NameError: uninitialized constant OpenSSL::SSL::Session

[jordansissel]

Background -

I'm working on some security-related things and want to verify what TLS/SSL protocol has been negotiated after a connection is made before I start trusting it. The world of TLS libraries are a bit inconsistent (ruby openssl has SSLContext#ssl_version= to set a specific version, Go tls has MinVersion for a minimum version). To avoid confusion, I want to ask the socket about its session before I move forward sending sensitive data over the encrypted channel.

Situation -

To do this check, SSLSocket has a #session to get me the OpenSSL::SSL::Session object. To be Under MRI, this seems to work, even if it's quite obscure. For example, to ask what was negotiated, Session#to_text will tell me.

>> OpenSSL::SSL::SSLContext::METHODS.reject { |x| x.to_s =~ /(server|client)/ }.each { |ver|  ctx = OpenSSL::SSL::SSLContext.new; ctx.ssl_version = ver; s = OpenSSL::SSL::SSLSocket.new(TCPSocket.new("google.com", 443), ctx); s.connect; p ver => s.session.to_text.split("\n").grep(/Proto/).first.split(/ *: */).last }
{:TLSv1=>"TLSv1"}
{:TLSv1_2=>"TLSv1.2"}
{:TLSv1_1=>"TLSv1.1"}
{:SSLv3=>"SSLv3"}
{:SSLv23=>"TLSv1.2"}

This fails under JRuby 1.7.17 during the OpenSSL::SSL::SSLSocket#session call because OpenSSL::SSL::Session is not defined.

---

This is NOT a blocker. While I don't yet know of a run-time work-around, I can work around this by doing more extensive testing which I'll need to do anyway.

[mkristian]

could you test this also against jruby-openssl-0.9.6.gem - jruby-1.7.17 and jruby-1.7.18 comes with jruby-openssl-0.9.5.gem !?

[kares]

@mkristian OpenSSL::SSL::Session is simply not-implemented ("emulated") at all on our side ...

[erichandsmith]

Successfully tested kares' 955f15a commit with persistent.rb.