Sponge: bring in monkeypatch to override SSL hostname

We force a connection to a pre-resolved IP to avoid being tricked
into connecting to a local host, but hosts that use SNI need the
hostname in the SSL negotiation instead of an IP.

Fixes the problem with CloudFlare blocking requests to medium.com,
which prevented the URL canonicalization code from being run when a
medium URL was submitted, which prevented us from stripping off
those stupid referral codes medium attaches to URLs (which could
be stripped out in Story#url= but medium allows custom domains, so
that wouldn't work for things like m.signalvnoise.com).

Code from Pushover.
This commit is contained in:
joshua stein 2016-01-21 11:54:46 -06:00
parent 0ec9c3a2ac
commit 09a92040ed
1 changed files with 30 additions and 0 deletions

View File

@ -3,6 +3,34 @@ require "net/https"
require "resolv"
require "ipaddr"
module Net
class HTTP
attr_accessor :address, :custom_conn_address, :skip_close
def start # :yield: http
if block_given? && !skip_close
begin
do_start
return yield(self)
ensure
do_finish
end
end
do_start
self
end
private
def conn_address
if self.custom_conn_address.to_s != ""
self.custom_conn_address
else
address
end
end
end
end
class Sponge
MAX_TIME = 60
MAX_DNS_TIME = 5
@ -121,6 +149,8 @@ class Sponge
if uri.scheme == "https"
host.use_ssl = true
host.address = uri.host
host.custom_conn_address = ip.to_s
host.verify_mode = OpenSSL::SSL::VERIFY_NONE
end