Method: EventMachine::Connection#start_tls

Defined in:
lib/em/connection.rb

#start_tls(args = {}) ⇒ Object

TODO:

support passing an encryption parameter, which can be string or Proc, to get a passphrase

TODO:

support passing key material via raw strings or Procs that return strings instead of

Call #start_tls at any point to initiate TLS encryption on connected streams. The method is smart enough to know whether it should perform a server-side or a client-side handshake. An appropriate place to call #start_tls is in your redefined #post_init method, or in the #connection_completed handler for an outbound connection.

for encrypted private keys. just filenames.

Examples:

Using TLS with EventMachine


require 'rubygems'
require 'eventmachine'

module Handler
  def post_init
    start_tls(:private_key_file => '/tmp/server.key', :cert_chain_file => '/tmp/server.crt', :verify_peer => false)
  end
end

 EventMachine.run do
  EventMachine.start_server("127.0.0.1", 9999, Handler)
end

Parameters:

  • args (Hash) (defaults to: {})

Options Hash (args):

  • :cert_chain_file (String) — default: nil

    local path of a readable file that contants a chain of X509 certificates in the PEM format, with the most-resolved certificate at the top of the file, successive intermediate certs in the middle, and the root (or CA) cert at the bottom.

  • :private_key_file (String) — default: nil

    local path of a readable file that must contain a private key in the PEM format.

  • :verify_peer (String) — default: false

    indicates whether a server should request a certificate from a peer, to be verified by user code. If true, the #ssl_verify_peer callback on the EventMachine::Connection object is called with each certificate in the certificate chain provided by the peer. See documentation on #ssl_verify_peer for how to use this.

See Also:



406
407
408
409
410
411
412
413
414
415
416
417
 
# File 'lib/em/connection.rb', line 406

def start_tls args={}
  priv_key, cert_chain, verify_peer = args.values_at(:private_key_file, :cert_chain_file, :verify_peer)

  [priv_key, cert_chain].each do |file|
    next if file.nil? or file.empty?
    raise FileNotFoundException,
    "Could not find #{file} for start_tls" unless File.exists? file
  end

  EventMachine::set_tls_parms(@signature, priv_key || '', cert_chain || '', verify_peer)
  EventMachine::start_tls @signature
end