From: jcain@...
Date: 2021-03-31T21:50:53+00:00
Subject: [ruby-core:103133] [Ruby master Bug#17766] Net::HTTP verify_callback is called three times when opening a connection

Issue #17766 has been updated by jecain (Jim Cain).


This is being called once for each cert in the chain, so it's an expected behavior.

```
ruby -e 'require "net/http"; Net::HTTP.start("www.ebay.com", 443, nil, nil, nil, nil, use_ssl: true, verify_callback: ->(v,s){puts "verify_callback"; puts s.current_cert.subject.to_s; true}) {}'
```

output:
```
verify_callback
/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root CA
verify_callback
/C=US/O=DigiCert Inc/CN=DigiCert SHA2 Secure Server CA
verify_callback
/C=US/ST=California/L=San Jose/O=eBay, Inc./OU=Slot9428 v2/CN=www.ebay.com
```

----------------------------------------
Bug #17766: Net::HTTP verify_callback is called three times when opening a connection
https://bugs.ruby-lang.org/issues/17766#change-91205

* Author: jecain (Jim Cain)
* Status: Open
* Priority: Normal
* ruby -v: 2.7.2
* Backport: 2.5: UNKNOWN, 2.6: UNKNOWN, 2.7: UNKNOWN, 3.0: UNKNOWN
----------------------------------------
I've noticed that verify_callback is called three times when opening a connection. Here is an example: (Change "localhost" to whatever host can receive an HTTPS connection.)

```
ruby -e 'require "net/http"; Net::HTTP.start("localhost", 443, nil, nil, nil, nil, use_ssl: true, verify_callback: ->(v,s){puts "verify_callback"; true}) {}'
```

The output:

```
verify_callback
verify_callback
verify_callback
```

This requires awkwardness in the callback to account for the multiple calls per single connection.



-- 
https://bugs.ruby-lang.org/

Unsubscribe: <mailto:ruby-core-request@ruby-lang.org?subject=unsubscribe>
<http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-core>