Open casperisfine opened 1 year ago
Running into this same issue as well with the upgrade to OpenSSL 3 for our Ruby installation.
As our client gems rely on net-http
, this issue causes a lot of SSL_READ
errors to appear in our client side, despite the server logs on the calling side show that the response has been sent to the client.
I can confirm that the workaround as a monkey patch definitely works and restores functionality, but setting this as a global option isn't ideal either. With the upgrades everywhere coming for OpenSSL 3, it would be nice to see net-http
accomodate either the configuration options for this, or by default start handling this behavior.
Context
Since OpenSSL 3.x, when a server close the TCP connection without first calling
SSL_shutdown
, the SSL client now error withSSL_read: unexpected eof while reading
.In OpenSSL 1.x, the client wouldn't mind and would behave like if the connection was cleanly closed.
To restore the 1.x behavior, you can set a specific options:
Problem
The issue is that
Net::HTTP
only allow to set specific fields on theSSLContext
object, andoptions
is not one of them.Workaround
The issue can be worked around by changing the default options globally:
However this impact all SSL connections, not just the ones that need it.
Solution
Not sure what the best API would be. But it would be great if we could directly pass a
SSLContext
instance toNet::HTTP
, so that we're not limited on the SSL configuration.