* lib/net/http.rb: an SSL verification (the server hostname should

be matched with its certificate's commonName) is added. this verification can be skipped by "Net::HTTP#enable_post_connection_check=(false)". suggested by Chris Clark <cclark at isecpartners.com> * lib/net/open-uri.rb: use Net::HTTP#enable_post_connection_check to perform SSL post connection check. * ext/openssl/lib/openssl/ssl.c (OpenSSL::SSL::SSLSocket#post_connection_check): refine error message. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@13500 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2022-11-09 12:17:21 -05:00 · 2007-09-23 22:21:42 +00:00 · 2007-09-23 22:21:42 +00:00 · 80865ba2db
commit 80865ba2db
parent a32a1b7a03
4 changed files with 28 additions and 11 deletions
--- a/lib/open-uri.rb
+++ b/lib/open-uri.rb
@ -229,6 +229,7 @@ module OpenURI
    if target.class == URI::HTTPS
      require 'net/https'
      http.use_ssl = true
+      http.enable_post_connection_check = true
      http.verify_mode = OpenSSL::SSL::VERIFY_PEER
      store = OpenSSL::X509::Store.new
      store.set_default_paths
@ -240,16 +241,6 @@ module OpenURI

    resp = nil
    http.start {
-      if target.class == URI::HTTPS
-        # xxx: information hiding violation
-        sock = http.instance_variable_get(:@socket)
-        if sock.respond_to?(:io)
-          sock = sock.io # 1.9
-        else
-          sock = sock.instance_variable_get(:@socket) # 1.8
-        end
-        sock.post_connection_check(target_host)
-      end
      req = Net::HTTP::Get.new(request_uri, header)
      if options.include? :http_basic_authentication
        user, pass = options[:http_basic_authentication]