You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I was debugging why with the update to a newer version of ruby-net-ldap I was suddently seeing "Net::LDAP::Error ssl3 ext invalid servername" errors.
After a lot of hunting I discovered that SNI was always being set due to a missing distinguishment whether or not the hostname is an IP Address before going forward with setting conn.hostname if it is indeed a host.
The issue happens by passing 'host' to prepare_hostname around lib/net/ldap/connection.rb:53, where the following call is executed:
The last argument to host will lead to set conn.hostname, which will perform the SNI check and raise the aforementioned error.
I suggest changing line 53 to something like the following:
host_name = host
begin
IPAddr.new(host_name)
host_name = nil
rescue IPAddr::InvalidAddressError
end
begin
prepare_socket(server.merge(socket: @socket_class.new(host, port, socket_opts)), timeout, host_name)
The version that I reproduced this with is 0.19.0 by simply using an IP Address as the address for the LDAP Server. I believe this was introduced by the fix to issue #405.
Thank you
The text was updated successfully, but these errors were encountered:
Hi,
I was debugging why with the update to a newer version of ruby-net-ldap I was suddently seeing "Net::LDAP::Error ssl3 ext invalid servername" errors.
After a lot of hunting I discovered that SNI was always being set due to a missing distinguishment whether or not the hostname is an IP Address before going forward with setting conn.hostname if it is indeed a host.
The issue happens by passing 'host' to prepare_hostname around lib/net/ldap/connection.rb:53, where the following call is executed:
The last argument to host will lead to set conn.hostname, which will perform the SNI check and raise the aforementioned error.
I suggest changing line 53 to something like the following:
The version that I reproduced this with is 0.19.0 by simply using an IP Address as the address for the LDAP Server. I believe this was introduced by the fix to issue #405.
Thank you
The text was updated successfully, but these errors were encountered: