diff -ruN ruby-1.8.6-p110.orig/ext/openssl/lib/openssl/ssl.rb ruby-1.8.6-p110/ext/openssl/lib/openssl/ssl.rb
--- ruby-1.8.6-p110.orig/ext/openssl/lib/openssl/ssl.rb	2007-02-13 08:01:19.000000000 +0900
+++ ruby-1.8.6-p110/ext/openssl/lib/openssl/ssl.rb	2007-10-04 22:38:48.000000000 +0900
@@ -88,7 +88,7 @@
             end
           }
         end
-        raise SSLError, "hostname not match"
+        raise SSLError, "hostname not match with the server certificate"
       end
     end
 
diff -ruN ruby-1.8.6-p110.orig/lib/net/http.rb ruby-1.8.6-p110/lib/net/http.rb
--- ruby-1.8.6-p110.orig/lib/net/http.rb	2007-02-13 08:01:19.000000000 +0900
+++ ruby-1.8.6-p110/lib/net/http.rb	2007-10-04 22:41:34.000000000 +0900
@@ -470,6 +470,7 @@
       @debug_output = nil
       @use_ssl = false
       @ssl_context = nil
+      @enable_post_connection_check = true
     end
 
     def inspect
@@ -526,6 +527,9 @@
       false   # redefined in net/https
     end
 
+    # specify enabling SSL server certificate and hostname checking.
+    attr_accessor :enable_post_connection_check
+
     # Opens TCP connection and HTTP session.
     # 
     # When this method is called with block, gives a HTTP object
@@ -584,6 +588,14 @@
           HTTPResponse.read_new(@socket).value
         end
         s.connect
+        if @ssl_context.verify_mode != OpenSSL::SSL::VERIFY_NONE
+          begin
+           s.post_connection_check(@address)
+          rescue OpenSSL::SSL::SSLError => ex
+           raise ex if @enable_post_connection_check
+           warn ex.message
+          end
+        end
       end
       on_connect
     end
diff -ruN ruby-1.8.6-p110.orig/lib/open-uri.rb ruby-1.8.6-p110/lib/open-uri.rb
--- ruby-1.8.6-p110.orig/lib/open-uri.rb	2007-02-13 08:01:19.000000000 +0900
+++ ruby-1.8.6-p110/lib/open-uri.rb	2007-10-04 22:42:18.000000000 +0900
@@ -229,6 +229,7 @@
     if target.class == URI::HTTPS
       require 'net/https'
       http.use_ssl = true
+      http.enable_post_connection_check = true
       http.verify_mode = OpenSSL::SSL::VERIFY_PEER
       store = OpenSSL::X509::Store.new
       store.set_default_paths
@@ -240,16 +241,6 @@
 
     resp = nil
     http.start {
-      if target.class == URI::HTTPS
-        # xxx: information hiding violation
-        sock = http.instance_variable_get(:@socket)
-        if sock.respond_to?(:io)
-          sock = sock.io # 1.9
-        else
-          sock = sock.instance_variable_get(:@socket) # 1.8
-        end
-        sock.post_connection_check(target_host)
-      end
       req = Net::HTTP::Get.new(request_uri, header)
       if options.include? :http_basic_authentication
         user, pass = options[:http_basic_authentication]
diff -ruN ruby-1.8.6-p110.orig/version.h ruby-1.8.6-p110/version.h
--- ruby-1.8.6-p110.orig/version.h	2007-09-23 09:01:50.000000000 +0900
+++ ruby-1.8.6-p110/version.h	2007-10-04 22:42:37.000000000 +0900
@@ -1,15 +1,15 @@
 #define RUBY_VERSION "1.8.6"
-#define RUBY_RELEASE_DATE "2007-09-23"
+#define RUBY_RELEASE_DATE "2007-09-24"
 #define RUBY_VERSION_CODE 186
-#define RUBY_RELEASE_CODE 20070923
-#define RUBY_PATCHLEVEL 110
+#define RUBY_RELEASE_CODE 20070924
+#define RUBY_PATCHLEVEL 111
 
 #define RUBY_VERSION_MAJOR 1
 #define RUBY_VERSION_MINOR 8
 #define RUBY_VERSION_TEENY 6
 #define RUBY_RELEASE_YEAR 2007
 #define RUBY_RELEASE_MONTH 9
-#define RUBY_RELEASE_DAY 23
+#define RUBY_RELEASE_DAY 24
 
 #ifdef RUBY_EXTERN
 RUBY_EXTERN const char ruby_version[];