From: michiel@...
Date: 2015-06-17T13:40:38+00:00
Subject: [ruby-core:69631] [Ruby trunk - Bug #10533] HTTP reconnection with SNI does not send correct hostname

Issue #10533 has been updated by Michiel Karnebeek.


Following up on my comment a few days ago:

I ran a test in python using https://github.com/nabla-c0d3/sslyze (with OpenSSL 1.0.2a, same version as in Ruby) and introduced a sleep longer than the ssl session TTL at https://github.com/nabla-c0d3/sslyze/blob/master/plugins/PluginSessionResumption.py#L248 to see if this did supply the SNI

According to Wireshark, this correctly put both the SNI and session ticket in the Client Hello packet.

I think this is evidence that the OpenSSL used is capable of doing this, and that either Net::Http or the c-bindings for ruby to OpenSSL are doing something wrong.

----------------------------------------
Bug #10533: HTTP reconnection with SNI does not send correct hostname
https://bugs.ruby-lang.org/issues/10533#change-52982

* Author: Eric Hodel
* Status: Closed
* Priority: Normal
* Assignee: Eric Hodel
* ruby -v: ruby 2.1.5p273 (2014-11-13 revision 48405) [x86_64-darwin14.0]
* Backport: 2.0.0: DONE, 2.1: DONE
----------------------------------------
When reconnecting after connection timeout on an SNI connection the server name is not sent during reconnect which results in a failed reconnection:

~~~
$ cat test.rb
require 'net/http'
uri = URI 'https://david.shanske.com'

Net::HTTP.start uri.hostname, uri.port, use_ssl: true do |http|
  req = Net::HTTP::Get.new uri
  response = http.request req
  p response.code
  sleep 310
  req = Net::HTTP::Get.new uri
  response = http.request req
  p response.code
end
$ ruby -v test.rb
ruby 2.1.5p273 (2014-11-13 revision 48405) [x86_64-darwin14.0]
"200"
/usr/local/lib/ruby/2.1.0/openssl/ssl.rb:178:in `post_connection_check': hostname "david.shanske.com" does not match the server certificate (OpenSSL::SSL::SSLError)
        from /usr/local/lib/ruby/2.1.0/net/http.rb:922:in `connect'
        from /usr/local/lib/ruby/2.1.0/net/http.rb:1447:in `begin_transport'
        from /usr/local/lib/ruby/2.1.0/net/http.rb:1404:in `transport_request'
        from /usr/local/lib/ruby/2.1.0/net/http.rb:1378:in `request'
        from test.rb:10:in `block in <main>'
        from /usr/local/lib/ruby/2.1.0/net/http.rb:853:in `start'
        from /usr/local/lib/ruby/2.1.0/net/http.rb:583:in `start'
        from test.rb:4:in `<main>'
~~~


---Files--------------------------------
net.http.bug10533.patch (685 Bytes)


-- 
https://bugs.ruby-lang.org/