Class: OpenSSL::SSL::SSLSocket

Inherits:

Object

• Object
• OpenSSL::SSL::SSLSocket

Includes:

Buffering, Nonblock, SocketForwarder

Defined in:

lib/openssl/ssl.rb,
lib/openssl/dummyssl.rb

Constant Summary

Constants included from Buffering

Buffering::BLOCK_SIZE

Instance Attribute Summary

Attributes included from Buffering

#sync

Instance Method Summary

• #post_connection_check(hostname) ⇒ Object

Methods included from Nonblock

#initialize

Methods included from SocketForwarder

#addr, #closed?, #do_not_reverse_lookup=, #fcntl, #getsockopt, #peeraddr, #setsockopt

Methods included from Buffering

#<<, #close, #each, #each_byte, #eof?, #flush, #getc, #gets, #initialize, #print, #printf, #puts, #read, #readchar, #readline, #readlines, #readpartial, #ungetc, #write

Instance Method Details

#post_connection_check(hostname) ⇒ Object

Raises:

• (SSLError)

# File 'lib/openssl/ssl.rb', line 67

def post_connection_check(hostname)
  check_common_name = true
  cert = peer_cert
  cert.extensions.each{|ext|
    next if ext.oid != "subjectAltName"
    ext.value.split(/,\s+/).each{|general_name|
      if /\ADNS:(.*)/ =~ general_name
        check_common_name = false
        reg = Regexp.escape($1).gsub(/\\\*/, "[^.]+")
        return true if /\A#{reg}\z/i =~ hostname
      elsif /\AIP Address:(.*)/ =~ general_name
        check_common_name = false
        return true if $1 == hostname
      end
    }
  }
  if check_common_name
    cert.subject.to_a.each{|oid, value|
      if oid == "CN"
        reg = Regexp.escape(value).gsub(/\\\*/, "[^.]+")
        return true if /\A#{reg}\z/i =~ hostname
      end
    }
  end
  raise SSLError, "hostname not match"
end