SNI always on since #405 was implemented

Question

SNI always on since #405 was implemented

Opened this issue 3 months ago · 0 comments

Hi,

I was debugging why with the update to a newer version of ruby-net-ldap I was suddently seeing "Net::LDAP::Error ssl3 ext invalid servername" errors.

After a lot of hunting I discovered that SNI was always being set due to a missing distinguishment whether or not the hostname is an IP Address before going forward with setting conn.hostname if it is indeed a host.

The issue happens by passing 'host' to prepare_hostname around lib/net/ldap/connection.rb:53, where the following call is executed:

prepare_socket(server.merge(socket: @socket_class.new(host, port, socket_opts)), timeout, host)

The last argument to host will lead to set conn.hostname, which will perform the SNI check and raise the aforementioned error.

I suggest changing line 53 to something like the following:

       host_name = host
       begin
          IPAddr.new(host_name)
          host_name = nil
       rescue IPAddr::InvalidAddressError
       end

      begin
         prepare_socket(server.merge(socket: @socket_class.new(host, port, socket_opts)), timeout, host_name)

The version that I reproduced this with is 0.19.0 by simply using an IP Address as the address for the LDAP Server. I believe this was introduced by the fix to issue #405.

Thank you