ruby-changes:37550
From: nagachika <ko1@a...>
Date: Wed, 18 Feb 2015 02:08:42 +0900 (JST)
Subject: [ruby-changes:37550] nagachika:r49631 (ruby_2_1): merge revision(s) r48563, r46261, r48581: [Backport #10533]
nagachika 2015-02-18 02:08:26 +0900 (Wed, 18 Feb 2015) New Revision: 49631 http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=49631 Log: merge revision(s) r48563,r46261,r48581: [Backport #10533] * lib/net/http.rb: Do not attempt SSL session resumption when the session is expired. [Bug #10533] Modified directories: branches/ruby_2_1/ Modified files: branches/ruby_2_1/ChangeLog branches/ruby_2_1/lib/net/http.rb branches/ruby_2_1/test/net/http/test_https.rb branches/ruby_2_1/version.h Index: ruby_2_1/ChangeLog =================================================================== --- ruby_2_1/ChangeLog (revision 49630) +++ ruby_2_1/ChangeLog (revision 49631) @@ -1,3 +1,8 @@ https://github.com/ruby/ruby/blob/trunk/ruby_2_1/ChangeLog#L1 +Wed Feb 18 00:27:57 2015 Eric Hodel <drbrain@s...> + + * lib/net/http.rb: Do not attempt SSL session resumption when the + session is expired. [Bug #10533] + Wed Feb 18 00:20:36 2015 Eric Wong <e@8...> * vm_eval.c (rb_yield_splat): add missing GC guard Index: ruby_2_1/lib/net/http.rb =================================================================== --- ruby_2_1/lib/net/http.rb (revision 49630) +++ ruby_2_1/lib/net/http.rb (revision 49631) @@ -914,7 +914,10 @@ module Net #:nodoc: https://github.com/ruby/ruby/blob/trunk/ruby_2_1/lib/net/http.rb#L914 @socket.write(buf) HTTPResponse.read_new(@socket).value end - s.session = @ssl_session if @ssl_session + if @ssl_session and + Time.now < @ssl_session.time + @ssl_session.timeout + s.session = @ssl_session if @ssl_session + end # Server Name Indication (SNI) RFC 3546 s.hostname = @address if s.respond_to? :hostname= Timeout.timeout(@open_timeout, Net::OpenTimeout) { s.connect } Index: ruby_2_1/version.h =================================================================== --- ruby_2_1/version.h (revision 49630) +++ ruby_2_1/version.h (revision 49631) @@ -1,6 +1,6 @@ https://github.com/ruby/ruby/blob/trunk/ruby_2_1/version.h#L1 #define RUBY_VERSION "2.1.5" #define RUBY_RELEASE_DATE "2015-02-18" -#define RUBY_PATCHLEVEL 296 +#define RUBY_PATCHLEVEL 297 #define RUBY_RELEASE_YEAR 2015 #define RUBY_RELEASE_MONTH 2 Index: ruby_2_1/test/net/http/test_https.rb =================================================================== --- ruby_2_1/test/net/http/test_https.rb (revision 49630) +++ ruby_2_1/test/net/http/test_https.rb (revision 49631) @@ -73,12 +73,45 @@ class TestNetHTTPS < Test::Unit::TestCas https://github.com/ruby/ruby/blob/trunk/ruby_2_1/test/net/http/test_https.rb#L73 http.get("/") http.finish # three times due to possible bug in OpenSSL 0.9.8 + sid = http.instance_variable_get(:@ssl_session).id + http.start http.get("/") socket = http.instance_variable_get(:@socket).io assert socket.session_reused? + + assert_equal sid, http.instance_variable_get(:@ssl_session).id + + http.finish + rescue SystemCallError + skip $! + end + + def test_session_reuse_but_expire + http = Net::HTTP.new("localhost", config("port")) + http.use_ssl = true + http.verify_callback = Proc.new do |preverify_ok, store_ctx| + store_ctx.current_cert.to_der == config('ssl_certificate').to_der + end + + http.ssl_timeout = -1 + http.start + http.get("/") + http.finish + + sid = http.instance_variable_get(:@ssl_session).id + + http.start + http.get("/") + + socket = http.instance_variable_get(:@socket).io + assert_equal false, socket.session_reused? + + assert_not_equal sid, http.instance_variable_get(:@ssl_session).id + + http.finish rescue SystemCallError skip $! end Property changes on: ruby_2_1 ___________________________________________________________________ Modified: svn:mergeinfo Merged /trunk:r46261,48563,48581 -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/