This replaces #23 - updated the test cases to actually confirm that the hostname verification is performed.
This also fixes test failures on an environment without the openssl library.
Improve behavior on environment without openssl library
Check OpenSSL::VERSION constant to see if openssl library is available
or not.
Due to how autoload works, "defined?(OpenSSL)" does not always work
as expected: it reports as "constant" even if openssl library actually
fails to load. net-smtp eagerly loads openssl, but another library can
register autoload and it will still be a problem.
Test cases are adjusted to skip relevant tests when openssl library is
not available.
Use real TLS connections for testing TLS/STARTTLS feature
Set up an actual TLS server and connect to it. This ensures that
certificate verification is actually enabled on the SSLContext and
performed on connection.
The test cases in test_ssl_socket.rb are merged into test_sslcontext.rb
for simplicity.
OpenSSL::SSL::SSLSocket#hostname= is always available
Currently net-smtp requires Ruby 2.5. This means that we can assume
ruby-openssl library is version 2.1 or later.
SNI support (SSLSocket#hostname=) is available in all OpenSSL versions
supported by this ruby-openssl version.
Also, a recent change started using SSLContext#set_params, which enables
the automatic hostname verification during handshake. This makes the
SSLSocket#post_connection_check call redundant.
This replaces #23 - updated the test cases to actually confirm that the hostname verification is performed.
This also fixes test failures on an environment without the openssl library.
Improve behavior on environment without openssl library
Check OpenSSL::VERSION constant to see if openssl library is available or not.
Due to how autoload works, "defined?(OpenSSL)" does not always work as expected: it reports as "constant" even if openssl library actually fails to load. net-smtp eagerly loads openssl, but another library can register autoload and it will still be a problem.
Test cases are adjusted to skip relevant tests when openssl library is not available.
Use real TLS connections for testing TLS/STARTTLS feature
Set up an actual TLS server and connect to it. This ensures that certificate verification is actually enabled on the SSLContext and performed on connection.
The test cases in test_ssl_socket.rb are merged into test_sslcontext.rb for simplicity.
OpenSSL::SSL::SSLSocket#hostname= is always available
Currently net-smtp requires Ruby 2.5. This means that we can assume ruby-openssl library is version 2.1 or later.
SNI support (SSLSocket#hostname=) is available in all OpenSSL versions supported by this ruby-openssl version.
Also, a recent change started using SSLContext#set_params, which enables the automatic hostname verification during handshake. This makes the SSLSocket#post_connection_check call redundant.
[rhe: Added explanation about the change.]