Object
class SSLContext
The following attributes are available but don't show up in rdoc. All attributes must be set before calling SSLSocket.new(io, ctx). * ssl_version, cert, key, client_ca, ca_file, ca_path, timeout, * verify_mode, verify_depth client_cert_cb, tmp_dh_callback, * session_id_context, session_add_cb, session_new_cb, session_remove_cb
You can get a list of valid methods with OpenSSL::SSL::SSLContext::METHODS
static VALUE ossl_sslctx_initialize(int argc, VALUE *argv, VALUE self) { VALUE ssl_method; int i; for(i = 0; i < numberof(ossl_sslctx_attrs); i++){ char buf[32]; snprintf(buf, sizeof(buf), "@%s", ossl_sslctx_attrs[i]); rb_iv_set(self, buf, Qnil); } if (rb_scan_args(argc, argv, "01", &ssl_method) == 0){ return self; } ossl_sslctx_set_ssl_version(self, ssl_method); return self; }
static VALUE ossl_sslctx_get_ciphers(VALUE self) { SSL_CTX *ctx; STACK_OF(SSL_CIPHER) *ciphers; SSL_CIPHER *cipher; VALUE ary; int i, num; Data_Get_Struct(self, SSL_CTX, ctx); if(!ctx){ rb_warning("SSL_CTX is not initialized."); return Qnil; } ciphers = ctx->cipher_list; if (!ciphers) return rb_ary_new(); num = sk_num((STACK*)ciphers); ary = rb_ary_new2(num); for(i = 0; i < num; i++){ cipher = (SSL_CIPHER*)sk_value((STACK*)ciphers, i); rb_ary_push(ary, ossl_ssl_cipher_to_ary(cipher)); } return ary; }
static VALUE ossl_sslctx_set_ciphers(VALUE self, VALUE v) { SSL_CTX *ctx; VALUE str, elem; int i; rb_check_frozen(self); if (NIL_P(v)) return v; else if (TYPE(v) == T_ARRAY) { str = rb_str_new(0, 0); for (i = 0; i < RARRAY_LEN(v); i++) { elem = rb_ary_entry(v, i); if (TYPE(elem) == T_ARRAY) elem = rb_ary_entry(elem, 0); elem = rb_String(elem); rb_str_append(str, elem); if (i < RARRAY_LEN(v)-1) rb_str_cat2(str, ":"); } } else { str = v; StringValue(str); } Data_Get_Struct(self, SSL_CTX, ctx); if(!ctx){ ossl_raise(eSSLError, "SSL_CTX is not initialized."); return Qnil; } if (!SSL_CTX_set_cipher_list(ctx, RSTRING_PTR(str))) { ossl_raise(eSSLError, "SSL_CTX_set_cipher_list:"); } return v; }
static VALUE ossl_sslctx_flush_sessions(int argc, VALUE *argv, VALUE self) { VALUE arg1; SSL_CTX *ctx; time_t tm = 0; rb_scan_args(argc, argv, "01", &arg1); Data_Get_Struct(self, SSL_CTX, ctx); if (NIL_P(arg1)) { tm = time(0); } else if (rb_obj_is_instance_of(arg1, rb_cTime)) { tm = NUM2LONG(rb_funcall(arg1, rb_intern("to_i"), 0)); } else { rb_raise(rb_eArgError, "arg must be Time or nil"); } SSL_CTX_flush_sessions(ctx, tm); return self; }
static VALUE ossl_sslctx_session_add(VALUE self, VALUE arg) { SSL_CTX *ctx; SSL_SESSION *sess; Data_Get_Struct(self, SSL_CTX, ctx); SafeGetSSLSession(arg, sess); return SSL_CTX_add_session(ctx, sess) == 1 ? Qtrue : Qfalse; }
static VALUE ossl_sslctx_get_session_cache_mode(VALUE self) { SSL_CTX *ctx; Data_Get_Struct(self, SSL_CTX, ctx); return LONG2NUM(SSL_CTX_get_session_cache_mode(ctx)); }
static VALUE ossl_sslctx_set_session_cache_mode(VALUE self, VALUE arg) { SSL_CTX *ctx; Data_Get_Struct(self, SSL_CTX, ctx); SSL_CTX_set_session_cache_mode(ctx, NUM2LONG(arg)); return arg; }
static VALUE ossl_sslctx_get_session_cache_size(VALUE self) { SSL_CTX *ctx; Data_Get_Struct(self, SSL_CTX, ctx); return LONG2NUM(SSL_CTX_sess_get_cache_size(ctx)); }
