Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix openssl error when using multiple hosts #417

Merged
merged 1 commit into from
Jun 29, 2023
Merged

Fix openssl error when using multiple hosts #417

merged 1 commit into from
Jun 29, 2023

Conversation

jpdasma
Copy link
Contributor

@jpdasma jpdasma commented Jun 27, 2023

There was a bug introduced by #406

When using multiple hosts, it will cause the following error:

#<Socket:0x00007f856352f270>/opt/gitlab/embedded/lib/ruby/gems/3.0.0/gems/net-ldap-0.18.0/lib/net/ldap/connection.rb:75:in `open_connection': Unable to connect to any given server:  (Net::LDAP::ConnectionError)
  SocketError: getaddrinfo: Name or service not known (non.existent.domain:636)
  OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 peeraddr=216.239.32.58:636 state=error: certificate verify failed (Hostname mismatch) (ldap.google.com:636)
        from /opt/gitlab/embedded/lib/ruby/gems/3.0.0/gems/net-ldap-0.18.0/lib/net/ldap/connection.rb:707:in `socket'
        from /opt/gitlab/embedded/lib/ruby/gems/3.0.0/gems/net-ldap-0.18.0/lib/net/ldap.rb:1329:in `new_connection'
        from /opt/gitlab/embedded/lib/ruby/gems/3.0.0/gems/net-ldap-0.18.0/lib/net/ldap.rb:1308:in `use_connection'
        from /opt/gitlab/embedded/lib/ruby/gems/3.0.0/gems/net-ldap-0.18.0/lib/net/ldap.rb:783:in `block in search'
        from /opt/gitlab/embedded/lib/ruby/gems/3.0.0/gems/net-ldap-0.18.0/lib/net/ldap/instrumentation.rb:19:in `instrument'
        from /opt/gitlab/embedded/lib/ruby/gems/3.0.0/gems/net-ldap-0.18.0/lib/net/ldap.rb:782:in `search'
        from /opt/gitlab/embedded/lib/ruby/gems/3.0.0/gems/net-ldap-0.18.0/lib/net/ldap.rb:1215:in `search_root_dse'
        from ./test.rb:9:in `<main>'

This is because hostname is being set to 127.0.0.1 when using hosts.

@jpdasma
Copy link
Contributor Author

jpdasma commented Jun 27, 2023

@HarlemSquirrel it appears that I introduced a bug in the SNI PR. This should fix the issue when using the hosts argument.

Thanks!

@jpdasma
Copy link
Contributor Author

jpdasma commented Jun 27, 2023

I only did some testing here and it worked when using single host and port, and also with hosts.

I'm not sure if this will affect prepare_socket here:

ruby-net-ldap/lib/net/ldap/connection.rb

Line 707 in 84bfc38

prepare_socket(@server)

@HarlemSquirrel HarlemSquirrel merged commit 95cec38 into ruby-ldap:master Jun 29, 2023
@alexjfisher
Copy link
Contributor

@HarlemSquirrel I've just hit this too. Would you be able to push out a new release with this fix?

Thanks

@alexjfisher alexjfisher mentioned this pull request Jan 3, 2024
Open
@HarlemSquirrel
Copy link
Member

@alexjfisher done
https://github.com/ruby-ldap/ruby-net-ldap/releases/tag/v0.19.0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@HarlemSquirrel HarlemSquirrel HarlemSquirrel approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jpdasma @alexjfisher @HarlemSquirrel