Class: Net::HTTP

Inherits:
Object
  • Object
show all
Defined in:
lib/openid/fetchers.rb

Instance Method Summary collapse

Instance Method Details

#post_connection_check(hostname) ⇒ Object

Raises:

  • (OpenSSL::SSL::SSLError) 


17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
 
# File 'lib/openid/fetchers.rb', line 17

def post_connection_check(hostname)
  check_common_name = true
  cert = @socket.io.peer_cert
  cert.extensions.each { |ext|
    next if ext.oid != "subjectAltName"
    ext.value.split(/,\s+/).each{ |general_name|
      if /\ADNS:(.*)/ =~ general_name
        check_common_name = false
        reg = Regexp.escape($1).gsub(/\\\*/, "[^.]+")
        return true if /\A#{reg}\z/i =~ hostname
      elsif /\AIP Address:(.*)/ =~ general_name
        check_common_name = false
        return true if $1 == hostname
      end
    }
  }
  if check_common_name
    cert.subject.to_a.each{ |oid, value|
      if oid == "CN"
        reg = Regexp.escape(value).gsub(/\\\*/, "[^.]+")
        return true if /\A#{reg}\z/i =~ hostname
      end
    }
  end
  raise OpenSSL::SSL::SSLError, "hostname does not match"
end