Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ftp and http updated to use session_new_cb #190

Open
headius opened this issue Oct 15, 2019 · 1 comment
Open

ftp and http updated to use session_new_cb #190

headius opened this issue Oct 15, 2019 · 1 comment

Comments

@headius
Copy link
Member

headius commented Oct 15, 2019

In updating JRuby's stdlib to 2.5.7 I had to reject the following changes that use a session_new_cb= method we do not implement. I'm not sure when this method was introduced; it may have been there for some time but was not used until now.

This diff has been pushed to our Ruby fork repository and we should address it.

diff --git a/lib/ruby/stdlib/net/ftp.rb b/lib/ruby/stdlib/net/ftp.rb
index c3ee47ef4d..9902f9dc65 100644
--- a/lib/ruby/stdlib/net/ftp.rb
+++ b/lib/ruby/stdlib/net/ftp.rb
@@ -230,6 +230,10 @@ module Net
         if defined?(VerifyCallbackProc)
           @ssl_context.verify_callback = VerifyCallbackProc
         end
+        @ssl_context.session_cache_mode =
+          OpenSSL::SSL::SSLContext::SESSION_CACHE_CLIENT |
+          OpenSSL::SSL::SSLContext::SESSION_CACHE_NO_INTERNAL_STORE
+        @ssl_context.session_new_cb = proc {|sock, sess| @ssl_session = sess }
         @ssl_session = nil
         if options[:private_data_connection].nil?
           @private_data_connection = true
@@ -349,7 +353,6 @@ module Net
       if @ssl_context.verify_mode != VERIFY_NONE
         ssl_sock.post_connection_check(@host)
       end
-      @ssl_session = ssl_sock.session
       return ssl_sock
     end
     private :start_tls_session
diff --git a/lib/ruby/stdlib/net/http.rb b/lib/ruby/stdlib/net/http.rb
index 5e35db77af..dff9b6439d 100644
--- a/lib/ruby/stdlib/net/http.rb
+++ b/lib/ruby/stdlib/net/http.rb
@@ -973,6 +973,10 @@ module Net   #:nodoc:
         end
         @ssl_context = OpenSSL::SSL::SSLContext.new
         @ssl_context.set_params(ssl_parameters)
+        @ssl_context.session_cache_mode =
+          OpenSSL::SSL::SSLContext::SESSION_CACHE_CLIENT |
+          OpenSSL::SSL::SSLContext::SESSION_CACHE_NO_INTERNAL_STORE
+        @ssl_context.session_new_cb = proc {|sock, sess| @ssl_session = sess }
         D "starting SSL for #{conn_address}:#{conn_port}..."
         s = OpenSSL::SSL::SSLSocket.new(s, @ssl_context)
         s.sync_close = true
@@ -980,14 +984,12 @@ module Net   #:nodoc:
         s.hostname = @address if s.respond_to? :hostname=
         if @ssl_session and
            Process.clock_gettime(Process::CLOCK_REALTIME) < @ssl_session.time.to_f + @ssl_session.timeout
-          s.session = @ssl_session if @ssl_session
+          s.session = @ssl_session
         end
         ssl_socket_connect(s, @open_timeout)
         if @ssl_context.verify_mode != OpenSSL::SSL::VERIFY_NONE
           s.post_connection_check(@address)
         end
-        # OpenSSL::SSL::Session somehow works but SSLSocket#session= does nothing with JRuby-OpenSSL
-        #@ssl_session = s.session
         D "SSL established"
       end
       @socket = BufferedIO.new(s, read_timeout: @read_timeout,
@headius
Copy link
Member Author

headius commented Oct 15, 2019

Branch on the fork is jruby-ruby_2_5_7.

headius added a commit to jruby/ruby that referenced this issue Oct 15, 2019
@headius
Re-remove logic for SSL session that we don't support.
b063972 
See jruby/jruby-openssl#190 and jruby/jruby#5917
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@headius