Skip to content

Commit af098c5

Browse files
jpdasmajpdasma
committed
Add support to use SNI
1 parent 626c312 commit af098c5

File tree

2 files changed

+8
-6
lines changed

2 files changed

+8
-6
lines changed

lib/net/ldap/connection.rb

Lines changed: 7 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -33,9 +33,10 @@ def socket_class=(socket_class)
3333
def prepare_socket(server, timeout=nil)
3434
socket = server[:socket]
3535
encryption = server[:encryption]
36+
hostname = server[:host]
3637

3738
@conn = socket
38-
setup_encryption(encryption, timeout) if encryption
39+
setup_encryption(encryption, timeout, hostname) if encryption
3940
end
4041

4142
def open_connection(server)
@@ -86,7 +87,7 @@ def close
8687
end
8788
end
8889

89-
def self.wrap_with_ssl(io, tls_options = {}, timeout=nil)
90+
def self.wrap_with_ssl(io, tls_options = {}, timeout=nil, hostname=nil)
9091
raise Net::LDAP::NoOpenSSLError, "OpenSSL is unavailable" unless Net::LDAP::HasOpenSSL
9192

9293
ctx = OpenSSL::SSL::SSLContext.new
@@ -96,6 +97,7 @@ def self.wrap_with_ssl(io, tls_options = {}, timeout=nil)
9697
ctx.set_params(tls_options) unless tls_options.empty?
9798

9899
conn = OpenSSL::SSL::SSLSocket.new(io, ctx)
100+
conn.hostname = hostname
99101

100102
begin
101103
if timeout
@@ -148,11 +150,11 @@ def self.wrap_with_ssl(io, tls_options = {}, timeout=nil)
148150
# communications, as with simple_tls. Thanks for Kouhei Sutou for
149151
# generously contributing the :start_tls path.
150152
#++
151-
def setup_encryption(args, timeout=nil)
153+
def setup_encryption(args, timeout=nil, hostname=nil)
152154
args[:tls_options] ||= {}
153155
case args[:method]
154156
when :simple_tls
155-
@conn = self.class.wrap_with_ssl(@conn, args[:tls_options], timeout)
157+
@conn = self.class.wrap_with_ssl(@conn, args[:tls_options], timeout, hostname)
156158
# additional branches requiring server validation and peer certs, etc.
157159
# go here.
158160
when :start_tls
@@ -170,7 +172,7 @@ def setup_encryption(args, timeout=nil)
170172

171173
raise Net::LDAP::StartTLSError,
172174
"start_tls failed: #{pdu.result_code}" unless pdu.result_code.zero?
173-
@conn = self.class.wrap_with_ssl(@conn, args[:tls_options], timeout)
175+
@conn = self.class.wrap_with_ssl(@conn, args[:tls_options], timeout, hostname)
174176
else
175177
raise Net::LDAP::EncMethodUnsupportedError, "unsupported encryption method #{args[:method]}"
176178
end

test/test_ldap_connection.rb

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -288,7 +288,7 @@ def test_queued_read_setup_encryption_with_start_tls
288288
.and_return(result2)
289289
mock.should_receive(:write)
290290
conn = Net::LDAP::Connection.new(:socket => mock)
291-
flexmock(Net::LDAP::Connection).should_receive(:wrap_with_ssl).with(mock, {}, nil)
291+
flexmock(Net::LDAP::Connection).should_receive(:wrap_with_ssl).with(mock, {}, nil, nil)
292292
.and_return(mock)
293293

294294
conn.next_msgid # simulates ongoing query

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy