merge revision(s) r48563,r46261,r48581: [Backport #10533]

* lib/net/http.rb: Do not attempt SSL session resumption when the session is expired. [Bug #10533] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_1@49631 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2022-11-09 12:17:21 -05:00 · 2015-02-17 17:08:26 +00:00 · 2015-02-17 17:08:26 +00:00 · fd87a8aebb
commit fd87a8aebb
parent e6e559c0bb
4 changed files with 43 additions and 2 deletions
--- a/5
+++ b/5
@ -1,3 +1,8 @@
+Wed Feb 18 00:27:57 2015  Eric Hodel  <drbrain@segment7.net>
+
+	* lib/net/http.rb:  Do not attempt SSL session resumption when the
+	  session is expired.  [Bug #10533]
+
 Wed Feb 18 00:20:36 2015  Eric Wong  <e@80x24.org>

 	* vm_eval.c (rb_yield_splat): add missing GC guard
--- a/lib/net/http.rb
+++ b/lib/net/http.rb
@ -914,7 +914,10 @@ module Net   #:nodoc:
            @socket.write(buf)
            HTTPResponse.read_new(@socket).value
          end
-          s.session = @ssl_session if @ssl_session
+          if @ssl_session and
+             Time.now < @ssl_session.time + @ssl_session.timeout
+            s.session = @ssl_session if @ssl_session
+          end
          # Server Name Indication (SNI) RFC 3546
          s.hostname = @address if s.respond_to? :hostname=
          Timeout.timeout(@open_timeout, Net::OpenTimeout) { s.connect }
--- a/test/net/http/test_https.rb
+++ b/test/net/http/test_https.rb
@ -73,12 +73,45 @@ class TestNetHTTPS < Test::Unit::TestCase
    http.get("/")
    http.finish # three times due to possible bug in OpenSSL 0.9.8

+    sid = http.instance_variable_get(:@ssl_session).id
+
    http.start
    http.get("/")

    socket = http.instance_variable_get(:@socket).io

    assert socket.session_reused?
+
+    assert_equal sid, http.instance_variable_get(:@ssl_session).id
+
+    http.finish
+  rescue SystemCallError
+    skip $!
+  end
+
+  def test_session_reuse_but_expire
+    http = Net::HTTP.new("localhost", config("port"))
+    http.use_ssl = true
+    http.verify_callback = Proc.new do |preverify_ok, store_ctx|
+      store_ctx.current_cert.to_der == config('ssl_certificate').to_der
+    end
+
+    http.ssl_timeout = -1
+    http.start
+    http.get("/")
+    http.finish
+
+    sid = http.instance_variable_get(:@ssl_session).id
+
+    http.start
+    http.get("/")
+
+    socket = http.instance_variable_get(:@socket).io
+    assert_equal false, socket.session_reused?
+
+    assert_not_equal sid, http.instance_variable_get(:@ssl_session).id
+
+    http.finish
  rescue SystemCallError
    skip $!
  end
--- a/version.h
+++ b/version.h
@ -1,6 +1,6 @@
 #define RUBY_VERSION "2.1.5"
 #define RUBY_RELEASE_DATE "2015-02-18"
-#define RUBY_PATCHLEVEL 296
+#define RUBY_PATCHLEVEL 297

 #define RUBY_RELEASE_YEAR 2015
 #define RUBY_RELEASE_MONTH 2