From: drbrain@...7.net
Date: 2014-11-22T05:22:41+00:00
Subject: [ruby-core:66408] [ruby-trunk - Bug #10533] HTTP reconnection with SNI does not send correct hostname

Issue #10533 has been updated by Eric Hodel.


Ultimately I think this may be an OpenSSL bug.

Looking at the ClientHello message for the second connection (which uses session resumption) no ServerNameIndication extension is present.  Without this the server won't be able to respond with the correct certificate.

----------------------------------------
Bug #10533: HTTP reconnection with SNI does not send correct hostname
https://bugs.ruby-lang.org/issues/10533#change-50046

* Author: Eric Hodel
* Status: Assigned
* Priority: Normal
* Assignee: Yui NARUSE
* Category: lib
* Target version: 
* ruby -v: ruby 2.1.5p273 (2014-11-13 revision 48405) [x86_64-darwin14.0]
* Backport: 2.0.0: REQUIRED, 2.1: REQUIRED
----------------------------------------
When reconnecting after connection timeout on an SNI connection the server name is not sent during reconnect which results in a failed reconnection:

~~~
$ cat test.rb
require 'net/http'
uri = URI 'https://david.shanske.com'

Net::HTTP.start uri.hostname, uri.port, use_ssl: true do |http|
  req = Net::HTTP::Get.new uri
  response = http.request req
  p response.code
  sleep 310
  req = Net::HTTP::Get.new uri
  response = http.request req
  p response.code
end
$ ruby -v test.rb
ruby 2.1.5p273 (2014-11-13 revision 48405) [x86_64-darwin14.0]
"200"
/usr/local/lib/ruby/2.1.0/openssl/ssl.rb:178:in `post_connection_check': hostname "david.shanske.com" does not match the server certificate (OpenSSL::SSL::SSLError)
        from /usr/local/lib/ruby/2.1.0/net/http.rb:922:in `connect'
        from /usr/local/lib/ruby/2.1.0/net/http.rb:1447:in `begin_transport'
        from /usr/local/lib/ruby/2.1.0/net/http.rb:1404:in `transport_request'
        from /usr/local/lib/ruby/2.1.0/net/http.rb:1378:in `request'
        from test.rb:10:in `block in <main>'
        from /usr/local/lib/ruby/2.1.0/net/http.rb:853:in `start'
        from /usr/local/lib/ruby/2.1.0/net/http.rb:583:in `start'
        from test.rb:4:in `<main>'
~~~


---Files--------------------------------
net.http.bug10533.patch (685 Bytes)


-- 
https://bugs.ruby-lang.org/