zlib format, not raw deflate.
[Bug #11268]
|
|
Net::HTTP had used `Zlib::Inflate.new(32 + Zlib::MAX_WBITS)` for all
content encoding (deflate, zlib, and gzip).
But the argument `32 + Zlib::MAX_WBITS` means zlib and gzip decoding
with automatic header detection, so (raw) deflate compression had not
been supported.
This change makes it support raw deflate correctly by passing an
argument `-Zlib::MAX_WBITS` (which means raw deflate) to
`Zlib::Inflate.new`. All deflate-mode tests are fixed too.
[Bug #11268]
|
|
54072e329cab7207fba133caba4fc12b45add8f9
|
|
Because the test fails under HTTP proxy settings.
https://rubyci.org/logs/rubyci.s3.amazonaws.com/solaris10-gcc/ruby-master/log/20191210T000004Z.fail.html.gz
```
1) Failure:
TestNetHTTPS#test_get_SNI_failure [/export/home/users/chkbuild/cb-gcc/tmp/build/20191210T000004Z/ruby/test/net/http/test_https.rb:81]:
[OpenSSL::SSL::SSLError] exception expected, not #<Net::HTTPServerException: 403 "Forbidden">.
```
The new SNI feature introduced at 54072e329c may need to be improved for
HTTP proxy environment.
|
|
to replace the address for TCP/IP connection [Feature #5180]
There're 3 layers of hostname:
* host address for TCP/IP
* TLS server name
* HTTP Host header value
To test DNS round robin or check server certificate from server local,
people sometimes want to connect server with given IP address but keep
TLS server name and HTTP Host header value.
closes [Feature #15215]
closes https://github.com/ruby/ruby/pull/1893
closes https://github.com/ruby/ruby/pull/1977
|
|
An EPIPE when sending the request should be ignored. Even if you
cannot write more data, you may still be able to read the server's
response.
Fixes [Bug #14466]
Notes:
Merged: https://github.com/ruby/ruby/pull/2494
|
