From 83e0926a71e8151861ad37195971d906a597264e Mon Sep 17 00:00:00 2001
From: Jeremy Evans <code@jeremyevans.net>
Date: Mon, 3 Jan 2022 15:05:32 -0800
Subject: [PATCH] Fix invalid use of IP addresses in SNI

Server Name Indication does not allow IP addresses (RFC 6066, section 3:
`Literal IPv4 and IPv6 addresses are not permitted in "HostName".`).

Recent versions of LibreSSL enforce this requirement, and the tests
currently break when running on such versions.  Use localhost
instead of 127.0.0.1 to avoid the issue.  This requires adding
HTTPSNITest#connect, because s.hostname= is called before
ssl_socket_connect.
---
 test/webrick/test_httpproxy.rb | 8 ++++----
 test/webrick/test_https.rb     | 5 +++++
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/test/webrick/test_httpproxy.rb b/test/webrick/test_httpproxy.rb
index 1c2f2fc..5a60abb 100644
--- a/test/webrick/test_httpproxy.rb
+++ b/test/webrick/test_httpproxy.rb
@@ -282,7 +282,7 @@ def test_connect
     #    3.   ------- GET or POST ---------->
     #
     key = TEST_KEY_RSA2048
-    cert = make_certificate(key, "127.0.0.1")
+    cert = make_certificate(key, "localhost")
     s_config = {
       :SSLEnable =>true,
       :ServerName => "localhost",
@@ -300,7 +300,7 @@ def test_connect
         res.body = "SSL #{req.request_method} #{req.path} #{req.body}"
       }
       TestWEBrick.start_httpproxy(config){|server, addr, port, log|
-        http = Net::HTTP.new("127.0.0.1", s_port, addr, port)
+        http = Net::HTTP.new("localhost", s_port, addr, port)
         http.use_ssl = true
         http.verify_callback = Proc.new do |preverify_ok, store_ctx|
           store_ctx.current_cert.to_der == cert.to_der
@@ -398,7 +398,7 @@ def test_upstream_proxy
           #    3.   ---------- GET or POST -------------->
           #
           key = TEST_KEY_RSA2048
-          cert = make_certificate(key, "127.0.0.1")
+          cert = make_certificate(key, "localhost")
           s_config = {
             :SSLEnable =>true,
             :ServerName => "localhost",
@@ -409,7 +409,7 @@ def test_upstream_proxy
             s_server.mount_proc("/"){|req2, res|
               res.body = "SSL #{req2.request_method} #{req2.path} #{req2.body}"
             }
-            http = Net::HTTP.new("127.0.0.1", s_port, addr, port, up_log.call + log.call + s_log.call)
+            http = Net::HTTP.new("localhost", s_port, addr, port, up_log.call + log.call + s_log.call)
             http.use_ssl = true
             http.verify_callback = Proc.new do |preverify_ok, store_ctx|
               store_ctx.current_cert.to_der == cert.to_der
diff --git a/test/webrick/test_https.rb b/test/webrick/test_https.rb
index ec0aac3..05f4058 100644
--- a/test/webrick/test_https.rb
+++ b/test/webrick/test_https.rb
@@ -17,6 +17,11 @@ def empty_log.<<(str)
   class HTTPSNITest < ::Net::HTTP
     attr_accessor :sni_hostname
 
+    def connect
+      @address = 'localhost' if @address == '127.0.0.1'
+      super
+    end
+
     def ssl_socket_connect(s, timeout)
       s.hostname = sni_hostname
       super