Open dissolve opened 10 years ago
This is a ruby bug:
require 'net/http'
uri = URI 'https://david.shanske.com'
Net::HTTP.start uri.hostname, uri.port, use_ssl: true do |http|
req = Net::HTTP::Get.new uri
response = http.request req
p response.code
sleep 310
req = Net::HTTP::Get.new uri
response = http.request req
p response.code
end
$ ruby test.rb
"200"
/usr/local/lib/ruby/2.1.0/openssl/ssl.rb:139:in `post_connection_check': hostname "david.shanske.com" does not match the server certificate (OpenSSL::SSL::SSLError)
from /usr/local/lib/ruby/2.1.0/net/http.rb:922:in `connect'
from /usr/local/lib/ruby/2.1.0/net/http.rb:1447:in `begin_transport'
from /usr/local/lib/ruby/2.1.0/net/http.rb:1404:in `transport_request'
from /usr/local/lib/ruby/2.1.0/net/http.rb:1378:in `request'
from test.rb:10:in `block in <main>'
from /usr/local/lib/ruby/2.1.0/net/http.rb:853:in `start'
from /usr/local/lib/ruby/2.1.0/net/http.rb:583:in `start'
from test.rb:4:in `<main>'
I have created Bug #10533 and will work on a fix there.
The bug is due to session resumption. I'll see what I can do to patch it via net-http-persistent until a release with the patch to Net::HTTP is available.
Just got bitten hard by this issue :) Any progress on a workaround?
Any progress on this issue?
EDIT: This issue may no longer be relevant: https://github.com/drbrain/net-http-persistent/blob/master/lib/net/http/persistent/ssl_reuse.rb
When I establish a connection to a site that uses SNI (and the key returned by the request is not usable) and then try to re-use that connection after 300 seconds, I get an error that the certificate does not match the hostname. Watching from wireshark confirmed, that on the initial request the certificate for *.shanske.com is returned, however after 5 minutes, the certificate for weneca.com is returned (the server's main key, same as would be returned without SNI). So it would seem that the reconnection is not including the hostname.
To reproduce