lib/httpx/io/ssl.rb in httpx-0.1.0 vs lib/httpx/io/ssl.rb in httpx-0.2.0

@@ -8,11 +8,11 @@
       { alpn_protocols: %w[h2 http/1.1] }
     else
       {}
     end
 
-    def initialize(_, options)
+    def initialize(_, _, options)
       @ctx = OpenSSL::SSL::SSLContext.new
       ctx_options = TLS_OPTIONS.merge(options.ssl)
       @ctx.set_params(ctx_options) unless ctx_options.empty?
       super
       @state = :negotiated if @keep_open
@@ -26,10 +26,16 @@
       @io.alpn_protocol || super
     rescue StandardError
       super
     end
 
+    def verify_hostname(host)
+      return false if @ctx.verify_mode == OpenSSL::SSL::VERIFY_NONE
+      return false if @io.peer_cert.nil?
+      OpenSSL::SSL.verify_certificate_identity(@io.peer_cert, host)
+    end
+
     def close
       super
       # allow reconnections
       # connect only works if initial @io is a socket
       @io = @io.io if @io.respond_to?(:io)
@@ -100,8 +106,20 @@
       when :closed
         return unless @state == :negotiated ||
                       @state == :connected
       end
       do_transition(nextstate)
+    end
+
+    def log_transition_state(nextstate)
+      return super unless nextstate == :negotiated
+      server_cert = @io.peer_cert
+      "SSL connection using #{@io.ssl_version} / #{@io.cipher.first}\n" \
+        "ALPN, server accepted to use #{protocol}\n" \
+        "Server certificate:\n" \
+        " subject: #{server_cert.subject}\n" \
+        " start date: #{server_cert.not_before}\n" \
+        " start date: #{server_cert.not_after}\n" \
+        " issuer: #{server_cert.issuer}"
     end
   end
 end