Issue #10533 has been updated by Michiel Karnebeek.
Following up on my comment a few days ago:
I ran a test in python using https://github.com/nabla-c0d3/sslyze (with OpenSSL 1.0.2a, same version as in Ruby) and introduced a sleep longer than the ssl session TTL at https://github.com/nabla-c0d3/sslyze/blob/master/plugins/PluginSessionResumption.py#L248 to see if this did supply the SNI
According to Wireshark, this correctly put both the SNI and session ticket in the Client Hello packet.
I think this is evidence that the OpenSSL used is capable of doing this, and that either Net::Http or the c-bindings for ruby to OpenSSL are doing something wrong.
----------------------------------------
Bug #10533: HTTP reconnection with SNI does not send correct hostname
https://bugs.ruby-lang.org/issues/10533#change-52982
* Author: Eric Hodel
* Status: Closed
* Priority: Normal
* Assignee: Eric Hodel
* ruby -v: ruby 2.1.5p273 (2014-11-13 revision 48405) [x86_64-darwin14.0]
* Backport: 2.0.0: DONE, 2.1: DONE
----------------------------------------
When reconnecting after connection timeout on an SNI connection the server name is not sent during reconnect which results in a failed reconnection:
~~~
$ cat test.rb
require 'net/http'
uri = URI 'https://david.shanske.com'
Net::HTTP.start uri.hostname, uri.port, use_ssl: true do |http|
req = Net::HTTP::Get.new uri
response = http.request req
p response.code
sleep 310
req = Net::HTTP::Get.new uri
response = http.request req
p response.code
end
$ ruby -v test.rb
ruby 2.1.5p273 (2014-11-13 revision 48405) [x86_64-darwin14.0]
"200"
/usr/local/lib/ruby/2.1.0/openssl/ssl.rb:178:in `post_connection_check': hostname "david.shanske.com" does not match the server certificate (OpenSSL::SSL::SSLError)
from /usr/local/lib/ruby/2.1.0/net/http.rb:922:in `connect'
from /usr/local/lib/ruby/2.1.0/net/http.rb:1447:in `begin_transport'
from /usr/local/lib/ruby/2.1.0/net/http.rb:1404:in `transport_request'
from /usr/local/lib/ruby/2.1.0/net/http.rb:1378:in `request'
from test.rb:10:in `block in <main>'
from /usr/local/lib/ruby/2.1.0/net/http.rb:853:in `start'
from /usr/local/lib/ruby/2.1.0/net/http.rb:583:in `start'
from test.rb:4:in `<main>'
~~~
---Files--------------------------------
net.http.bug10533.patch (685 Bytes)
--
https://bugs.ruby-lang.org/