[feature:trunk] Server Name Indication (SNI) for net/http

$B$U$H!"(BSSL $B$G(B name based vitual $B$r$d$kOC(B (SNI - RFC 3546)
$B$O$I$&[email protected]$C$1!"(B
$B$H;W$C$FC5$7$?$i!“0J2<$r8+$D$1$?$N$G!”(Bnet/http $B$K$bBP=h$r(B
$BF~$l$k$N$O$I$&$G$9$+$M!#(B

ssl - OpenSSL Server Name Indication support in Ruby - Stack Overflow

$BBP=h$rF~$l$k$H!"0J2<$,%(%i!<$K$J$i$J$/$J$j$^$9!#(B

ruby -ropen-uri -e
‘URI(“https://gmail.com/.well-known/host-meta”).read’

% svn diff --diff-cmd diff -x -u lib/net/http.rb
Index: lib/net/http.rb

— lib/net/http.rb (revision 30734)
+++ lib/net/http.rb (working copy)
@@ -780,6 +780,7 @@
@socket.writeline ‘’
HTTPResponse.read_new(@socket).value
end

  •      s.hostname = @address
         timeout(@open_timeout) { s.connect }
         if @ssl_context.verify_mode != OpenSSL::SSL::VERIFY_NONE
           s.post_connection_check(@address)

チケット #4351 が更新されました。 (by Yui NARUSE)

へぇ、こんなものが、知りませんでした。
わたしは賛成です、入れてしまっていいんじゃないでしょうか。

Could this be backported to 1.8.x? The certificates for Gmail currently
require SNI, which encourages many Ruby developers to switch to
VERIFY_NONE. Needless to say, this is bad for security. It’s also a
blocking issue for implementing the WebFinger and Salmon protocols on
Ruby.

チケット #4351 が更新されました。 (by Akira T.)

ステータス OpenからClosedに変更
進捗 % 0から100に変更

This issue was solved with changeset r30816.
Akira, thank you for reporting this issue.
Your contribution to Ruby is greatly appreciated.
May Ruby be with you.


This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs