| One difficulty with implementing happy eyeballs is that Net::HTTP only accepts a hostname or IP to connect to, and always performs SSL verification against that value. If we pass a hostname, then ruby looks up the ipv6 or v4 address, and uses the first one it can connect to. If we pass the IP address, then verification of the server's SSL cert will likely fail. I say likely because it's possible to add the server's IP address as a subject alt name, but that's not very common. To implement happy eyeballs we could either:
- call Net::HTTP.start with both the IP address (v4 or v6) and fqdn, where SSL verification happens against the latter. This would require an upstream ruby PR.
- override the SSL verification callback and do the post_connection_check ourselves.
|