From 711ece42cddc4737a4b1667b1f20ca74030d0255 Mon Sep 17 00:00:00 2001
From: drbrain <drbrain@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Tue, 25 Nov 2014 07:09:48 +0000
Subject: [PATCH] * lib/net/http.rb:  Do not attempt SSL session resumption
 when the   session is expired.  [Bug #10533]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@48563 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 ChangeLog       | 5 +++++
 lib/net/http.rb | 5 ++++-
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index 7ed6a41dc6..8437b99bad 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+Tue Nov 25 16:09:28 2014  Eric Hodel  <drbrain@segment7.net>
+
+	* lib/net/http.rb:  Do not attempt SSL session resumption when the
+	  session is expired.  [Bug #10533]
+
 Tue Nov 25 15:59:46 2014  Eric Hodel  <drbrain@segment7.net>
 
 	* lib/rake:  Update to rake 10.4.0
diff --git a/lib/net/http.rb b/lib/net/http.rb
index aceb530442..b5706c597f 100644
--- a/lib/net/http.rb
+++ b/lib/net/http.rb
@@ -914,7 +914,10 @@ module Net   #:nodoc:
             @socket.write(buf)
             HTTPResponse.read_new(@socket).value
           end
-          s.session = @ssl_session if @ssl_session
+          if @ssl_session and
+             Time.now < @ssl_session.time + @ssl_session.timeout
+            s.session = @ssl_session if @ssl_session
+          end
           # Server Name Indication (SNI) RFC 3546
           s.hostname = @address if s.respond_to? :hostname=
           Timeout.timeout(@open_timeout, Net::OpenTimeout) { s.connect }