Use SSLContext
to set up the parameters for a TLS (former SSL
) connection. Both client and server TLS connections are supported, SSLSocket
and SSLServer
may be used in conjunction with an instance of SSLContext
to set up connections.
Deprecated in OpenSSL
1.0.1k and 1.0.2.
Deprecated in OpenSSL
1.1.0.
Deprecated in OpenSSL
1.1.0.
Deprecated in OpenSSL
0.9.7h and 0.9.8b.
Deprecated in OpenSSL
1.1.0.
Deprecated in OpenSSL
1.1.0.
Deprecated in OpenSSL
1.1.0.
Deprecated in OpenSSL
0.9.8q and 1.0.0c.
Deprecated in OpenSSL
1.1.0.
Deprecated in OpenSSL
1.0.1.
Deprecated in OpenSSL
1.0.1.
Deprecated in OpenSSL
1.1.0.
Deprecated in OpenSSL
1.1.0.
Deprecated in OpenSSL
1.1.0.
Deprecated in OpenSSL
1.0.1h and 1.0.2.
Deprecated in OpenSSL
1.1.0.
Deprecated in OpenSSL
1.1.0.
SSL
2.0
SSL
3.0
TLS 1.1
TLS 1.2
TLS 1.3
TLS 1.0
# File ruby-3.1.2/ext/openssl/lib/openssl/ssl.rb, line 273 def verify_certificate_identity(cert, hostname) should_verify_common_name = true cert.extensions.each{|ext| next if ext.oid != "subjectAltName" ostr = OpenSSL::ASN1.decode(ext.to_der).value.last sequence = OpenSSL::ASN1.decode(ostr.value) sequence.value.each{|san| case san.tag when 2 # dNSName in GeneralName (RFC5280) should_verify_common_name = false return true if verify_hostname(hostname, san.value) when 7 # iPAddress in GeneralName (RFC5280) should_verify_common_name = false if san.value.size == 4 || san.value.size == 16 begin return true if san.value == IPAddr.new(hostname).hton rescue IPAddr::InvalidAddressError end end end } } if should_verify_common_name cert.subject.to_a.each{|oid, value| if oid == "CN" return true if verify_hostname(hostname, value) end } end return false end
# File ruby-3.1.2/ext/openssl/lib/openssl/ssl.rb, line 273 def verify_certificate_identity(cert, hostname) should_verify_common_name = true cert.extensions.each{|ext| next if ext.oid != "subjectAltName" ostr = OpenSSL::ASN1.decode(ext.to_der).value.last sequence = OpenSSL::ASN1.decode(ostr.value) sequence.value.each{|san| case san.tag when 2 # dNSName in GeneralName (RFC5280) should_verify_common_name = false return true if verify_hostname(hostname, san.value) when 7 # iPAddress in GeneralName (RFC5280) should_verify_common_name = false if san.value.size == 4 || san.value.size == 16 begin return true if san.value == IPAddr.new(hostname).hton rescue IPAddr::InvalidAddressError end end end } } if should_verify_common_name cert.subject.to_a.each{|oid, value| if oid == "CN" return true if verify_hostname(hostname, value) end } end return false end