Class: Faye::WebSocket::SslVerifier

Inherits:

Object

• Object
• Faye::WebSocket::SslVerifier

Defined in:

lib/faye/websocket/ssl_verifier.rb

Instance Method Summary

• #initialize(hostname, ssl_opts) ⇒ SslVerifier constructor

  A new instance of SslVerifier.

• #ssl_handshake_completed ⇒ Object
• #ssl_verify_peer(cert_text) ⇒ Object

Constructor Details

#initialize(hostname, ssl_opts) ⇒ SslVerifier

Returns a new instance of SslVerifier.

# File 'lib/faye/websocket/ssl_verifier.rb', line 29

def initialize(hostname, ssl_opts)
  @hostname   = hostname
  @ssl_opts   = ssl_opts
  @cert_store = OpenSSL::X509::Store.new

  if root = @ssl_opts[:root_cert_file]
    [root].flatten.each { |ca_path| @cert_store.add_file(ca_path) }
  else
    @cert_store.set_default_paths
  end
end

Instance Method Details

#ssl_handshake_completed ⇒ Object

# File 'lib/faye/websocket/ssl_verifier.rb', line 56

def ssl_handshake_completed
  return unless should_verify?

  unless @last_cert_verified
    raise SSLError, "Unable to verify the server certificate for '#{ @hostname }'"
  end

  unless identity_verified?
    raise SSLError, "Host '#{ @hostname }' does not match the server certificate"
  end
end

#ssl_verify_peer(cert_text) ⇒ Object

# File 'lib/faye/websocket/ssl_verifier.rb', line 41

def ssl_verify_peer(cert_text)
  return true unless should_verify?

  certificate = parse_cert(cert_text)
  unless certificate
    raise SSLError, "Unable to parse SSL certificate for '#{ @hostname }'"
  end

  @last_cert = certificate
  @last_cert_verified = @cert_store.verify(certificate)
  store_cert(certificate) if @last_cert_verified

  true
end