static VALUE ossl_sslctx_set_session_cache_size(VALUE self, VALUE arg) { SSL_CTX *ctx; Data_Get_Struct(self, SSL_CTX, ctx); SSL_CTX_sess_set_cache_size(ctx, NUM2LONG(arg)); return arg; }
static VALUE ossl_sslctx_get_session_cache_stats(VALUE self) { SSL_CTX *ctx; VALUE hash; Data_Get_Struct(self, SSL_CTX, ctx); hash = rb_hash_new(); rb_hash_aset(hash, ID2SYM(rb_intern("cache_num")), LONG2NUM(SSL_CTX_sess_number(ctx))); rb_hash_aset(hash, ID2SYM(rb_intern("connect")), LONG2NUM(SSL_CTX_sess_connect(ctx))); rb_hash_aset(hash, ID2SYM(rb_intern("connect_good")), LONG2NUM(SSL_CTX_sess_connect_good(ctx))); rb_hash_aset(hash, ID2SYM(rb_intern("connect_renegotiate")), LONG2NUM(SSL_CTX_sess_connect_renegotiate(ctx))); rb_hash_aset(hash, ID2SYM(rb_intern("accept")), LONG2NUM(SSL_CTX_sess_accept(ctx))); rb_hash_aset(hash, ID2SYM(rb_intern("accept_good")), LONG2NUM(SSL_CTX_sess_accept_good(ctx))); rb_hash_aset(hash, ID2SYM(rb_intern("accept_renegotiate")), LONG2NUM(SSL_CTX_sess_accept_renegotiate(ctx))); rb_hash_aset(hash, ID2SYM(rb_intern("cache_hits")), LONG2NUM(SSL_CTX_sess_hits(ctx))); rb_hash_aset(hash, ID2SYM(rb_intern("cb_hits")), LONG2NUM(SSL_CTX_sess_cb_hits(ctx))); rb_hash_aset(hash, ID2SYM(rb_intern("cache_misses")), LONG2NUM(SSL_CTX_sess_misses(ctx))); rb_hash_aset(hash, ID2SYM(rb_intern("cache_full")), LONG2NUM(SSL_CTX_sess_cache_full(ctx))); rb_hash_aset(hash, ID2SYM(rb_intern("timeouts")), LONG2NUM(SSL_CTX_sess_timeouts(ctx))); return hash; }
static VALUE ossl_sslctx_session_remove(VALUE self, VALUE arg) { SSL_CTX *ctx; SSL_SESSION *sess; Data_Get_Struct(self, SSL_CTX, ctx); SafeGetSSLSession(arg, sess); return SSL_CTX_remove_session(ctx, sess) == 1 ? Qtrue : Qfalse; }
# File openssl/lib/openssl/ssl.rb, line 37 def set_params(params={}) params = DEFAULT_PARAMS.merge(params) params.each{|name, value| self.__send__("#{name}=", value) } if self.verify_mode != OpenSSL::SSL::VERIFY_NONE unless self.ca_file or self.ca_path or self.cert_store self.cert_store = DEFAULT_CERT_STORE end end return params end
This method is called automatically when a new SSLSocket is created. Normally you do not need to call this method (unless you are writing an extension in C).
static VALUE ossl_sslctx_setup(VALUE self) { SSL_CTX *ctx; X509 *cert = NULL, *client_ca = NULL; X509_STORE *store; EVP_PKEY *key = NULL; char *ca_path = NULL, *ca_file = NULL; int i, verify_mode; VALUE val; if(OBJ_FROZEN(self)) return Qnil; Data_Get_Struct(self, SSL_CTX, ctx); #if !defined(OPENSSL_NO_DH) if (RTEST(ossl_sslctx_get_tmp_dh_cb(self))){ SSL_CTX_set_tmp_dh_callback(ctx, ossl_tmp_dh_callback); } else{ SSL_CTX_set_tmp_dh_callback(ctx, ossl_default_tmp_dh_callback); } #endif SSL_CTX_set_ex_data(ctx, ossl_ssl_ex_ptr_idx, (void*)self); val = ossl_sslctx_get_cert_store(self); if(!NIL_P(val)){ /* * WORKAROUND: * X509_STORE can count references, but * X509_STORE_free() doesn't care it. * So we won't increment it but mark it by ex_data. */ store = GetX509StorePtr(val); /* NO NEED TO DUP */ SSL_CTX_set_cert_store(ctx, store); SSL_CTX_set_ex_data(ctx, ossl_ssl_ex_store_p, (void*)1); } val = ossl_sslctx_get_extra_cert(self); if(!NIL_P(val)){ rb_block_call(val, rb_intern("each"), 0, 0, ossl_sslctx_add_extra_chain_cert_i, self); } /* private key may be bundled in certificate file. */ val = ossl_sslctx_get_cert(self); cert = NIL_P(val) ? NULL : GetX509CertPtr(val); /* NO DUP NEEDED */ val = ossl_sslctx_get_key(self); key = NIL_P(val) ? NULL : GetPKeyPtr(val); /* NO DUP NEEDED */ if (cert && key) { if (!SSL_CTX_use_certificate(ctx, cert)) { /* Adds a ref => Safe to FREE */ ossl_raise(eSSLError, "SSL_CTX_use_certificate:"); } if (!SSL_CTX_use_PrivateKey(ctx, key)) { /* Adds a ref => Safe to FREE */ ossl_raise(eSSLError, "SSL_CTX_use_PrivateKey:"); } if (!SSL_CTX_check_private_key(ctx)) { ossl_raise(eSSLError, "SSL_CTX_check_private_key:"); } } val = ossl_sslctx_get_client_ca(self); if(!NIL_P(val)){ if(TYPE(val) == T_ARRAY){ for(i = 0; i < RARRAY_LEN(val); i++){ client_ca = GetX509CertPtr(RARRAY_PTR(val)[i]); if (!SSL_CTX_add_client_CA(ctx, client_ca)){ /* Copies X509_NAME => FREE it. */ ossl_raise(eSSLError, "SSL_CTX_add_client_CA"); } } } else{ client_ca = GetX509CertPtr(val); /* NO DUP NEEDED. */ if (!SSL_CTX_add_client_CA(ctx, client_ca)){ /* Copies X509_NAME => FREE it. */ ossl_raise(eSSLError, "SSL_CTX_add_client_CA"); } } } val = ossl_sslctx_get_ca_file(self); ca_file = NIL_P(val) ? NULL : StringValuePtr(val); val = ossl_sslctx_get_ca_path(self); ca_path = NIL_P(val) ? NULL : StringValuePtr(val); if(ca_file || ca_path){ if (!SSL_CTX_load_verify_locations(ctx, ca_file, ca_path)) rb_warning("can't set verify locations"); } val = ossl_sslctx_get_verify_mode(self); verify_mode = NIL_P(val) ? SSL_VERIFY_NONE : NUM2INT(val); SSL_CTX_set_verify(ctx, verify_mode, ossl_ssl_verify_callback); if (RTEST(ossl_sslctx_get_client_cert_cb(self))) SSL_CTX_set_client_cert_cb(ctx, ossl_client_cert_cb); val = ossl_sslctx_get_timeout(self); if(!NIL_P(val)) SSL_CTX_set_timeout(ctx, NUM2LONG(val)); val = ossl_sslctx_get_verify_dep(self); if(!NIL_P(val)) SSL_CTX_set_verify_depth(ctx, NUM2LONG(val)); val = ossl_sslctx_get_options(self); if(!NIL_P(val)) SSL_CTX_set_options(ctx, NUM2LONG(val)); rb_obj_freeze(self); val = ossl_sslctx_get_sess_id_ctx(self); if (!NIL_P(val)){ StringValue(val); if (!SSL_CTX_set_session_id_context(ctx, (unsigned char *)RSTRING_PTR(val), RSTRING_LEN(val))){ ossl_raise(eSSLError, "SSL_CTX_set_session_id_context:"); } } if (RTEST(rb_iv_get(self, "@session_get_cb"))) { SSL_CTX_sess_set_get_cb(ctx, ossl_sslctx_session_get_cb); OSSL_Debug("SSL SESSION get callback added"); } if (RTEST(rb_iv_get(self, "@session_new_cb"))) { SSL_CTX_sess_set_new_cb(ctx, ossl_sslctx_session_new_cb); OSSL_Debug("SSL SESSION new callback added"); } if (RTEST(rb_iv_get(self, "@session_remove_cb"))) { SSL_CTX_sess_set_remove_cb(ctx, ossl_sslctx_session_remove_cb); OSSL_Debug("SSL SESSION remove callback added"); } return Qtrue; }
static VALUE ossl_sslctx_set_ssl_version(VALUE self, VALUE ssl_method) { SSL_METHOD *method = NULL; const char *s; int i; SSL_CTX *ctx; if(TYPE(ssl_method) == T_SYMBOL) s = rb_id2name(SYM2ID(ssl_method)); else s = StringValuePtr(ssl_method); for (i = 0; i < numberof(ossl_ssl_method_tab); i++) { if (strcmp(ossl_ssl_method_tab[i].name, s) == 0) { method = ossl_ssl_method_tab[i].func(); break; } } if (!method) { ossl_raise(rb_eArgError, "unknown SSL method `%s'.", s); } Data_Get_Struct(self, SSL_CTX, ctx); if (SSL_CTX_set_ssl_version(ctx, method) != 1) { ossl_raise(eSSLError, "SSL_CTX_set_ssl_version:"); } return ssl_method; }