From: k@... Date: 2017-04-06T02:35:48+00:00 Subject: [ruby-core:80587] [Ruby trunk Bug#13401][Third Party's Issue] OpenSSL::SSL::SSLSocket :hostname= accessor removed Issue #13401 has been updated by rhenium (Kazuki Yamaguchi). Status changed from Assigned to Third Party's Issue (Third Party's Issue since new bugs should go to https://github.com/ruby/openssl) The accessor still exists, as you see, only if the OpenSSL library with which ext/openssl was compiled supports SNI. This has not changed. Setting the server name directly to the instance variable has never been documented or a proper way. ---------------------------------------- Bug #13401: OpenSSL::SSL::SSLSocket :hostname= accessor removed https://bugs.ruby-lang.org/issues/13401#change-64089 * Author: puchuu (Andrew Aladjev) * Status: Third Party's Issue * Priority: Normal * Assignee: rhenium (Kazuki Yamaguchi) * Target version: * ruby -v: 2.4.* * Backport: 2.2: UNKNOWN, 2.3: UNKNOWN, 2.4: UNKNOWN ---------------------------------------- Hello. I've found a small issue, but it is important for security. Some websites will force you to use SNI. For example "httpbin.org". ~~~ text openssl s_client -connect httpbin.org:443 ~~~ > tlsv1 alert internal error ~~~ text openssl s_client -connect httpbin.org:443 -servername httpbin.org ~~~ > ok ~~~ ruby require "openssl" require "socket" HOST = "httpbin.org" class SSL < OpenSSL::SSL::SSLSocket def initialize *args super @hostname = HOST end end socket = TCPSocket.open HOST, 443 begin ssl_socket = SSL.new socket, OpenSSL::SSL::SSLContext.new begin ssl_socket.connect puts "connected" ensure ssl_socket.close end ensure socket.close end ~~~ This code works fine with any ruby 2.0-2.3 and rubinius, but it failed with 2.4.0 and 2.4.1. I can see that you've removed accessor from **lib/ruby/2.4.0/openssl/ssl.rb**: ~~~ ruby if ExtConfig::HAVE_TLSEXT_HOST_NAME attr_reader :hostname end ~~~ **ext/openssl/ossl_ssl.c**: ~~~ c #ifdef HAVE_SSL_SET_TLSEXT_HOST_NAME /* #hostname is defined in lib/openssl/ssl.rb */ rb_define_method(cSSLSocket, "hostname=", ossl_ssl_set_hostname, 1); #endif ~~~ So we have to use **self.hostname = HOST** instead of **@hostname = HOST**. Please document this new behaviour in documentation. Thank you. -- https://bugs.ruby-lang.org/ Unsubscribe: