Skip to content

Commit af098c5

Browse files
jpdasmajpdasma
committed
Add support to use SNI
1 parent 626c312 commit af098c5

File tree

2 files changed

+8
-6
lines changed

2 files changed

+8
-6
lines changed

lib/net/ldap/connection.rb

Lines changed: 7 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -33,9 +33,10 @@ def socket_class=(socket_class)
3333
def prepare_socket(server, timeout=nil)
3434
socket = server[:socket]
3535
encryption = server[:encryption]
36+
hostname = server[:host]
3637

3738
@conn = socket
38-
setup_encryption(encryption, timeout) if encryption
39+
setup_encryption(encryption, timeout, hostname) if encryption
3940
end
4041

4142
def open_connection(server)
@@ -86,7 +87,7 @@ def close
8687
end
8788
end
8889

89-
def self.wrap_with_ssl(io, tls_options = {}, timeout=nil)
90+
def self.wrap_with_ssl(io, tls_options = {}, timeout=nil, hostname=nil)
9091
raise Net::LDAP::NoOpenSSLError, "OpenSSL is unavailable" unless Net::LDAP::HasOpenSSL
9192

9293
ctx = OpenSSL::SSL::SSLContext.new
@@ -96,6 +97,7 @@ def self.wrap_with_ssl(io, tls_options = {}, timeout=nil)
9697
ctx.set_params(tls_options) unless tls_options.empty?
9798

9899
conn = OpenSSL::SSL::SSLSocket.new(io, ctx)
100+
conn.hostname = hostname
99101

100102
begin
101103
if timeout
@@ -148,11 +150,11 @@ def self.wrap_with_ssl(io, tls_options = {}, timeout=nil)
148150
# communications, as with simple_tls. Thanks for Kouhei Sutou for
149151
# generously contributing the :start_tls path.
150152
#++
151-
def setup_encryption(args, timeout=nil)
153+
def setup_encryption(args, timeout=nil, hostname=nil)
152154
args[:tls_options] ||= {}
153155
case args[:method]
154156
when :simple_tls
155-
@conn = self.class.wrap_with_ssl(@conn, args[:tls_options], timeout)
157+
@conn = self.class.wrap_with_ssl(@conn, args[:tls_options], timeout, hostname)
156158
# additional branches requiring server validation and peer certs, etc.
157159
# go here.
158160
when :start_tls
@@ -170,7 +172,7 @@ def setup_encryption(args, timeout=nil)
170172

171173
raise Net::LDAP::StartTLSError,
172174
"start_tls failed: #{pdu.result_code}" unless pdu.result_code.zero?
173-
@conn = self.class.wrap_with_ssl(@conn, args[:tls_options], timeout)
175+
@conn = self.class.wrap_with_ssl(@conn, args[:tls_options], timeout, hostname)
174176
else
175177
raise Net::LDAP::EncMethodUnsupportedError, "unsupported encryption method #{args[:method]}"
176178
end

test/test_ldap_connection.rb

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -288,7 +288,7 @@ def test_queued_read_setup_encryption_with_start_tls
288288
.and_return(result2)
289289
mock.should_receive(:write)
290290
conn = Net::LDAP::Connection.new(:socket => mock)
291-
flexmock(Net::LDAP::Connection).should_receive(:wrap_with_ssl).with(mock, {}, nil)
291+
flexmock(Net::LDAP::Connection).should_receive(:wrap_with_ssl).with(mock, {}, nil, nil)
292292
.and_return(mock)
293293

294294
conn.next_msgid # simulates ongoing query

0 commit comments

Comments
 (0)