Hello,
Right now to set ssl params global constants shall be used OpenSSL::SSL::SSLContext::DEFAULT_PARAMS, in general it's ok, but some times there is a need to apply specific ssl params just for a call in some class or module.
For example:
there is a European service which provides EORI check → https://ec.europa.eu/taxation_customs/dds2/eos/validation/services/validation with OpenSSL 3 HTTP and without OpenSSL::SSL::OP_IGNORE_UNEXPECTED_EOF flag, fails to open this url:
data = <<-XML
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
<ev:validateEORI xmlns:ev="http://eori.ws.eos.dds.s/">
<ev:eori>EXAMPLE EORI</ev:eori>
</ev:validateEORI>
</soap:Body>
</soap:Envelope>
XML
http = Net::HTTP.new("ec.europa.eu", 443)
http.use_ssl = true
http.post("/taxation_customs/dds2/eos/validation/services/validation", data, {"Content-Type" => "text/xml"})
.../.rvm/rubies/ruby-3.2.1/lib/ruby/3.2.0/openssl/buffering.rb:214:in `sysread_nonblock': SSL_read: unexpected eof while reading (OpenSSL::SSL::SSLError)
from .../.rvm/rubies/ruby-3.2.1/lib/ruby/3.2.0/openssl/buffering.rb:214:in `read_nonblock'
from .../.rvm/rubies/ruby-3.2.1/lib/ruby/3.2.0/net/protocol.rb:218:in `rbuf_fill'
from .../.rvm/rubies/ruby-3.2.1/lib/ruby/3.2.0/net/protocol.rb:185:in `read_all'
from .../.rvm/rubies/ruby-3.2.1/lib/ruby/3.2.0/net/http/response.rb:712:in `read_all'
from .../.rvm/rubies/ruby-3.2.1/lib/ruby/3.2.0/net/http/response.rb:591:in `block in read_body_0'
from .../.rvm/rubies/ruby-3.2.1/lib/ruby/3.2.0/net/http/response.rb:550:in `inflater'
from .../.rvm/rubies/ruby-3.2.1/lib/ruby/3.2.0/net/http/response.rb:573:in `read_body_0'
from .../.rvm/rubies/ruby-3.2.1/lib/ruby/3.2.0/net/http/response.rb:344:in `read_body'
from .../.rvm/rubies/ruby-3.2.1/lib/ruby/3.2.0/net/http.rb:1841:in `block in send_entity'
from .../.rvm/rubies/ruby-3.2.1/lib/ruby/3.2.0/net/http.rb:1873:in `block in transport_request'
from .../.rvm/rubies/ruby-3.2.1/lib/ruby/3.2.0/net/http/response.rb:301:in `reading_body'
from .../.rvm/rubies/ruby-3.2.1/lib/ruby/3.2.0/net/http.rb:1872:in `transport_request'
from .../.rvm/rubies/ruby-3.2.1/lib/ruby/3.2.0/net/http.rb:1826:in `request'
from .../.rvm/rubies/ruby-3.2.1/lib/ruby/3.2.0/net/http.rb:1819:in `block in request'
from .../.rvm/rubies/ruby-3.2.1/lib/ruby/3.2.0/net/http.rb:1238:in `start'
from .../.rvm/rubies/ruby-3.2.1/lib/ruby/3.2.0/net/http.rb:1817:in `request'
Setting the global SSL options would solve the issue:
Hello, Right now to set ssl params global constants shall be used
OpenSSL::SSL::SSLContext::DEFAULT_PARAMS
, in general it's ok, but some times there is a need to apply specific ssl params just for a call in some class or module.For example: there is a European service which provides EORI check →
https://ec.europa.eu/taxation_customs/dds2/eos/validation/services/validation
with OpenSSL 3 HTTP and withoutOpenSSL::SSL::OP_IGNORE_UNEXPECTED_EOF
flag, fails to open this url:Setting the global SSL options would solve the issue:
but that would change global SSL settings.
We came up with the monkey patch idea:
which does it's job but it's a workaround after all.
The idea for the Net::HTTP would be to expose
@ssl_options
to the object so they could be set up per request/class etc.Tech data: