jruby-openssl icon indicating copy to clipboard operation
jruby-openssl copied to clipboard
verified publisher icon jruby

ftp and http updated to use session_new_cb

Open headius opened this issue 6 years ago • 1 comments

In updating JRuby's stdlib to 2.5.7 I had to reject the following changes that use a session_new_cb= method we do not implement. I'm not sure when this method was introduced; it may have been there for some time but was not used until now.

This diff has been pushed to our Ruby fork repository and we should address it.

diff --git a/lib/ruby/stdlib/net/ftp.rb b/lib/ruby/stdlib/net/ftp.rb
index c3ee47ef4d..9902f9dc65 100644
--- a/lib/ruby/stdlib/net/ftp.rb
+++ b/lib/ruby/stdlib/net/ftp.rb
@@ -230,6 +230,10 @@ module Net
         if defined?(VerifyCallbackProc)
           @ssl_context.verify_callback = VerifyCallbackProc
         end
+        @ssl_context.session_cache_mode =
+          OpenSSL::SSL::SSLContext::SESSION_CACHE_CLIENT |
+          OpenSSL::SSL::SSLContext::SESSION_CACHE_NO_INTERNAL_STORE
+        @ssl_context.session_new_cb = proc {|sock, sess| @ssl_session = sess }
         @ssl_session = nil
         if options[:private_data_connection].nil?
           @private_data_connection = true
@@ -349,7 +353,6 @@ module Net
       if @ssl_context.verify_mode != VERIFY_NONE
         ssl_sock.post_connection_check(@host)
       end
-      @ssl_session = ssl_sock.session
       return ssl_sock
     end
     private :start_tls_session
diff --git a/lib/ruby/stdlib/net/http.rb b/lib/ruby/stdlib/net/http.rb
index 5e35db77af..dff9b6439d 100644
--- a/lib/ruby/stdlib/net/http.rb
+++ b/lib/ruby/stdlib/net/http.rb
@@ -973,6 +973,10 @@ module Net   #:nodoc:
         end
         @ssl_context = OpenSSL::SSL::SSLContext.new
         @ssl_context.set_params(ssl_parameters)
+        @ssl_context.session_cache_mode =
+          OpenSSL::SSL::SSLContext::SESSION_CACHE_CLIENT |
+          OpenSSL::SSL::SSLContext::SESSION_CACHE_NO_INTERNAL_STORE
+        @ssl_context.session_new_cb = proc {|sock, sess| @ssl_session = sess }
         D "starting SSL for #{conn_address}:#{conn_port}..."
         s = OpenSSL::SSL::SSLSocket.new(s, @ssl_context)
         s.sync_close = true
@@ -980,14 +984,12 @@ module Net   #:nodoc:
         s.hostname = @address if s.respond_to? :hostname=
         if @ssl_session and
            Process.clock_gettime(Process::CLOCK_REALTIME) < @ssl_session.time.to_f + @ssl_session.timeout
-          s.session = @ssl_session if @ssl_session
+          s.session = @ssl_session
         end
         ssl_socket_connect(s, @open_timeout)
         if @ssl_context.verify_mode != OpenSSL::SSL::VERIFY_NONE
           s.post_connection_check(@address)
         end
-        # OpenSSL::SSL::Session somehow works but SSLSocket#session= does nothing with JRuby-OpenSSL
-        #@ssl_session = s.session
         D "SSL established"
       end
       @socket = BufferedIO.new(s, read_timeout: @read_timeout,

headius avatar Oct 15 '19 16:10 headius

Branch on the fork is jruby-ruby_2_5_7.

headius avatar Oct 15 '19 16:10 headius