closer changed the topic of #ruby-core to: check the latest release candidate for 1.9.1 release ftp.ruby-lang.org:/home/yugui/ruby-1.9.1-r26021+1.tar.bz2
xymbol____ has quit [Read error: Connection reset by peer]
xymbol____ has joined #ruby-core
hsbt is now known as hsbt_away
seamon has quit [Remote host closed the connection]
hsbt_away is now known as hsbt
konsolebox has joined #ruby-core
<znz_jp>
biff: [ruby-changes:36788] normal:r48869 (trunk): compile.c: skip opt_* insns for fstr args with block given - http://mla.n-z.jp/?ruby-changes=36788
tenderlove has quit [Quit: Leaving...]
shinnya has quit [Ping timeout: 250 seconds]
nagachika has joined #ruby-core
nagachika has quit [Remote host closed the connection]
<znz_jp>
biff: [ruby-changes:36790] hsbt:r48871 (trunk): * test/gdbm/test_gdbm.rb: Added test for each_key called without a block. - http://mla.n-z.jp/?ruby-changes=36790
nagachika has quit [Remote host closed the connection]
mylar has quit []
SHyx0rmZ has quit [Remote host closed the connection]
SHyx0rmZ has joined #ruby-core
soraher___ is now known as soraher
edk112211 has joined #ruby-core
<edk112211>
Hi! I think there’s a bug in net/http when making a TLS connection to a server that doesn’t support SNI. Can anyone confirm/deny, or should I just file an issue on the bug tracker?
edk112211 has quit [Remote host closed the connection]
ed112211 has joined #ruby-core
<drbrain>
ed112211: what's up?
<drbrain>
ed112211: I can help confirm/deny unless you've already created an issue
<ed112211>
i haven’t created an issue yet.
<ed112211>
here’s the gist of it:
<ed112211>
if your ruby was linked to an openssl that has tlsextenstion compiled, you can use SNI which sends the hostname as part of the tls handshake
<ed112211>
but, if you talk to a server that uses TLS, but not SNI, this fails with an exception. Ideally, I’d like to set a flag to net/http to not set the hostname for sni
<ed112211>
but there’s no way I can see to accomplish this, without monkeypatching the connect method in net/http.rb
<ed112211>
essentially the line in connect that does `s.hostname = @address if s.respond_to? :hostname=` needs a switch to avoid this when talking to ancient ssl servers (java based servers apparently has this problem)
<drbrain>
it sounds like you've found a bug
<ed112211>
so that’s my take on the problem. Does that seem right? Am I missing a way to do what I’m trying to accomplish?
<drbrain>
can you include a server to test against?
<drbrain>
I recently looked at that code and there is no way to say "do not use SNI"
<ed112211>
here’s one. it uses tls, sslv3 is disabled, but it doesn’t support SNI
<ed112211>
because of that, we’ll get this exception: “OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3 read server hello B: parse tlsext"
<ed112211>
whereas, if I patch the connect to avoid setting hostname, the connection succeeds
<drbrain>
I get: SSL_connect returned=1 errno=0 state=SSLv2/v3 read server hello A: sslv3 alert handshake failure (OpenSSL::SSL::SSLError)
<drbrain>
seems like a bug you should report
<ed112211>
OK, thanks! I just wanted to make sure I’m not missing something obvious :)
<drbrain>
ah, if I set h.ssl_version = :TLSv1 then I get your exception
havenwood has quit [Remote host closed the connection]