search

ruby-ldap / ruby-net-ldap

Pure Ruby LDAP library
https://rubygems.org/gems/net-ldap
Other
399 stars 253 forks source link

Fix openssl error when using multiple hosts #417

Closed jpdasma closed 1 year ago

jpdasma commented 1 year ago

There was a bug introduced by https://github.com/ruby-ldap/ruby-net-ldap/pull/406

When using multiple hosts, it will cause the following error:

#<Socket:0x00007f856352f270>/opt/gitlab/embedded/lib/ruby/gems/3.0.0/gems/net-ldap-0.18.0/lib/net/ldap/connection.rb:75:in `open_connection': Unable to connect to any given server:  (Net::LDAP::ConnectionError)
  SocketError: getaddrinfo: Name or service not known (non.existent.domain:636)
  OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 peeraddr=216.239.32.58:636 state=error: certificate verify failed (Hostname mismatch) (ldap.google.com:636)
        from /opt/gitlab/embedded/lib/ruby/gems/3.0.0/gems/net-ldap-0.18.0/lib/net/ldap/connection.rb:707:in `socket'
        from /opt/gitlab/embedded/lib/ruby/gems/3.0.0/gems/net-ldap-0.18.0/lib/net/ldap.rb:1329:in `new_connection'
        from /opt/gitlab/embedded/lib/ruby/gems/3.0.0/gems/net-ldap-0.18.0/lib/net/ldap.rb:1308:in `use_connection'
        from /opt/gitlab/embedded/lib/ruby/gems/3.0.0/gems/net-ldap-0.18.0/lib/net/ldap.rb:783:in `block in search'
        from /opt/gitlab/embedded/lib/ruby/gems/3.0.0/gems/net-ldap-0.18.0/lib/net/ldap/instrumentation.rb:19:in `instrument'
        from /opt/gitlab/embedded/lib/ruby/gems/3.0.0/gems/net-ldap-0.18.0/lib/net/ldap.rb:782:in `search'
        from /opt/gitlab/embedded/lib/ruby/gems/3.0.0/gems/net-ldap-0.18.0/lib/net/ldap.rb:1215:in `search_root_dse'
        from ./test.rb:9:in `<main>'

This is because hostname is being set to 127.0.0.1 when using hosts.

jpdasma commented 1 year ago

@HarlemSquirrel it appears that I introduced a bug in the SNI PR. This should fix the issue when using the hosts argument.

Thanks!

jpdasma commented 1 year ago

I only did some testing here and it worked when using single host and port, and also with hosts.

I'm not sure if this will affect prepare_socket here: https://github.com/ruby-ldap/ruby-net-ldap/blob/84bfc385cfad73c3e24ee36b014f2e81dc10ea81/lib/net/ldap/connection.rb#L707

alexjfisher commented 11 months ago

@HarlemSquirrel I've just hit this too. Would you be able to push out a new release with this fix?

Thanks

HarlemSquirrel commented 11 months ago

@alexjfisher done https://github.com/ruby-ldap/ruby-net-ldap/releases/tag/v0.19.0