From: Eric Hodel <drbrain@...7.net>
Date: 2011-10-26T11:39:03+09:00
Subject: [ruby-core:40396] [ruby-trunk - Feature #5341] Add SSL session reuse to Net::HTTP


Issue #5341 has been updated by Eric Hodel.


=begin
Net::HTTP objects can be reused.  You may start and finish a connection as many times as you like (the net-http-persistent gem works this way).

Currently the SSLSession can only be initialized once due to OpenSSL restrictions.  To change the values you must make a new Net::HTTP object, so I think changing this behavior (if it is needed) is a separate issue.

  $ cat test.rb 
  require 'socket'
  require 'openssl'
  
  key = OpenSSL::PKey::RSA.new 256
  cert = OpenSSL::X509::Certificate.new
  cert.version = 2
  cert.serial = 0
  cert.not_before = Time.now
  cert.not_after = Time.now + 3600
  cert.public_key = key.public_key
  cert.subject = OpenSSL::X509::Name.parse 'CN=nobody/DC=example'
  
  store = OpenSSL::X509::Store.new
  store.set_default_paths
  
  socket = TCPSocket.new 'localhost', 80 # any open port will do
  ssl_context = OpenSSL::SSL::SSLContext.new
  ssl_socket = OpenSSL::SSL::SSLSocket.new socket, ssl_context
  
  def try ssl_context, params
    ssl_context.set_params params
  rescue
    p params.keys.first => $!.message
  end
  
  try ssl_context, :@ssl_version => 3
  try ssl_context, :@key             => key
  try ssl_context, :@cert            => cert
  try ssl_context, :@ca_file         => '/nonexistent/file'
  try ssl_context, :@ca_path         => '/nonexistent/path'
  try ssl_context, :@cert_store      => store
  try ssl_context, :@ciphers         => []
  try ssl_context, :@verify_mode     => OpenSSL::SSL::VERIFY_PEER
  try ssl_context, :@verify_callback => proc { |x| }
  try ssl_context, :@verify_depth    => 2
  try ssl_context, :@ssl_timeout     => 99
  
  $ make runruby
  ./miniruby -I./lib -I. -I.ext/common  ./tool/runruby.rb --extout=.ext  -- --disable-gems ./test.rb
  {:@ssl_version=>"can't modify frozen OpenSSL::SSL::SSLContext"}
  {:@key=>"can't modify frozen OpenSSL::SSL::SSLContext"}
  {:@cert=>"can't modify frozen OpenSSL::SSL::SSLContext"}
  {:@ca_file=>"can't modify frozen OpenSSL::SSL::SSLContext"}
  {:@ca_path=>"can't modify frozen OpenSSL::SSL::SSLContext"}
  {:@cert_store=>"can't modify frozen OpenSSL::SSL::SSLContext"}
  {:@ciphers=>"can't modify frozen OpenSSL::SSL::SSLContext"}
  {:@verify_mode=>"can't modify frozen OpenSSL::SSL::SSLContext"}
  {:@verify_callback=>"can't modify frozen OpenSSL::SSL::SSLContext"}
  {:@verify_depth=>"can't modify frozen OpenSSL::SSL::SSLContext"}
  {:@ssl_timeout=>"can't modify frozen OpenSSL::SSL::SSLContext"}
  $ ./miniruby -v
  ruby 2.0.0dev (2011-10-25 trunk 33524) [x86_64-darwin11.1.0]

I will update the patch to check for the timeout, I did not know it existed.

With this code:

https://github.com/drbrain/net-http-persistent/blob/master/lib/net/http/persistent/ssl_reuse.rb

I was only able to reproduce the issue on Ruby 1.9.1, not Ruby 1.8.7, 1.9.2, 1.9.3 or ruby trunk.
=end

----------------------------------------
Feature #5341: Add SSL session reuse to Net::HTTP
http://redmine.ruby-lang.org/issues/5341

Author: Eric Hodel
Status: Open
Priority: Normal
Assignee: 
Category: lib
Target version: 1.9.4


SSL session reuse allows reconnection to an HTTPS server to avoid an SSL handshake which avoids extra computations and network round-trips and increases the performance of SSL connections.


-- 
http://redmine.ruby-lang.org