Bugs item #3318, was opened at 2006-01-24 16:52
You can respond by visiting: 
http://rubyforge.org/tracker/?func=detail&atid=1698&aid=3318&group_id=426

Category: Standard Library
Group: None
Status: Open
Resolution: None
Priority: 3
Submitted By: Jordan BoomBoom (jord)
Assigned to: Nobody (None)
Summary: net/https does not submit RFC compliant requests

Initial Comment:
Hi,

Working with net/https, I noticed a bug when it makes requests
to the server. Instead of making the following request:

-> GET /a/b/c?x=1 HTTP/1.1

It inserts 'https://' + URL + ':443' and makes the following request instead:

-> GET https://www.abc.com:443/a/b/c?x=1 HTTP/1.1

As can be seen this is an invalid HTTP request statement that causes 500 errors on the server.

Proof:

** irb
E:\>irb
irb(main):001:0> host, port, path = "www.abc.com", 443, "/a/b/c"
=> ["www.abc.com", 443, "/a/b/c"]
irb(main):002:0> require 'net/https'
=> true
irb(main):003:0> h = Net::HTTP.new(host, port, "127.0.0.1", 8080)
=> #<#<Class:0x2a99620> www.abc.com:443 open=false>
irb(main):004:0> h.use_ssl = true
=> true
irb(main):005:0> resp, body = h.get(path)
warning: peer certificate won't be verified in this SSL session.

** Burp proxy log
GET https://www.abc.com:443/a/b/c HTTP/1.1
Connection: close
Host: www.abc.com:443

I have a work around by commenting out the following
lines in the net/https.rb file and replacing them with path - Note
this method is now identical to the net/http.rb file:

module ProxyMod
     def edit_path( path )
       if use_ssl
          path
         #'https://' + addr_port + path
       else
         path
         #'http://' + addr_port + path
       end
     end
   end

OS: Windows XP
ruby -v : ruby 1.8.2 (2004-12-25) [i386-mswin32]

Cheers,
Jordan

----------------------------------------------------------------------

You can respond by visiting: 
http://rubyforge.org/tracker/?func=detail&atid=1698&aid=3318&group_id=426