Idea / Feature Request: to have ssl options for an object, not using global constants for it

[shiroginne]

Hello,
Right now to set ssl params global constants shall be used OpenSSL::SSL::SSLContext::DEFAULT_PARAMS, in general it's ok, but some times there is a need to apply specific ssl params just for a call in some class or module.

For example:
there is a European service which provides EORI check → https://ec.europa.eu/taxation_customs/dds2/eos/validation/services/validation with OpenSSL 3 HTTP and without OpenSSL::SSL::OP_IGNORE_UNEXPECTED_EOF flag, fails to open this url:

data = <<-XML
  <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
    <soap:Body>
      <ev:validateEORI xmlns:ev="http://eori.ws.eos.dds.s/">
        <ev:eori>EXAMPLE EORI</ev:eori>
      </ev:validateEORI>
    </soap:Body>
  </soap:Envelope>
XML

http = Net::HTTP.new("ec.europa.eu", 443)
http.use_ssl = true
http.post("/taxation_customs/dds2/eos/validation/services/validation", data, {"Content-Type" => "text/xml"})

.../.rvm/rubies/ruby-3.2.1/lib/ruby/3.2.0/openssl/buffering.rb:214:in `sysread_nonblock': SSL_read: unexpected eof while reading (OpenSSL::SSL::SSLError)
  from .../.rvm/rubies/ruby-3.2.1/lib/ruby/3.2.0/openssl/buffering.rb:214:in `read_nonblock'
  from .../.rvm/rubies/ruby-3.2.1/lib/ruby/3.2.0/net/protocol.rb:218:in `rbuf_fill'
  from .../.rvm/rubies/ruby-3.2.1/lib/ruby/3.2.0/net/protocol.rb:185:in `read_all'
  from .../.rvm/rubies/ruby-3.2.1/lib/ruby/3.2.0/net/http/response.rb:712:in `read_all'
  from .../.rvm/rubies/ruby-3.2.1/lib/ruby/3.2.0/net/http/response.rb:591:in `block in read_body_0'
  from .../.rvm/rubies/ruby-3.2.1/lib/ruby/3.2.0/net/http/response.rb:550:in `inflater'
  from .../.rvm/rubies/ruby-3.2.1/lib/ruby/3.2.0/net/http/response.rb:573:in `read_body_0'
  from .../.rvm/rubies/ruby-3.2.1/lib/ruby/3.2.0/net/http/response.rb:344:in `read_body'
  from .../.rvm/rubies/ruby-3.2.1/lib/ruby/3.2.0/net/http.rb:1841:in `block in send_entity'
  from .../.rvm/rubies/ruby-3.2.1/lib/ruby/3.2.0/net/http.rb:1873:in `block in transport_request'
  from .../.rvm/rubies/ruby-3.2.1/lib/ruby/3.2.0/net/http/response.rb:301:in `reading_body'
  from .../.rvm/rubies/ruby-3.2.1/lib/ruby/3.2.0/net/http.rb:1872:in `transport_request'
  from .../.rvm/rubies/ruby-3.2.1/lib/ruby/3.2.0/net/http.rb:1826:in `request'
  from .../.rvm/rubies/ruby-3.2.1/lib/ruby/3.2.0/net/http.rb:1819:in `block in request'
  from .../.rvm/rubies/ruby-3.2.1/lib/ruby/3.2.0/net/http.rb:1238:in `start'
  from .../.rvm/rubies/ruby-3.2.1/lib/ruby/3.2.0/net/http.rb:1817:in `request'

Setting the global SSL options would solve the issue:

OpenSSL::SSL::SSLContext::DEFAULT_PARAMS[:options] |= OpenSSL::SSL::OP_IGNORE_UNEXPECTED_EOF

3.2.1 :019 > http.post("/taxation_customs/dds2/eos/validation/services/validation", data, {"Content-Type" => "text/xml"})
 => #<Net::HTTPOK 200 OK readbody=true> 

but that would change global SSL settings.

We came up with the monkey patch idea:

Net::HTTP::SSL_IVNAMES << :@ssl_options
Net::HTTP::SSL_ATTRIBUTES << :options
Net::HTTP.class_eval do
  attr_accessor :ssl_options
end

http = Net::HTTP.new("ec.europa.eu", 443)
http.use_ssl = true
http.ssl_options = OpenSSL::SSL::SSLContext::DEFAULT_PARAMS[:options] | OpenSSL::SSL::OP_IGNORE_UNEXPECTED_EOF

http.post("/taxation_customs/dds2/eos/validation/services/validation", data, {"Content-Type" => "text/xml"})

which does it's job but it's a workaround after all.

---

The idea for the Net::HTTP would be to expose @ssl_options to the object so they could be set up per request/class etc.

---

Tech data:

• Ruby 3.2.1
• OpenSSL 3

[mmitchellg5]

🔥