httpx 0.24.4 → 0.24.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: bea174e31d4b4ca6122f591794da1096f14cf1ff058709c15a85adc3a871a011
-  data.tar.gz: 867912bad9a8161ee411a543de7932120f7eec975810c5150a308d004f7afaeb
+  metadata.gz: b3d9a59fa9d9cc1908f3135c38d9a8cb132312c0539795d3a341d87da3755d23
+  data.tar.gz: 8e88ca75fceac380b8fbb31fa627f3a30a2b938e2527baffbc2db00db64b76e5
 SHA512:
-  metadata.gz: 414ee34d56f3754b9109dfb7c20d2bfb9485fc070686993ad5271fcbfd4e5b01e3b7a56fa4ca18ad27435d4cc82ba8ec191975de4f42b44f8c03222775614996
-  data.tar.gz: 898850bfe5bf66b8d6b050eb1669cd4057417cdd9c320c0aaf962ab6a1c73958554452d67ed7a34e8f2d40b94910888aa70cd03589406bf0fab571e752c64ec7
+  metadata.gz: fe80712332209f6b188eca10aea16f0d1cb02b8af18682e6efda3844cd5d5de9e99cb0829cf162433fe85f7a070865808caa32a69df3ebe84b7dd483c105315f
+  data.tar.gz: 1ec1dd55a8ec80bceaab32a39dfa2e325f01f83c5e512be5c74feb8f4049ef9f34431ab6d33d00ad4b6fcf906d7883a0420e91a0663f2eb4fdd6ddb632b4d351

data/doc/release_notes/0_24_5.md

@@ -0,0 +1,6 @@
+# 0.24.5
+
+## Bugfixes
+
+* fix for SSL handshake post connection SAN check using IPv6 address.
+* fix bug in DoH impl when the request returned no answer.

data/lib/httpx/io/ssl.rb

@@ -4,7 +4,6 @@ require "openssl"
 
 module HTTPX
   TLSError = OpenSSL::SSL::SSLError
-  IPRegex = Regexp.union(Resolv::IPv4::Regex, Resolv::IPv6::Regex)
 
   class SSL < TCP
     using RegexpExtensions unless Regexp.method_defined?(:match?)
@@ -41,7 +40,6 @@ module HTTPX
         yield(self) if block_given?
       end
 
-      @hostname_is_ip = IPRegex.match?(@sni_hostname)
       @verify_hostname = @ctx.verify_hostname
     end
 
@@ -89,14 +87,16 @@ module HTTPX
                 @state != :connected
 
       unless @io.is_a?(OpenSSL::SSL::SSLSocket)
-        if @hostname_is_ip
+        if (hostname_is_ip = (@ip == @sni_hostname))
+          # IPv6 address would be "[::1]", must turn to "0000:0000:0000:0000:0000:0000:0000:0001" for cert SAN check
+          @sni_hostname = @ip.to_string
           # IP addresses in SNI is not valid per RFC 6066, section 3.
           @ctx.verify_hostname = false
         end
 
         @io = OpenSSL::SSL::SSLSocket.new(@io, @ctx)
 
-        @io.hostname = @sni_hostname unless @hostname_is_ip
+        @io.hostname = @sni_hostname unless hostname_is_ip
         @io.session = @ssl_session unless ssl_session_expired?
         @io.sync_close = true
       end

data/lib/httpx/resolver/https.rb

@@ -132,7 +132,7 @@ module HTTPX
 
       case code
       when :ok
-        parse_addresses(result)
+        parse_addresses(result, request)
       when :no_domain_found
         # Indicates no such domain was found.
 
@@ -146,13 +146,13 @@ module HTTPX
 
         emit_resolve_error(connection)
       when :decode_error
-        host, connection = @queries.first
-        reset_hostname(host)
+        host = @requests.delete(request)
+        connection = reset_hostname(host)
         emit_resolve_error(connection, connection.origin.host, result)
       end
     end
 
-    def parse_addresses(answers)
+    def parse_addresses(answers, request)
       if answers.empty?
         # no address found, eliminate candidates
         host = @requests.delete(request)

data/lib/httpx/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module HTTPX
-  VERSION = "0.24.4"
+  VERSION = "0.24.5"
 end

data/sig/io/ssl.rbs

@@ -1,8 +1,4 @@
 module HTTPX
-  IPRegex: Regexp
-
-  @ctx: OpenSSL::SSL::SSLContext
-  @verify_hostname: bool
 
   class TLSError < OpenSSL::SSL::SSLError
   end
@@ -10,6 +6,11 @@ module HTTPX
   class SSL < TCP
     TLS_OPTIONS: Hash[Symbol, untyped]
 
+    @ctx: OpenSSL::SSL::SSLContext
+    @verify_hostname: bool
+
+    attr_writer ssl_session: OpenSSL::SSL::Session?
+
     # TODO: lift when https://github.com/ruby/rbs/issues/1497 fixed
     # def initialize: (URI::Generic origin, Array[ipaddr]? addresses, options options) ?{ (self) -> void } -> void
 

data/sig/resolver/https.rbs

@@ -32,6 +32,8 @@ module HTTPX
 
       def parse: (Request request, Response response) -> void
 
+      def parse_addresses: (Array[dns_result] answers, Request request) -> void
+
       def build_request: (String hostname) -> Request
 
       def decode_response_body: (Response) -> dns_decoding_response

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: httpx
 version: !ruby/object:Gem::Version
-  version: 0.24.4
+  version: 0.24.5
 platform: ruby
 authors:
 - Tiago Cardoso
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-09-06 00:00:00.000000000 Z
+date: 2023-09-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: http-2-next
@@ -104,6 +104,7 @@ extra_rdoc_files:
 - doc/release_notes/0_24_2.md
 - doc/release_notes/0_24_3.md
 - doc/release_notes/0_24_4.md
+- doc/release_notes/0_24_5.md
 - doc/release_notes/0_2_0.md
 - doc/release_notes/0_2_1.md
 - doc/release_notes/0_3_0.md
@@ -200,6 +201,7 @@ files:
 - doc/release_notes/0_24_2.md
 - doc/release_notes/0_24_3.md
 - doc/release_notes/0_24_4.md
+- doc/release_notes/0_24_5.md
 - doc/release_notes/0_2_0.md
 - doc/release_notes/0_2_1.md
 - doc/release_notes/0_3_0.md