| Age | Commit message (Collapse) | Author |
|---|
|
RFC 6066, section 3, explicitly disallows the use of an IP address
as an SNI server name. So check if the connection is being made
to an IP address using the resolv regexps, and do not set an SNI
hostname in that case.
Recent changes to LibreSSL make it more strictly follow RFC 6066,
resulting an s.hostname= raising an error if passed an IP address.
When such verions of LibreSSL are used, this change not only fixes
the net/http tests, it also fixes tests for webrick and open-uri,
which both make SSL connections to 127.0.0.1 using net/http in
their tests.
Avoid warning in the openssl extension by unsetting
@ssl_context.verify_hostname if connecting to an IP address.
Make changes so that the post_connection_check still happens
when connecting to an IP address, which is necessary to keep
checking that the certificate returned includes the IP address,
which one of the tests depends on.
Revert the previous change that modified the regexp used for
checking the error message.
https://github.com/ruby/net-http/commit/fa68e64bee
|
|
ref https://github.com/ruby/ruby/commit/da0f67c0383f57129c7a76255964b1ee739d8db8
https://github.com/ruby/net-http/commit/dbeb5f1c8f
|
|
Use `include?` instead.
https://github.com/ruby/net-http/commit/05022744a9
|
|
https://github.com/ruby/net-http/commit/843d4548de
|
|
Server Name Indication does not allow IP addresses (RFC 6066, section 3:
`Literal IPv4 and IPv6 addresses are not permitted in "HostName".`).
Recent versions of LibreSSL enforce this restriction, which raises
when setting the hostname to an IP address (s.hostname=), before
attempting to setup the SSL connection.
Since the certificate used in the test is already for localhost,
we cannot connect to localhost. However, as all the test does is
check for a specific exception, just modify the regexp used so it
handles both cases.
https://github.com/ruby/net-http/commit/6ab399db45
|
|
Notes:
Merged-By: k0kubun <[email protected]>
|
|
|
|
https://github.com/ruby/net-http/commit/ca7bb8c51c
|
|
https://github.com/ruby/ruby/commit/52ab9bbee918c63faad32e3851b162691b984d40 makes a failure.
```
1) Failure:
HTTPRequestTest#test_initialize_HEAD [/tmp/ruby/v3/src/trunk/test/net/http/test_http_request.rb:53]:
<{"accept"=>["*/*"], "user-agent"=>["Ruby"]}> expected but was
<{"accept-encoding"=>["gzip;q=1.0,deflate;q=0.6,identity;q=0.3"],
"accept"=>["*/*"],
"user-agent"=>["Ruby"]}>.
```
I'm not sure it is correct, so please review later.
|
|
The last_communicated timestamp is for HTTP persistent connection, to
decide whether the current TCP connection may be reused for the
subsequent requests or not. Naturally, the timer must be reset if the
connection is recreated since it is no longer relevant.
https://github.com/ruby/net-http/commit/0a013de42d
|
|
https://github.com/ruby/net-http/commit/5bb14fd3bc
|
|
Notes:
Merged: https://github.com/ruby/ruby/pull/4691
|
|
The existing implementation of `Net::HTTP#write_timeout` relies on
`Net::BefferedIO` to trigger the `Net::WriteTimeout` error. This commit
changes `send_request_with_body_stream` to remove the optimization that
was making `Net::HTTP#write_timeout` not work when `body_stream` is
used.
Open issue:
https://bugs.ruby-lang.org/issues/17933
https://github.com/ruby/net-http/commit/a0fab1ab52
|
|
Notes:
Merged: https://github.com/ruby/ruby/pull/4530
|
|
Notes:
Merged: https://github.com/ruby/ruby/pull/4530
|
|
Notes:
Merged: https://github.com/ruby/ruby/pull/4530
|
|
Notes:
Merged: https://github.com/ruby/ruby/pull/4530
|
|
It is not used in net/http library code since commit 15ccd0118c13
(r36473 in ruby svn trunk, 2012).
require's in test suite are also cleaned up.
https://github.com/ruby/net-http/commit/996d18a43f
|
|
Partially implements #10.
https://github.com/ruby/net-imap/commit/0d43c5e856
|
|
* Add authzid support
* must not contain NULL chars
* improve rdoc
https://github.com/ruby/net-imap/commit/a587fc71b7
|
|
Fixes intermittent error as below:
[242/838] 5316=test_ftp
#<Thread:0x0000020aa8733f20 D:/a/ruby/ruby/src/test/net/ftp/test_ftp.rb:2532 run> terminated with exception (report_on_exception is true):
D:/a/ruby/ruby/src/tool/lib/minitest/unit.rb:199:in `assert': Expected #<Errno::ECONNRESET: An existing connection was forcibly closed by the remote host.> to be nil. (MiniTest::Assertion)
from D:/a/ruby/ruby/src/tool/lib/test/unit/core_assertions.rb:504:in `assert'
from D:/a/ruby/ruby/src/tool/lib/minitest/unit.rb:299:in `assert_nil'
from D:/a/ruby/ruby/src/test/net/ftp/test_ftp.rb:430:in `ensure in block in test_list_read_timeout_exceeded'
from D:/a/ruby/ruby/src/test/net/ftp/test_ftp.rb:431:in `block in test_list_read_timeout_exceeded'
from D:/a/ruby/ruby/src/test/net/ftp/test_ftp.rb:2539:in `block in create_ftp_server'
D:/a/ruby/ruby/src/test/net/ftp/test_ftp.rb:426:in `write': An existing connection was forcibly closed by the remote host. (Errno::ECONNRESET)
from D:/a/ruby/ruby/src/test/net/ftp/test_ftp.rb:426:in `print'
from D:/a/ruby/ruby/src/test/net/ftp/test_ftp.rb:426:in `block (2 levels) in test_list_read_timeout_exceeded'
from D:/a/ruby/ruby/src/test/net/ftp/test_ftp.rb:420:in `each'
from D:/a/ruby/ruby/src/test/net/ftp/test_ftp.rb:420:in `each_with_index'
from D:/a/ruby/ruby/src/test/net/ftp/test_ftp.rb:420:in `block in test_list_read_timeout_exceeded'
from D:/a/ruby/ruby/src/test/net/ftp/test_ftp.rb:2539:in `block in create_ftp_server'
Notes:
Merged: https://github.com/ruby/ruby/pull/4449
|
|
to try to suppress a failure on Solaris. This is the same as
19504d115dc09558255fcb5213f80dd8454ab189
http://rubyci.s3.amazonaws.com/solaris11-sunc/ruby-master/log/20210504T070007Z.fail.html.gz
```
1) Error:
IMAPTest#test_idle_done_not_during_idle:
Errno::EINVAL: Invalid argument - connect(2) for [::1]:33839
/export/home/chkbuild/chkbuild-sunc/tmp/build/20210504T070007Z/ruby/.ext/common/socket.rb:1214:in `__connect_nonblock'
/export/home/chkbuild/chkbuild-sunc/tmp/build/20210504T070007Z/ruby/.ext/common/socket.rb:1214:in `connect_nonblock'
/export/home/chkbuild/chkbuild-sunc/tmp/build/20210504T070007Z/ruby/.ext/common/socket.rb:56:in `connect_internal'
/export/home/chkbuild/chkbuild-sunc/tmp/build/20210504T070007Z/ruby/.ext/common/socket.rb:137:in `connect'
/export/home/chkbuild/chkbuild-sunc/tmp/build/20210504T070007Z/ruby/.ext/common/socket.rb:642:in `block in tcp'
/export/home/chkbuild/chkbuild-sunc/tmp/build/20210504T070007Z/ruby/.ext/common/socket.rb:227:in `each'
/export/home/chkbuild/chkbuild-sunc/tmp/build/20210504T070007Z/ruby/.ext/common/socket.rb:227:in `foreach'
/export/home/chkbuild/chkbuild-sunc/tmp/build/20210504T070007Z/ruby/.ext/common/socket.rb:632:in `tcp'
/export/home/chkbuild/chkbuild-sunc/tmp/build/20210504T070007Z/ruby/lib/net/imap.rb:1223:in `tcp_socket'
/export/home/chkbuild/chkbuild-sunc/tmp/build/20210504T070007Z/ruby/lib/net/imap.rb:1180:in `initialize'
/export/home/chkbuild/chkbuild-sunc/tmp/build/20210504T070007Z/ruby/test/net/imap/test_imap.rb:289:in `new'
/export/home/chkbuild/chkbuild-sunc/tmp/build/20210504T070007Z/ruby/test/net/imap/test_imap.rb:289:in `test_idle_done_not_during_idle'
```
|
|
Notes:
Merged: https://github.com/ruby/ruby/pull/4424
|
|
|
|
On Solaris, Socket.tcp seems to fail with EINVAL if the server closes
the connection immediately after accpeted. I think this is a bug of
Socket.tcp, but seems difficult to fix soon.
http://rubyci.s3.amazonaws.com/solaris11-sunc/ruby-master/log/20210429T100007Z.fail.html.gz
```
1) Failure:
Net::TestSMTP#test_eof_error_backtrace [/export/home/chkbuild/chkbuild-sunc/tmp/build/20210429T100007Z/ruby/test/net/smtp/test_smtp.rb:193]:
[ruby-core:78550] [Bug #13018].
[EOFError] exception expected, not #<Net::ReadTimeout: Net::ReadTimeout>.
```
|
|
If someone sets an env variable defining a http_proxy, containing a
username / password with percent-encoded characters, then the resulting
base64 encoded auth header will be wrong.
For example, suppose a username is `Y\X` and the password is `R%S] ?X`.
Properly URL encoded the proxy url would be:
http://Y%5CX:R%25S%5D%20%[email protected]:8000
The resulting proxy auth header should be: `WVxYOlIlU10gP1g=`, but the
getters defined by ruby StdLib `URI` return a username `Y%5CX` and
password `R%25S%5D%20%3FX`, resulting in `WSU1Q1g6UiUyNVMlNUQlMjAlM0ZY`.
