Created
March 21, 2013 17:02
-
-
Save kurrik/5214671 to your computer and use it in GitHub Desktop.
Demonstrating that Ruby sends invalid HTTPS requests unless use_ssl is explicitly set
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
require 'net/https' | |
# Returns {"errors":[{"message":"Bad Authentication data","code":215}]} | |
# Issues a HTTPS request to: GET https://api.twitter.com/1.1/users/show.json?user_id=33978 | |
# Prints: Explicit SSL: #<Net::HTTPBadRequest:0x10b65f188> | |
uri = URI.parse("https://api.twitter.com/1.1/users/show.json?user_id=33978") | |
http = Net::HTTP.new(uri.host, uri.port) | |
http.use_ssl = true | |
http.verify_mode = OpenSSL::SSL::VERIFY_PEER | |
request = Net::HTTP::Get.new(uri.request_uri) | |
begin | |
response = http.request(request) | |
puts "Explicit SSL: #{response}" | |
rescue EOFError => err | |
puts "No explicit SSL (EOFError): #{err}" | |
end | |
# Throws EOFError | |
# Issues a HTTP request to: GET http://api.twitter.com:443/1.1/users/show.json?user_id=33978 | |
# Prints: No explicit SSL (EOFError): end of file reached | |
uri = URI.parse("https://api.twitter.com/1.1/users/show.json?user_id=33978") | |
http = Net::HTTP.new(uri.host, uri.port) | |
request = Net::HTTP::Get.new(uri.request_uri) | |
begin | |
response = http.request(request) | |
puts "No explicit SSL: #{response}" | |
rescue EOFError => err | |
puts "No explicit SSL (EOFError): #{err}" | |
end | |
# Throws EOFError | |
# Issues a HTTP request to: GET http://api.twitter.com:443/1.1/users/show.json?user_id=33978 | |
# Prints: Blank accept-encoding: (EOFError): end of file reached | |
uri = URI.parse("https://api.twitter.com/1.1/users/show.json?user_id=33978") | |
http = Net::HTTP.new(uri.host, uri.port) | |
request = Net::HTTP::Get.new(uri.request_uri) | |
request["accept-encoding"] = "" | |
begin | |
response = http.request(request) | |
puts "Blank accept-encoding: #{response}" | |
rescue EOFError => err | |
puts "Blank accept-encoding: (EOFError): #{err}" | |
end | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is this still a thing? Wasn't it fixed in any version?