From 091b71166d53717e5a9c4a1b140778b1e26868cc Mon Sep 17 00:00:00 2001
From: Dave Golombek <dgolombek@mylookout.com>
Date: Wed, 12 Apr 2017 09:34:46 -0400
Subject: [PATCH] Fix SNI handling for JRuby

Changes to set SSL connection timeout inadvertently broke SNI for
JRuby. This fixes #362 by creating a regular socket first, setting
timeouts on it, then wrapping that socket in a SSLSocet, specifying the
hostname when creating that wrapper socket.

No tests currently, I'm not sure how to test SNI locally.
---
 lib/httpclient/jruby_ssl_socket.rb | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/lib/httpclient/jruby_ssl_socket.rb b/lib/httpclient/jruby_ssl_socket.rb
index 046b498f..c25ce963 100644
--- a/lib/httpclient/jruby_ssl_socket.rb
+++ b/lib/httpclient/jruby_ssl_socket.rb
@@ -549,8 +549,11 @@ def create_ssl_socket(socket, dest, config, opts)
       if socket
         ssl_socket = factory.createSocket(socket, dest.host, dest.port, true)
       else
-        ssl_socket = factory.createSocket
-        JavaSocketWrap.connect(ssl_socket, dest, opts)
+        # Create a plain socket first to set connection timeouts on,
+        # then wrap it in a SSL socket so that SNI gets setup on it.
+        socket = javax.net.SocketFactory.getDefault.createSocket
+        JavaSocketWrap.connect(socket, dest, opts)
+        ssl_socket = factory.createSocket(socket, dest.host, dest.port, true)
       end
       ssl_socket
     end