Index: ext/openssl/lib/openssl/ssl.rb =================================================================== --- ext/openssl/lib/openssl/ssl.rb (revision 13501) +++ ext/openssl/lib/openssl/ssl.rb (revision 13502) @@ -88,7 +88,7 @@ end } end - raise SSLError, "hostname not match" + raise SSLError, "hostname was not match with the server certificate" end end Index: ChangeLog =================================================================== --- ChangeLog (revision 13501) +++ ChangeLog (revision 13502) @@ -1,3 +1,17 @@ +Sun Sep 23 21:57:25 2007 GOTOU Yuuzou + + * lib/net/http.rb: an SSL verification (the server hostname should + be matched with its certificate's commonName) is added. + this verification can be skipped by + "Net::HTTP#enable_post_connection_check=(false)". + suggested by Chris Clark + + * lib/net/open-uri.rb: use Net::HTTP#enable_post_connection_check to + perform SSL post connection check. + + * ext/openssl/lib/openssl/ssl.c + (OpenSSL::SSL::SSLSocket#post_connection_check): refine error message. + Sun Sep 23 06:08:38 2007 Nobuyoshi Nakada * ext/stringio/stringio.c (strio_init): separate from strio_initialize Index: version.h =================================================================== --- version.h (revision 13501) +++ version.h (revision 13502) @@ -1,15 +1,15 @@ #define RUBY_VERSION "1.8.5" -#define RUBY_RELEASE_DATE "2007-09-23" +#define RUBY_RELEASE_DATE "2007-09-24" #define RUBY_VERSION_CODE 185 -#define RUBY_RELEASE_CODE 20070923 -#define RUBY_PATCHLEVEL 113 +#define RUBY_RELEASE_CODE 20070924 +#define RUBY_PATCHLEVEL 114 #define RUBY_VERSION_MAJOR 1 #define RUBY_VERSION_MINOR 8 #define RUBY_VERSION_TEENY 5 #define RUBY_RELEASE_YEAR 2007 #define RUBY_RELEASE_MONTH 9 -#define RUBY_RELEASE_DAY 23 +#define RUBY_RELEASE_DAY 24 #ifdef RUBY_EXTERN RUBY_EXTERN const char ruby_version[]; Index: lib/open-uri.rb =================================================================== --- lib/open-uri.rb (revision 13501) +++ lib/open-uri.rb (revision 13502) @@ -229,6 +229,7 @@ if target.class == URI::HTTPS require 'net/https' http.use_ssl = true + http.enable_post_connection_check = true http.verify_mode = OpenSSL::SSL::VERIFY_PEER store = OpenSSL::X509::Store.new store.set_default_paths @@ -240,16 +241,6 @@ resp = nil http.start { - if target.class == URI::HTTPS - # xxx: information hiding violation - sock = http.instance_variable_get(:@socket) - if sock.respond_to?(:io) - sock = sock.io # 1.9 - else - sock = sock.instance_variable_get(:@socket) # 1.8 - end - sock.post_connection_check(target_host) - end req = Net::HTTP::Get.new(request_uri, header) if options.include? :http_basic_authentication user, pass = options[:http_basic_authentication] Index: lib/net/http.rb =================================================================== --- lib/net/http.rb (revision 13501) +++ lib/net/http.rb (revision 13502) @@ -470,6 +470,7 @@ @debug_output = nil @use_ssl = false @ssl_context = nil + @enable_post_connection_check = false end def inspect @@ -526,6 +527,9 @@ false # redefined in net/https end + # specify enabling SSL server certificate and hostname checking. + attr_accessor :enable_post_connection_check + # Opens TCP connection and HTTP session. # # When this method is called with block, gives a HTTP object @@ -584,6 +588,14 @@ HTTPResponse.read_new(@socket).value end s.connect + if @ssl_context.verify_mode != OpenSSL::SSL::VERIFY_NONE + begin + s.post_connection_check(@address) + rescue OpenSSL::SSL::SSLError => ex + raise ex if @enable_post_connection_check + warn ex.message + end + end end on_connect end