Skip to content

Commit 3c46b9f

Browse files
jpdasmajpdasma
committed
Add support to use SNI
1 parent 626c312 commit 3c46b9f

File tree

1 file changed

+7
-5
lines changed

1 file changed

+7
-5
lines changed

lib/net/ldap/connection.rb

Lines changed: 7 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -33,9 +33,10 @@ def socket_class=(socket_class)
3333
def prepare_socket(server, timeout=nil)
3434
socket = server[:socket]
3535
encryption = server[:encryption]
36+
hostname = server[:host]
3637

3738
@conn = socket
38-
setup_encryption(encryption, timeout) if encryption
39+
setup_encryption(encryption, timeout, hostname) if encryption
3940
end
4041

4142
def open_connection(server)
@@ -86,7 +87,7 @@ def close
8687
end
8788
end
8889

89-
def self.wrap_with_ssl(io, tls_options = {}, timeout=nil)
90+
def self.wrap_with_ssl(io, tls_options = {}, timeout=nil, hostname=nil)
9091
raise Net::LDAP::NoOpenSSLError, "OpenSSL is unavailable" unless Net::LDAP::HasOpenSSL
9192

9293
ctx = OpenSSL::SSL::SSLContext.new
@@ -96,6 +97,7 @@ def self.wrap_with_ssl(io, tls_options = {}, timeout=nil)
9697
ctx.set_params(tls_options) unless tls_options.empty?
9798

9899
conn = OpenSSL::SSL::SSLSocket.new(io, ctx)
100+
conn.hostname = hostname if hostname
99101

100102
begin
101103
if timeout
@@ -148,11 +150,11 @@ def self.wrap_with_ssl(io, tls_options = {}, timeout=nil)
148150
# communications, as with simple_tls. Thanks for Kouhei Sutou for
149151
# generously contributing the :start_tls path.
150152
#++
151-
def setup_encryption(args, timeout=nil)
153+
def setup_encryption(args, timeout=nil, hostname=nil)
152154
args[:tls_options] ||= {}
153155
case args[:method]
154156
when :simple_tls
155-
@conn = self.class.wrap_with_ssl(@conn, args[:tls_options], timeout)
157+
@conn = self.class.wrap_with_ssl(@conn, args[:tls_options], timeout, hostname)
156158
# additional branches requiring server validation and peer certs, etc.
157159
# go here.
158160
when :start_tls
@@ -170,7 +172,7 @@ def setup_encryption(args, timeout=nil)
170172

171173
raise Net::LDAP::StartTLSError,
172174
"start_tls failed: #{pdu.result_code}" unless pdu.result_code.zero?
173-
@conn = self.class.wrap_with_ssl(@conn, args[:tls_options], timeout)
175+
@conn = self.class.wrap_with_ssl(@conn, args[:tls_options], timeout, hostname)
174176
else
175177
raise Net::LDAP::EncMethodUnsupportedError, "unsupported encryption method #{args[:method]}"
176178
end

0 commit comments

Comments
 (0)