-
-
Notifications
You must be signed in to change notification settings - Fork 925
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Net::HTTP doesn't call verify_callback #597
Comments
Same issue here. Has someone this on the list? Fails w/ jruby 1.7.4 as well as 1.7.5. |
Same issue here as well. should use setVerifyCallbackFunction |
👍 |
The OpenSSL verify_callback isn't supported on jruby [1], and behaves in somewhat surprising ways on OS X due to Apple monkey patching OpenSSL. We probably want to move in the direction of just passing through the OpenSSL exceptions anyway. [1] jruby/jruby#597
The OpenSSL verify_callback isn't supported on jruby [1], and behaves in somewhat surprising ways on OS X due to Apple monkey patching OpenSSL. We probably want to move in the direction of just passing through the OpenSSL exceptions anyway. [1] jruby/jruby#597 Fixes: rest-client#165 See also: rest-client#168, e03e5e6
Fun fact: if you set a Tested on #!/usr/bin/env ruby
if ARGV.include?('--fail')
always_fail = true
else
always_fail = false
end
require 'net/https'
uri = URI.parse('https://www.amazon.com/')
http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_PEER
http.verify_callback = lambda do |preverify_ok, ssl_context|
puts "***THIS SHOULD PRINT***"
puts "#{preverify_ok.inspect}, #{ssl_context.current_cert.subject}"
if always_fail
false
else
preverify_ok
end
end
http.ca_file = '/etc/ssl/certs/ca-certificates.crt'
http.cert_store = OpenSSL::X509::Store.new
response = http.start do |s|
s.get(uri.request_uri)
end
|
this is expected to be fixed (along the way of jruby-openssl) released, latest JRubies :
|
Test case:
In MRI, "_THIS SHOULD PRINT_", is printed. But not so for jruby.
The text was updated successfully, but these errors were encountered: