1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
|
Index: ext/openssl/lib/openssl/ssl.rb
===================================================================
--- ext/openssl/lib/openssl/ssl.rb (revision 13503)
+++ ext/openssl/lib/openssl/ssl.rb (revision 13504)
@@ -88,7 +88,7 @@
end
}
end
- raise SSLError, "hostname not match"
+ raise SSLError, "hostname was not match with the server certificate"
end
end
Index: ChangeLog
===================================================================
--- ChangeLog (revision 13503)
+++ ChangeLog (revision 13504)
@@ -1,3 +1,17 @@
+Sun Sep 23 21:57:25 2007 GOTOU Yuuzou <gotoyuzo@notwork.org>
+
+ * lib/net/http.rb: an SSL verification (the server hostname should
+ be matched with its certificate's commonName) is added.
+ this verification can be skipped by
+ "Net::HTTP#enable_post_connection_check=(false)".
+ suggested by Chris Clark <cclark at isecpartners.com>
+
+ * lib/net/open-uri.rb: use Net::HTTP#enable_post_connection_check to
+ perform SSL post connection check.
+
+ * ext/openssl/lib/openssl/ssl.c
+ (OpenSSL::SSL::SSLSocket#post_connection_check): refine error message.
+
Sun Sep 23 07:49:49 2007 Nobuyoshi Nakada <nobu@ruby-lang.org>
* eval.c, intern.h, ext/thread/thread.c: should not free queue while
Index: version.h
===================================================================
--- version.h (revision 13503)
+++ version.h (revision 13504)
@@ -1,15 +1,15 @@
#define RUBY_VERSION "1.8.6"
-#define RUBY_RELEASE_DATE "2007-09-23"
+#define RUBY_RELEASE_DATE "2007-09-24"
#define RUBY_VERSION_CODE 186
-#define RUBY_RELEASE_CODE 20070923
-#define RUBY_PATCHLEVEL 110
+#define RUBY_RELEASE_CODE 20070924
+#define RUBY_PATCHLEVEL 111
#define RUBY_VERSION_MAJOR 1
#define RUBY_VERSION_MINOR 8
#define RUBY_VERSION_TEENY 6
#define RUBY_RELEASE_YEAR 2007
#define RUBY_RELEASE_MONTH 9
-#define RUBY_RELEASE_DAY 23
+#define RUBY_RELEASE_DAY 24
#ifdef RUBY_EXTERN
RUBY_EXTERN const char ruby_version[];
Index: lib/open-uri.rb
===================================================================
--- lib/open-uri.rb (revision 13503)
+++ lib/open-uri.rb (revision 13504)
@@ -229,6 +229,7 @@
if target.class == URI::HTTPS
require 'net/https'
http.use_ssl = true
+ http.enable_post_connection_check = true
http.verify_mode = OpenSSL::SSL::VERIFY_PEER
store = OpenSSL::X509::Store.new
store.set_default_paths
@@ -240,16 +241,6 @@
resp = nil
http.start {
- if target.class == URI::HTTPS
- # xxx: information hiding violation
- sock = http.instance_variable_get(:@socket)
- if sock.respond_to?(:io)
- sock = sock.io # 1.9
- else
- sock = sock.instance_variable_get(:@socket) # 1.8
- end
- sock.post_connection_check(target_host)
- end
req = Net::HTTP::Get.new(request_uri, header)
if options.include? :http_basic_authentication
user, pass = options[:http_basic_authentication]
Index: lib/net/http.rb
===================================================================
--- lib/net/http.rb (revision 13503)
+++ lib/net/http.rb (revision 13504)
@@ -470,6 +470,7 @@
@debug_output = nil
@use_ssl = false
@ssl_context = nil
+ @enable_post_connection_check = false
end
def inspect
@@ -526,6 +527,9 @@
false # redefined in net/https
end
+ # specify enabling SSL server certificate and hostname checking.
+ attr_accessor :enable_post_connection_check
+
# Opens TCP connection and HTTP session.
#
# When this method is called with block, gives a HTTP object
@@ -584,6 +588,14 @@
HTTPResponse.read_new(@socket).value
end
s.connect
+ if @ssl_context.verify_mode != OpenSSL::SSL::VERIFY_NONE
+ begin
+ s.post_connection_check(@address)
+ rescue OpenSSL::SSL::SSLError => ex
+ raise ex if @enable_post_connection_check
+ warn ex.message
+ end
+ end
end
on_connect
end
|
GitWeb