Use SSLContext to set up the parameters for a TLS (former SSL) connection. Both client and server TLS connections are supported, SSLSocket and SSLServer may be used in conjunction with an instance of SSLContext to set up connections.
Deprecated in OpenSSL 1.0.1k and 1.0.2.
Deprecated in OpenSSL 1.1.0.
Deprecated in OpenSSL 1.1.0.
Deprecated in OpenSSL 0.9.7h and 0.9.8b.
Deprecated in OpenSSL 1.1.0.
Deprecated in OpenSSL 1.1.0.
Deprecated in OpenSSL 1.1.0.
Deprecated in OpenSSL 0.9.8q and 1.0.0c.
Deprecated in OpenSSL 1.1.0.
Deprecated in OpenSSL 1.0.1.
Deprecated in OpenSSL 1.0.1.
Deprecated in OpenSSL 1.1.0.
Deprecated in OpenSSL 1.1.0.
Deprecated in OpenSSL 1.1.0.
Deprecated in OpenSSL 1.0.1h and 1.0.2.
Deprecated in OpenSSL 1.1.0.
Deprecated in OpenSSL 1.1.0.
SSL 2.0
SSL 3.0
TLS 1.1
TLS 1.2
TLS 1.3
TLS 1.0
# File openssl/lib/openssl/ssl.rb, line 272 def verify_certificate_identity(cert, hostname) should_verify_common_name = true cert.extensions.each{|ext| next if ext.oid != "subjectAltName" ostr = OpenSSL::ASN1.decode(ext.to_der).value.last sequence = OpenSSL::ASN1.decode(ostr.value) sequence.value.each{|san| case san.tag when 2 # dNSName in GeneralName (RFC5280) should_verify_common_name = false return true if verify_hostname(hostname, san.value) when 7 # iPAddress in GeneralName (RFC5280) should_verify_common_name = false if san.value.size == 4 || san.value.size == 16 begin return true if san.value == IPAddr.new(hostname).hton rescue IPAddr::InvalidAddressError end end end } } if should_verify_common_name cert.subject.to_a.each{|oid, value| if oid == "CN" return true if verify_hostname(hostname, value) end } end return false end