SNI support

Question

SNI support

hengwoon opened this issue 4 years ago · comments

Are there plans to support SNI with Net::SMTP? Currently the TLS connection fails with a OpenSSL::SSL::SSLError: hostname foo.bar.com does not match the server certificate, where the cert has a subject name of bar.com, but is a multi-domain cert with foo.bar.com as a subject alternative name

Currently this is what I am doing:

module Net
  class SMTP
    module ForceSNI
      private
      def ssl_socket(socket, context)
        s = super
        s.hostname = @address if s.respond_to? :hostname=
        s
      end
    end

    prepend ForceSNI
  end
end

Unless I'm missing an option or something, I don't see a way to enable SNI currently

nicholas a. evans · Answer 1 · Wed Mar 25 2020 05:54:44 GMT+0800 (China Standard Time)

FYI: I didn't reallize net/smtp had been extracted to a gem (lib/net/smtp.rb still exists in the ruby repository). So I opened a ruby issue here: https://bugs.ruby-lang.org/issues/16611 and a github PR here: ruby/ruby#2883

nicholas a. evans · Answer 2 · Wed Mar 25 2020 06:12:53 GMT+0800 (China Standard Time)

Okay, see #4 😄