From: drbrain@...7.net
Date: 2014-11-21T23:01:17+00:00
Subject: [ruby-core:66400] [ruby-trunk - Bug #10533] HTTP reconnection with SNI does not send correct hostname

Issue #10533 has been updated by Eric Hodel.

File net.http.bug10533.patch added
Backport changed from 2.0.0: UNKNOWN, 2.1: UNKNOWN to 2.0.0: REQUIRED, 2.1: REQUIRED

If session resumption is requested with an expired SSL session on an SNI server then the handshake goes wrong and the connection fails as above.

The attached patch only attempts session resumption if the session is still valid.

----------------------------------------
Bug #10533: HTTP reconnection with SNI does not send correct hostname
https://bugs.ruby-lang.org/issues/10533#change-50040

* Author: Eric Hodel
* Status: Open
* Priority: Normal
* Assignee: 
* Category: lib
* Target version: 
* ruby -v: ruby 2.1.5p273 (2014-11-13 revision 48405) [x86_64-darwin14.0]
* Backport: 2.0.0: REQUIRED, 2.1: REQUIRED
----------------------------------------
When reconnecting after connection timeout on an SNI connection the server name is not sent during reconnect which results in a failed reconnection:

~~~
$ cat test.rb
require 'net/http'
uri = URI 'https://david.shanske.com'

Net::HTTP.start uri.hostname, uri.port, use_ssl: true do |http|
  req = Net::HTTP::Get.new uri
  response = http.request req
  p response.code
  sleep 310
  req = Net::HTTP::Get.new uri
  response = http.request req
  p response.code
end
$ ruby -v test.rb
ruby 2.1.5p273 (2014-11-13 revision 48405) [x86_64-darwin14.0]
"200"
/usr/local/lib/ruby/2.1.0/openssl/ssl.rb:178:in `post_connection_check': hostname "david.shanske.com" does not match the server certificate (OpenSSL::SSL::SSLError)
        from /usr/local/lib/ruby/2.1.0/net/http.rb:922:in `connect'
        from /usr/local/lib/ruby/2.1.0/net/http.rb:1447:in `begin_transport'
        from /usr/local/lib/ruby/2.1.0/net/http.rb:1404:in `transport_request'
        from /usr/local/lib/ruby/2.1.0/net/http.rb:1378:in `request'
        from test.rb:10:in `block in <main>'
        from /usr/local/lib/ruby/2.1.0/net/http.rb:853:in `start'
        from /usr/local/lib/ruby/2.1.0/net/http.rb:583:in `start'
        from test.rb:4:in `<main>'
~~~


---Files--------------------------------
net.http.bug10533.patch (685 Bytes)


-- 
https://bugs.ruby-lang.org/