As a result the proxy will deny the request.
Please note that this is my first contribution to the ruby ecosystem, to
standard lib especially and I am not a ruby developer.
References:
- https://gitlab.com/gitlab-org/gitlab/-/issues/289836
- https://bugs.ruby-lang.org/projects/ruby-master/repository/trunk/revisions/58461
- https://bugs.ruby-lang.org/issues/17542
https://github.com/ruby/net-http/commit/e57d4f38aa
|
|
|
|
"9" * 999999999 (about 1 GB) was too large for some CI servers.
This commit changes the size to 999999 (about 1 MB).
http://rubyci.s3.amazonaws.com/scw-9d6766/ruby-master/log/20210427T141707Z.fail.html.gz
http://rubyci.s3.amazonaws.com/raspbian10-aarch64/ruby-master/log/20210427T145408Z.fail.html.gz
|
|
|
|
https://github.com/ruby/net-ftp/commit/865232bb2a
|
|
Reported by Alexandr Savca as a DoS vulnerability, but Net::FTP is a
client library and the impact of the issue is low, so I have decided
to fix it as a normal issue.
Based on patch by nobu.
https://github.com/ruby/net-ftp/commit/a93af636f8
|
|
setting up the transfer
Previously, the connection leaked in this case. This uses
begin/ensure and checking for an error in the ensure block.
An alternative approach would be to not even perform the
connection until after the RETR (or other) command has been
sent. However, I'm not sure all FTP servers support that.
The current behavior is:
* Send (PASV/EPSV)
* Connect to the host/port returned in 227/229 reply
* Send (RETR/other command)
Changing it to connect after the RETR could break things.
FTP servers might expect that the client has already
connected before sending the RETR. The alternative
approach is more likely to introduce backwards compatibility
issues, compared to the begin/ensure approach taken here.
Fixes Ruby Bug 17027
https://github.com/ruby/net-ftp/commit/6e8535f076
|
|
https://github.com/ruby/net-ftp/commit/3ca80368c4
|
|
|
|
```
.../ruby/test/net/http/test_httpresponse.rb:81: warning: constant RubyVM::MJIT is deprecated
```
|
|
https://github.com/ruby/net-http/commit/abc6ea1877
|
|
because the name "MJIT" is an internal code name, it's inconsistent with
--jit while they are related to each other, and I want to discourage future
JIT implementation-specific (e.g. MJIT-specific) APIs by this rename.
[Feature #17490]
|
|
for random hangs like:
http://ci.rvm.jp/results/trunk-mjit-wait@phosphorus-docker/3302796
http://ci.rvm.jp/results/trunk-mjit-wait@phosphorus-docker/3302188
http://ci.rvm.jp/results/trunk-mjit-wait@phosphorus-docker/3301293
|
|
|
|
* Otherwise those tests, etc cannot run on alternative Ruby implementations.
|
|
Notes:
Merged: https://github.com/ruby/ruby/pull/3778
|
|
Notes:
Merged: https://github.com/ruby/ruby/pull/3776
|
|
|
|
`make test-all` was very noisy by warnings like
```
Leaked file descriptor: Net::TestSMTP#test_start_with_position_argument: 6 : #<TCPSocket:fd 6, AF_INET, 127.0.0.1, 43770>
```
|
|
The expected certs must be `[CA_CERT, SERVER_CERT]` before 1.1.1g and
`[SERVER_CERT]` after 1.1.1h.
|
|
... depending upon the environment.
|
|
On some environments that uses OpenSSL 1.1.1h, the two tests now fail.
http://rubyci.s3.amazonaws.com/android29-x86_64/ruby-master/log/20200924T062352Z.fail.html.gz
https://github.com/ruby/ruby/runs/1159288773?check_suite_focus=true
```
1) Failure:
TestNetHTTPS#test_get [/data/data/com.termux/files/home/cb/tmp/build/20200924T062352Z/ruby/test/net/http/test_https.rb:47]:
<"0\x82\x03\xED0\x82\x02\xD5\xA0\x03..."> expected but was
<"0\x82\x03\xE30\x82\x02\xCB\xA0\x03...">.
```
Not sure why, but verify_callback now seems to receive only SERVER_CERT
but not CA_CERT.
It would be good to investigate the issue furthermore, but tentatively,
I want to stop the failures.
|
|
The helo argument is not important, but the helo argument must be
specified to specify the user and secret arguments.
If helo, user, secret, and authtype arguments are keyword arguments,
it is not necessary to specify the helo argument.
https://github.com/ruby/net-smtp/commit/269774deac
|
|
In tlsconnect(), the host name is checked when
@ssl_context.verify_mode is not OpenSSL::SSL::VERIFY_NONE, but the
verify_mode of @ssl_context generated by default is nil.
https://github.com/ruby/net-smtp/commit/bde75a15b5
|
|
https://github.com/ruby/net-http/commit/5ae9620fbc
|
