Merge pull request #722 from cosmo0920/support-verify-hostname-parame…

…ter-on-ssl_context

Support ssl_verify_hostname parameter to use OpenSSL::SSL::SSLContext#verify_hostname=

lib/excon/constants.rb

@@ -95,6 +95,7 @@ module Excon
     :ssl_verify_callback,
     :ssl_verify_peer,
     :ssl_verify_peer_host,
+    :ssl_verify_hostname,
     :ssl_version,
     :ssl_min_version,
     :ssl_max_version,

lib/excon/ssl_socket.rb

@@ -73,6 +73,9 @@ def initialize(data = {})
         ssl_context.verify_mode = OpenSSL::SSL::VERIFY_NONE
       end
 
+      # Verify certificate hostname if supported (ruby >= 2.4.0)
+      ssl_context.verify_hostname = @data[:ssl_verify_hostname] if ssl_context.respond_to?(:verify_hostname=)
+
       if client_cert_data && client_key_data
         ssl_context.cert = OpenSSL::X509::Certificate.new client_cert_data
         if OpenSSL::PKey.respond_to? :read

tests/basic_tests.rb

@@ -138,6 +138,23 @@ def timed_streaming_test(endpoint, timeout)
   end
 end
 
+Shindo.tests('Excon basics verify_hostname (ssl)') do
+  with_rackup('ssl.ru') do
+    connection = nil
+    test do
+      ssl_ca_file = File.join(File.dirname(__FILE__), 'data', '127.0.0.1.cert.crt')
+      connection = Excon.new('https://127.0.0.1:9443', :ssl_verify_peer => true, :ssl_ca_file => ssl_ca_file, :ssl_verify_hostname => true )
+      true
+    end
+
+    tests('response.status').returns(200) do
+      response = connection.request(:method => :get, :path => '/content-length/100')
+
+      response.status
+    end
+  end
+end
+
 Shindo.tests('Excon ssl verify peer (ssl)') do
   with_rackup('ssl.ru') do
     connection = nil