factoring out create_ssl_socket

This also fixes a problem that non SSL proxied socket does not call setEnabledProtocols and setEnabledCipherSuites.
nahi · Dec 9, 2016 · d0bdad4 · d0bdad4
1 parent 01c0c96
commit d0bdad4
Showing 1 changed file with 26 additions and 22 deletions.
diff --git a/lib/httpclient/jruby_ssl_socket.rb b/lib/httpclient/jruby_ssl_socket.rb
@@ -445,18 +445,17 @@ def valid_country_wildcard(parts)
     end
 
     def self.create_socket(session)
-      site = session.proxy || session.dest
-      begin
-        if session.proxy
+      socket = nil
+      if session.proxy
+        begin
+          site = session.proxy || session.dest
           socket = Socket.new(site.host, site.port)
           socket.setKeepAlive(true) if session.tcp_keepalive
           session.connect_ssl_proxy(JavaSocketWrap.new(socket), Util.urify(session.dest.to_s))
-        else
-          socket = nil
+        rescue
+          socket.close
+          raise
         end
-      rescue
-        socket.close
-        raise
       end
       opts = {
         :connect_timeout => session.connect_timeout,
@@ -509,25 +508,12 @@ def initialize(socket, dest, config, debug_dev = nil, opts={})
         ctx.getClientSessionContext.setSessionTimeout(config.timeout)
       end
 
-      factory = ctx.getSocketFactory
       begin
-        ssl_socket = factory.createSocket
+        ssl_socket = create_ssl_socket(socket, dest, ctx, opts)
         ssl_socket.setEnabledProtocols([ssl_version].to_java(java.lang.String)) if ssl_version != DEFAULT_SSL_PROTOCOL
         if config.ciphers != SSLConfig::CIPHERS_DEFAULT
           ssl_socket.setEnabledCipherSuites(config.ciphers.to_java(java.lang.String))
         end
-        if socket
-          ssl_socket = factory.createSocket(socket, dest.host, dest.port, true)
-        else
-          socket_addr = InetSocketAddress.new(dest.host, dest.port)
-          if opts[:connect_timeout]
-            ssl_socket.connect(socket_addr, opts[:connect_timeout] * 1000)
-          else
-            ssl_socket.connect(socket_addr)
-          end
-          ssl_socket.setSoTimeout(opts[:receive_timeout] * 1000) if opts[:receive_timeout]
-          ssl_socket.setKeepAlive(true) if opts[:tcp_keepalive]
-        end
         ssl_socket.startHandshake
         ssl_session = ssl_socket.getSession
         @peer_cert = JavaCertificate.new(ssl_session.getPeerCertificates.first)
@@ -545,6 +531,24 @@ def initialize(socket, dest, config, debug_dev = nil, opts={})
       super(ssl_socket, debug_dev)
     end
 
+    def create_ssl_socket(socket, dest, ctx, opts)
+      factory = ctx.getSocketFactory
+      if socket
+        ssl_socket = factory.createSocket(socket, dest.host, dest.port, true)
+      else
+        ssl_socket = factory.createSocket
+        socket_addr = InetSocketAddress.new(dest.host, dest.port)
+        if opts[:connect_timeout]
+          ssl_socket.connect(socket_addr, opts[:connect_timeout] * 1000)
+        else
+          ssl_socket.connect(socket_addr)
+        end
+        ssl_socket.setSoTimeout(opts[:receive_timeout] * 1000) if opts[:receive_timeout]
+        ssl_socket.setKeepAlive(true) if opts[:tcp_keepalive]
+      end
+      ssl_socket
+    end
+
     def peer_cert
       @peer_cert
     end