Add #verify_hostname= and #verify_hostname to skip hostname verification (#2858)

According to ruby/openssl#60,

> Currently an user who wants to do the hostname verification needs to
call SSLSocket#post_connection_check explicitly after the TLS connection
is established.

if an user who wants to skip the hostname verification,
SSLSocket#post_connection_check doesn't need to be called

https://bugs.ruby-lang.org/issues/16555

Author: ganmacs

lib/net/http.rb

@@ -844,6 +844,7 @@ def use_ssl=(flag)
       :@verify_callback,
       :@verify_depth,
       :@verify_mode,
+      :@verify_hostname,
     ]
     SSL_ATTRIBUTES = [
       :ca_file,
@@ -859,6 +860,7 @@ def use_ssl=(flag)
       :verify_callback,
       :verify_depth,
       :verify_mode,
+      :verify_hostname,
     ]
 
     # Sets path of a CA certification file in PEM format.
@@ -908,6 +910,10 @@ def use_ssl=(flag)
     # OpenSSL::SSL::VERIFY_NONE or OpenSSL::SSL::VERIFY_PEER are acceptable.
     attr_accessor :verify_mode
 
+    # Sets to check the server certificate is valid for the hostname.
+    # See OpenSSL::SSL::SSLContext#verify_hostname=
+    attr_accessor :verify_hostname
+
     # Returns the X.509 certificates the server presented.
     def peer_cert
       if not use_ssl? or not @socket
@@ -986,9 +992,11 @@ def connect
         ssl_parameters = Hash.new
         iv_list = instance_variables
         SSL_IVNAMES.each_with_index do |ivname, i|
-          if iv_list.include?(ivname) and
+          if iv_list.include?(ivname)
             value = instance_variable_get(ivname)
-            ssl_parameters[SSL_ATTRIBUTES[i]] = value if value
+            unless value.nil?
+              ssl_parameters[SSL_ATTRIBUTES[i]] = value
+            end
           end
         end
         @ssl_context = OpenSSL::SSL::SSLContext.new
@@ -1007,7 +1015,7 @@ def connect
           s.session = @ssl_session
         end
         ssl_socket_connect(s, @open_timeout)
-        if @ssl_context.verify_mode != OpenSSL::SSL::VERIFY_NONE
+        if (@ssl_context.verify_mode != OpenSSL::SSL::VERIFY_NONE) && @ssl_context.verify_hostname
           s.post_connection_check(@address)
         end
         D "SSL established, protocol: #{s.ssl_version}, cipher: #{s.cipher[0]}"

test/net/http/test_https.rb

@@ -204,6 +204,29 @@ def test_verify_none
     skip $!
   end
 
+  def test_skip_hostname_verfiction
+    TestNetHTTPUtils.clean_http_proxy_env do
+      http = Net::HTTP.new('invalid_servername', config('port'))
+      http.ipaddr = config('host')
+      http.use_ssl = true
+      http.cert_store = TEST_STORE
+      http.verify_hostname = false
+      assert_nothing_raised { http.start }
+    end
+  end
+
+  def test_fail_if_verify_hostname_is_true
+    TestNetHTTPUtils.clean_http_proxy_env do
+      http = Net::HTTP.new('invalid_servername', config('port'))
+      http.ipaddr = config('host')
+      http.use_ssl = true
+      http.cert_store = TEST_STORE
+      http.verify_hostname = true
+      @log_tester = lambda { |_| }
+      assert_raise(OpenSSL::SSL::SSLError) { http.start }
+    end
+  end
+
   def test_certificate_verify_failure
     http = Net::HTTP.new("localhost", config("port"))
     http.use_ssl = true