Is the patch to SSLSocket still necessary? The ipaddr parameter could be used

[collimarco]

Maybe I am missing something but I think that the validation flow should be:

1. Resolve the hostname to an IP address
2. Use Net::HTTP#start with the ipaddr parameter to connect to that IP address
3. The SNI and Host header are populated normally from the original URL (using ipaddr doesn't alter them)

This would make the monkeypatch unnecessary.

[arkadiyt]

Thanks for flagging, this option didn't exist when ssrf_filter was originally written. It looks like it's only supported on ruby 2.7+ so I'd have to drop ruby 2.6 support to use this, but that seems ok

[arkadiyt]

Given that there's no external changes I'm inclined to not release a new version for this, but let me know if you need this for some reason

[collimarco]

@arkadiyt Thanks for the quick reply! If you release a new gem version that would make it easier to use the latest version (I would prefer to avoid patches to SSLSocket)

[arkadiyt]

Published 1.2.0