"ssl_version" not applied to excon client

[entrity]

I get the error Excon::Errors::SocketError: SSL_connect SYSCALL returned=5 errno=0 state=unknown state (OpenSSL::SSL::SSLError). Specifying an excon global ssl_version obviates the problem, but specifying an ssl_version in HTTPI does not.

TMI:

I am making requests through Savon v 2.3.3, with HTTPI v 2.1.0 and Excon v 0.37.0. My application uses this stack to connect with multiple third-party applications, and the foregoing error arises for only one of them, appslive.com. When I specify Excon.defaults[:ssl_version] = "TLSv1", my request to appslive.com succeeds.

My code actually specifies :ssl_version => :TLSv1 for the Savon client, but this datum is not passed effectively from HTTPI to excon. When debugging my application with a breakpoint in HTTPI::request, I can find the ssl_version in the HTTPI::Auth::SSL data but not in the Excon::Connection, as you can see in the following output. (When I specify a global ssl_version for excon, the ssl_version does appear in the Excon::Connection at this breakpoint.)

[4] pry(HTTPI)> adapter_class
=> #<HTTPI::Adapter::Excon:0x000000060bb868
 @client=
  #<Excon::Connection:60bac60 @data={:chunk_size=>1048576, :ciphers=>"HIGH:!SSLv2:!aNULL:!eNULL:!3DES", :connect_timeout=>60, :debug_request=>false, :debug_response=>false, :headers=>{}, :idempotent=>false, :instrumentor_name=>"excon", :middlewares=>[Excon::Middleware::ResponseParser, Excon::Middleware::Expects, Excon::Middleware::Idempotent, Excon::Middleware::Instrumentor, Excon::Middleware::Mock], :mock=>false, :nonblock=>true, :omit_default_port=>false, :persistent=>false, :read_timeout=>60, :retry_limit=>4, :ssl_verify_peer=>true, :tcp_nodelay=>false, :uri_parser=>URI, :write_timeout=>60, :host=>"appslive.com", :path=>"/appsacord/acordwebs.asmx", :port=>"443", :query=>"WSDL", :scheme=>"https", :body=>nil, :ssl_ca_file=>"/etc/ssl/certs/ca-certificates.crt"} @socket_key="https://appslive.com:443">,
 @request=
  #<HTTPI::Request:0x000000074447e0
   @auth=
    #<HTTPI::Auth::Config:0x000000074446c8
     @ssl=
      #<HTTPI::Auth::SSL:0x000000074446a0
       @ca_cert_file="/etc/ssl/certs/ca-certificates.crt",
       @cert=nil,
       @cert_key=nil,
       @ssl_version=:TLSv1,
       @verify_mode=:peer>>,
   @headers={},
   @url=
    #<URI::HTTPS:0x000000074440b0 URL:https://appslive.com/appsacord/acordwebs.asmx?WSDL>>>

It looks as if the HTTPI adapter is just ineffective for my purpose. Please tell me I'm wrong. Is there a way that I can stipulate a ssl_version on a per-request basis?

[tjarratt]

I don't believe there is a way to set the ssl_version per request, but it sounds like the actual bug is that the version isn't passed to the Excon client. That seems like a real important bug to fix. I'd like to fix it myself, but I don't really have a lot of free time to investigate.

If you're willing, I'd love to be able to merge a pull request to fix this, @Vaselinessa -- I'd be more than willing to answer any questions or provide feedback if you'd like.

[entrity]

Makes sense. I'll see if I can make time this week.

[tjarratt]

Thank you so much for contributing to Savon and HTTPI @Vaselinessa!

[tjarratt]

You should be able to install HTTPI v2.1.1 on rubygems.org to pick up this change.

It is also available as v2.7.7 as a patch update for the latest HTTPI, for any interested parties.

Thanks so much again, for contributing your time!