ruby-changes:62933
From: TOMITA <ko1@a...>
Date: Mon, 14 Sep 2020 17:27:09 +0900 (JST)
Subject: [ruby-changes:62933] 888e04ae05 (master): [ruby/net-smtp] TLS should not check the host name by default.
https://git.ruby-lang.org/ruby.git/commit/?id=888e04ae05 From 888e04ae05eb864756a43624888468617e39dd76 Mon Sep 17 00:00:00 2001 From: TOMITA Masahiro <tommy@t...> Date: Wed, 15 Jul 2020 00:50:16 +0900 Subject: [ruby/net-smtp] TLS should not check the host name by default. In tlsconnect(), the host name is checked when @ssl_context.verify_mode is not OpenSSL::SSL::VERIFY_NONE, but the verify_mode of @ssl_context generated by default is nil. https://github.com/ruby/net-smtp/commit/bde75a15b5 diff --git a/lib/net/smtp.rb b/lib/net/smtp.rb index f8121cd..52c5d81 100644 --- a/lib/net/smtp.rb +++ b/lib/net/smtp.rb @@ -583,7 +583,7 @@ module Net https://github.com/ruby/ruby/blob/trunk/lib/net/smtp.rb#L583 logging "TLS connection started" s.sync_close = true ssl_socket_connect(s, @open_timeout) - if @ssl_context.verify_mode != OpenSSL::SSL::VERIFY_NONE + if @ssl_context.verify_mode && @ssl_context.verify_mode != OpenSSL::SSL::VERIFY_NONE s.post_connection_check(@address) end verified = true diff --git a/test/net/smtp/test_ssl_socket.rb b/test/net/smtp/test_ssl_socket.rb index 342391f..dd9529f 100644 --- a/test/net/smtp/test_ssl_socket.rb +++ b/test/net/smtp/test_ssl_socket.rb @@ -53,8 +53,10 @@ module Net https://github.com/ruby/ruby/blob/trunk/test/net/smtp/test_ssl_socket.rb#L53 end } + ssl_context = OpenSSL::SSL::SSLContext.new + ssl_context.verify_mode = OpenSSL::SSL::VERIFY_PEER connection = MySMTP.new('localhost', 25) - connection.enable_starttls_auto + connection.enable_starttls_auto(ssl_context) connection.fake_tcp = tcp_socket connection.fake_ssl = ssl_socket -- cgit v0.10.2 -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/