Welcome to the "trac"-ing site of http-access2!
[soap4r] [httpclient] [openpgp4u] [pkcs1] [logger] [csv] [vtr]

Ticket #12 (closed defect: fixed)

Opened 5 years ago

Last modified 4 years ago

Bugfix: "Post connection check failed" error when verify_mode == VERIFY_NONE

Reported by: kdraper@fastmail.fm Assigned to: nahi
Priority: high Milestone: 2.0.6
Component: core Version: 2.0
Keywords: verify_mode post_connection_check Cc:

Description

Even after setting 'ssl_config.verify_mode = OpenSSL::SSL::VERIFY_NONE', the exception "Post connection check failed" is raised if the certificate name doesn't match the hostname. A patch is below. I'm a new Ruby programmer; I hope the style is OK. :)

Also, post_connection_check() will fail on a certificate with a wildcard in the hostname (CN field). I haven't implemented a fix for that yet. 

--- http-access2.rb.orig        2005-07-14 21:08:58.413213000 -0500
+++ http-access2.rb     2005-07-14 21:27:02.635907000 -0500
@@ -1292,7 +1292,8 @@
          @socket = create_ssl_socket(@socket)
          connect_ssl_proxy(@socket) if @proxy
          @socket.ssl_connect
-         unless @socket.post_connection_check(self)
+         if @ssl_config.verify_mode > OpenSSL::SSL::VERIFY_NONE &&
+              @socket.post_connection_check(self)
            raise OpenSSL::SSL::SSLError.new("Post connection check failed.")
          end
        end

Change History

07/16/05 02:33:44 changed by kdraper@fastmail.fm

Of course that should really be !@socket.post_connection_check(self). Sorry. 

--- http-access2.rb.orig        2005-07-14 21:08:58.000000000 -0500
+++ http-access2.rb     2005-07-15 12:32:25.045248000 -0500
@@ -1292,7 +1292,8 @@
          @socket = create_ssl_socket(@socket)
          connect_ssl_proxy(@socket) if @proxy
          @socket.ssl_connect
-         unless @socket.post_connection_check(self)
+         if @ssl_config.verify_mode > OpenSSL::SSL::VERIFY_NONE &&
+              !@socket.post_connection_check(self)
            raise OpenSSL::SSL::SSLError.new("Post connection check failed.")
          end
        end

08/31/05 23:25:59 changed by nahi

  • priority changed from normal to high.
  • milestone changed from undefined to 2.0.6.

08/31/05 23:57:11 changed by nahi

added a ticket for the wildcard CN bug. -> #18

09/01/05 00:14:29 changed by nahi

  • status changed from new to closed.
  • resolution set to fixed.

(In [101]) skip post_connection_check when verify_mode == OpenSSL::SSL::VERIFY_NONE. Thanks to kdraper. closes #12.

05/28/06 21:30:04 changed by kkkkoaaa

  • summary changed from Bugfix: "Post connection check failed" error when verify_mode == VERIFY_NONE to Bugfix: "Post connection check failed" error when verify_mode == VERIFY_NONE.

Keep a good job up! http://quick-adult-links.com

06/03/06 05:23:58 changed by Home

  • summary changed from Bugfix: "Post connection check failed" error when verify_mode == VERIFY_NONE to Bugfix: "Post connection check failed" error when verify_mode == VERIFY_NONE.