Hi,
I was debugging why with the update to a newer version of ruby-net-ldap I was suddently seeing "Net::LDAP::Error ssl3 ext invalid servername" errors.
After a lot of hunting I discovered that SNI was always being set due to a missing distinguishment whether or not the hostname is an IP Address before going forward with setting conn.hostname if it is indeed a host.
The issue happens by passing 'host' to prepare_hostname around lib/net/ldap/connection.rb:53, where the following call is executed:
prepare_socket(server.merge(socket: @socket_class.new(host, port, socket_opts)), timeout, host)
The last argument to host will lead to set conn.hostname, which will perform the SNI check and raise the aforementioned error.
I suggest changing line 53 to something like the following:
host_name = host
begin
IPAddr.new(host_name)
host_name = nil
rescue IPAddr::InvalidAddressError
end
begin
prepare_socket(server.merge(socket: @socket_class.new(host, port, socket_opts)), timeout, host_name)
The version that I reproduced this with is 0.19.0 by simply using an IP Address as the address for the LDAP Server. I believe this was introduced by the fix to issue #405.
Thank you
Hi,
I was debugging why with the update to a newer version of ruby-net-ldap I was suddently seeing "Net::LDAP::Error ssl3 ext invalid servername" errors.
After a lot of hunting I discovered that SNI was always being set due to a missing distinguishment whether or not the hostname is an IP Address before going forward with setting conn.hostname if it is indeed a host.
The issue happens by passing 'host' to prepare_hostname around lib/net/ldap/connection.rb:53, where the following call is executed:
The last argument to host will lead to set conn.hostname, which will perform the SNI check and raise the aforementioned error.
I suggest changing line 53 to something like the following:
The version that I reproduced this with is 0.19.0 by simply using an IP Address as the address for the LDAP Server. I believe this was introduced by the fix to issue #405.
Thank you