From: aladjev.andrew@... Date: 2017-04-10T13:36:01+00:00 Subject: [ruby-core:80643] [Ruby trunk Bug#13401] OpenSSL::SSL::SSLSocket :hostname= accessor removed Issue #13401 has been updated by puchuu (Andrew Aladjev). Ok, I will report it to github. ---------------------------------------- Bug #13401: OpenSSL::SSL::SSLSocket :hostname= accessor removed https://bugs.ruby-lang.org/issues/13401#change-64152 * Author: puchuu (Andrew Aladjev) * Status: Third Party's Issue * Priority: Normal * Assignee: rhenium (Kazuki Yamaguchi) * Target version: * ruby -v: 2.4.* * Backport: 2.2: UNKNOWN, 2.3: UNKNOWN, 2.4: UNKNOWN ---------------------------------------- Hello. I've found a small issue, but it is important for security. Some websites will force you to use SNI. For example "httpbin.org". ~~~ text openssl s_client -connect httpbin.org:443 ~~~ > tlsv1 alert internal error ~~~ text openssl s_client -connect httpbin.org:443 -servername httpbin.org ~~~ > ok ~~~ ruby require "openssl" require "socket" HOST = "httpbin.org" class SSL < OpenSSL::SSL::SSLSocket def initialize *args super @hostname = HOST end end socket = TCPSocket.open HOST, 443 begin ssl_socket = SSL.new socket, OpenSSL::SSL::SSLContext.new begin ssl_socket.connect puts "connected" ensure ssl_socket.close end ensure socket.close end ~~~ This code works fine with any ruby 2.0-2.3 and rubinius, but it failed with 2.4.0 and 2.4.1. I can see that you've removed accessor from **lib/ruby/2.4.0/openssl/ssl.rb**: ~~~ ruby if ExtConfig::HAVE_TLSEXT_HOST_NAME attr_reader :hostname end ~~~ **ext/openssl/ossl_ssl.c**: ~~~ c #ifdef HAVE_SSL_SET_TLSEXT_HOST_NAME /* #hostname is defined in lib/openssl/ssl.rb */ rb_define_method(cSSLSocket, "hostname=", ossl_ssl_set_hostname, 1); #endif ~~~ So we have to use **self.hostname = HOST** instead of **@hostname = HOST**. Please document this new behaviour in documentation. Thank you. -- https://bugs.ruby-lang.org/ Unsubscribe: