Introduce Net::HTTP#min_version/max_version [Feature #9450]

Set SSL minimum/maximum version. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@60311 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
ruby · Oct 21, 2017 · dcea919 · dcea919
1 parent 8cbf2da
commit dcea919
Show file tree

Hide file tree

Showing 3 changed files with 39 additions and 0 deletions.
diff --git a/NEWS b/NEWS
@@ -74,6 +74,7 @@ with all sufficient information, see the ChangeLog file or Redmine
 * Net::HTTP
 
   * Net::HTTP.new supports no_proxy parameter [Feature #11195]
+  * Net::HTTP#min_version/max_version [Feature #9450]
 
 * Numeric
 

diff --git a/lib/net/http.rb b/lib/net/http.rb
@@ -816,6 +816,8 @@ def use_ssl=(flag)
       :@key,
       :@ssl_timeout,
       :@ssl_version,
+      :@min_version,
+      :@max_version,
       :@verify_callback,
       :@verify_depth,
       :@verify_mode,
@@ -829,6 +831,8 @@ def use_ssl=(flag)
       :key,
       :ssl_timeout,
       :ssl_version,
+      :min_version,
+      :max_version,
       :verify_callback,
       :verify_depth,
       :verify_mode,
@@ -863,6 +867,12 @@ def use_ssl=(flag)
     # Sets the SSL version.  See OpenSSL::SSL::SSLContext#ssl_version=
     attr_accessor :ssl_version
 
+    # Sets the minimum SSL version.  See OpenSSL::SSL::SSLContext#min_version=
+    attr_accessor :min_version
+
+    # Sets the maximum SSL version.  See OpenSSL::SSL::SSLContext#max_version=
+    attr_accessor :max_version
+
     # Sets the verify callback for the server certification verification.
     attr_accessor :verify_callback
 

diff --git a/test/net/http/test_https.rb b/test/net/http/test_https.rb
@@ -191,4 +191,32 @@ def test_timeout_during_SSL_handshake
       assert th.join(10), bug4246
     }
   end
+
+  def test_min_version
+    http = Net::HTTP.new("127.0.0.1", config("port"))
+    http.use_ssl = true
+    http.min_version = :TLSv1
+    http.verify_callback = Proc.new do |preverify_ok, store_ctx|
+      true
+    end
+    ex = assert_raise(OpenSSL::SSL::SSLError){
+      http.request_get("/") {|res| }
+    }
+    assert_match(/hostname \"127.0.0.1\" does not match/, ex.message)
+  end
+
+  def test_max_version
+    http = Net::HTTP.new("127.0.0.1", config("port"))
+    http.use_ssl = true
+    http.max_version = :SSLv2
+    http.verify_callback = Proc.new do |preverify_ok, store_ctx|
+      true
+    end
+    @log_tester = lambda {|log| assert_match(/SSLv3 read client hello/, log[0] ) }
+    ex = assert_raise(OpenSSL::SSL::SSLError){
+      http.request_get("/") {|res| }
+    }
+    assert_match(/no protocols available/, ex.message)
+  end
+
 end if defined?(OpenSSL::SSL)