class OpenSSL::SSL::SSLContext::SSLSocket

Public Class Methods

new(io, ctx = nil) click to toggle source
# File ext/openssl/lib/openssl/ssl.rb, line 254
def initialize(io, ctx = nil); raise NotImplementedError; end

Public Instance Methods

client_cert_cb() click to toggle source
# File ext/openssl/lib/openssl/ssl.rb, line 337
def client_cert_cb
  @context.client_cert_cb
end
post_connection_check(hostname) click to toggle source

Perform hostname verification after an SSL connection is established

This method MUST be called after calling connect to ensure that the hostname of a remote peer has been verified.

# File ext/openssl/lib/openssl/ssl.rb, line 308
def post_connection_check(hostname)
  if peer_cert.nil?
    msg = "Peer verification enabled, but no certificate received."
    if using_anon_cipher?
      msg += " Anonymous cipher suite #{cipher[0]} was negotiated. Anonymous suites must be disabled to use peer verification."
    end
    raise SSLError, msg
  end

  unless OpenSSL::SSL.verify_certificate_identity(peer_cert, hostname)
    raise SSLError, "hostname \"#{hostname}\" does not match the server certificate"
  end
  return true
end
session() click to toggle source
# File ext/openssl/lib/openssl/ssl.rb, line 323
def session
  SSL::Session.new(self)
rescue SSL::Session::SessionError
  nil
end
session_get_cb() click to toggle source
# File ext/openssl/lib/openssl/ssl.rb, line 353
def session_get_cb
  @context.session_get_cb
end
session_new_cb() click to toggle source
# File ext/openssl/lib/openssl/ssl.rb, line 349
def session_new_cb
  @context.session_new_cb
end
sysclose → nil click to toggle source

Sends “close notify” to the peer and tries to shut down the SSL connection gracefully.

If sync_close is set to true, the underlying IO is also closed.

# File ext/openssl/lib/openssl/ssl.rb, line 297
  def sysclose
    return if closed?
    stop
    io.close if sync_close
  end

  ##
  # Perform hostname verification after an SSL connection is established
  #
  # This method MUST be called after calling #connect to ensure that the
  # hostname of a remote peer has been verified.
  def post_connection_check(hostname)
    if peer_cert.nil?
      msg = "Peer verification enabled, but no certificate received."
      if using_anon_cipher?
        msg += " Anonymous cipher suite #{cipher[0]} was negotiated. Anonymous suites must be disabled to use peer verification."
      end
      raise SSLError, msg
    end

    unless OpenSSL::SSL.verify_certificate_identity(peer_cert, hostname)
      raise SSLError, "hostname \"#{hostname}\" does not match the server certificate"
    end
    return true
  end

  def session
    SSL::Session.new(self)
  rescue SSL::Session::SessionError
    nil
  end

  private

  def using_anon_cipher?
    ctx = OpenSSL::SSL::SSLContext.new
    ctx.ciphers = "aNULL"
    ctx.ciphers.include?(cipher)
  end

  def client_cert_cb
    @context.client_cert_cb
  end

  def tmp_dh_callback
    @context.tmp_dh_callback || OpenSSL::PKey::DEFAULT_TMP_DH_CALLBACK
  end

  def tmp_ecdh_callback
    @context.tmp_ecdh_callback
  end

  def session_new_cb
    @context.session_new_cb
  end

  def session_get_cb
    @context.session_get_cb
  end
end
tmp_dh_callback() click to toggle source
# File ext/openssl/lib/openssl/ssl.rb, line 341
def tmp_dh_callback
  @context.tmp_dh_callback || OpenSSL::PKey::DEFAULT_TMP_DH_CALLBACK
end
tmp_ecdh_callback() click to toggle source
# File ext/openssl/lib/openssl/ssl.rb, line 345
def tmp_ecdh_callback
  @context.tmp_ecdh_callback
end
using_anon_cipher?() click to toggle source
# File ext/openssl/lib/openssl/ssl.rb, line 331
def using_anon_cipher?
  ctx = OpenSSL::SSL::SSLContext.new
  ctx.ciphers = "aNULL"
  ctx.ciphers.include?(cipher)
end