class Net::HTTP

Public Instance Methods

post_connection_check(hostname) click to toggle source
# File lib/openid/fetchers.rb, line 17
def post_connection_check(hostname)
  check_common_name = true
  cert = @socket.io.peer_cert
  cert.extensions.each { |ext|
    next if ext.oid != "subjectAltName"
    ext.value.split(/,\s+/).each{ |general_name|
      if /\ADNS:(.*)/ =~ general_name
        check_common_name = false
        reg = Regexp.escape($1).gsub(/\\*/, "[^.]+")
        return true if /\A#{reg}\z/i =~ hostname
      elsif /\AIP Address:(.*)/ =~ general_name
        check_common_name = false
        return true if $1 == hostname
      end
    }
  }
  if check_common_name
    cert.subject.to_a.each{ |oid, value|
      if oid == "CN"
        reg = Regexp.escape(value).gsub(/\\*/, "[^.]+")
        return true if /\A#{reg}\z/i =~ hostname
      end
    }
  end
  raise OpenSSL::SSL::SSLError, "hostname does not match"
end