From 34c2783a878ed87555632ce73a1ace9dfa9e11df Mon Sep 17 00:00:00 2001
From: Jeremy Evans <code@jeremyevans.net>
Date: Tue, 4 Jan 2022 10:07:53 -0800
Subject: [PATCH] Remove verify_hostname requires hostname warning

When connecting to an IP address, you should not set hostname,
since IP addresses are not allowed as SNI server names (per RFC 6066,
section 3).  A recent change to LibreSSL made it more strict, and
LibreSSL will now raise an error if hostname= is used with an IP
address.

While SNI should not be used when connecting to an IP address, you
still want to verify that the certificate sent by the server is
valid for the IP address.  Currently, that results in a warning,
but it should not result in a warning as there is no way around
the problem in this case.
---
 ext/openssl/ossl_ssl.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c
index 9a0682a7c..e1e76ae1d 100644
--- a/ext/openssl/ossl_ssl.c
+++ b/ext/openssl/ossl_ssl.c
@@ -307,7 +307,6 @@ call_verify_certificate_identity(VALUE ctx_v)
     hostname = rb_attr_get(ssl_obj, id_i_hostname);
 
     if (!RTEST(hostname)) {
-	rb_warning("verify_hostname requires hostname to be set");
 	return Qtrue;
     }