ruby-changes:70716
From: Jeremy <ko1@a...>
Date: Tue, 4 Jan 2022 08:26:11 +0900 (JST)
Subject: [ruby-changes:70716] 67612dadbc (master): [ruby/net-http] Handle invalid use of IP addresses in SNI
https://git.ruby-lang.org/ruby.git/commit/?id=67612dadbc From 67612dadbca5ddeba1c979e4838739bf7430a7cf Mon Sep 17 00:00:00 2001 From: Jeremy Evans <code@j...> Date: Mon, 3 Jan 2022 15:18:02 -0800 Subject: [ruby/net-http] Handle invalid use of IP addresses in SNI Server Name Indication does not allow IP addresses (RFC 6066, section 3: `Literal IPv4 and IPv6 addresses are not permitted in "HostName".`). Recent versions of LibreSSL enforce this restriction, which raises when setting the hostname to an IP address (s.hostname=), before attempting to setup the SSL connection. Since the certificate used in the test is already for localhost, we cannot connect to localhost. However, as all the test does is check for a specific exception, just modify the regexp used so it handles both cases. https://github.com/ruby/net-http/commit/6ab399db45 --- test/net/http/test_https.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/net/http/test_https.rb b/test/net/http/test_https.rb index 4dc9f1b026c..f62fd8c3235 100644 --- a/test/net/http/test_https.rb +++ b/test/net/http/test_https.rb @@ -255,7 +255,7 @@ class TestNetHTTPS < Test::Unit::TestCase https://github.com/ruby/ruby/blob/trunk/test/net/http/test_https.rb#L255 ex = assert_raise(OpenSSL::SSL::SSLError){ http.request_get("/") {|res| } } - re_msg = /certificate verify failed|hostname \"#{HOST_IP}\" does not match/ + re_msg = /certificate verify failed|hostname \"#{HOST_IP}\" does not match|ssl3 ext invalid servername/ assert_match(re_msg, ex.message) end -- cgit v1.2.1 -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/