Class: OpenSSL::SSL::SSLContext

Inherits:

Object

Object
OpenSSL::SSL::SSLContext

show all

Defined in:: lib/extensions/openssl/openssl/ssl.rb

Constant Summary collapse

DEFAULT_PARAMS = :nodoc:

{ # :nodoc:
  :ssl_version => "SSLv23",
  :verify_mode => OpenSSL::SSL::VERIFY_PEER,
  :verify_hostname => true,
  :options => -> {
    opts = OpenSSL::SSL::OP_ALL
    opts &= ~OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS
    opts |= OpenSSL::SSL::OP_NO_COMPRESSION if defined?(OpenSSL::SSL::OP_NO_COMPRESSION)
    opts |= OpenSSL::SSL::OP_NO_SSLv2 | OpenSSL::SSL::OP_NO_SSLv3
    opts
  }.call
}

DEFAULT_CERT_STORE = :nodoc:

OpenSSL::X509::Store.new

Instance Attribute Summary collapse

#servername_cb ⇒ Object

A callback invoked at connect time to distinguish between multiple server names.
#tmp_dh_callback ⇒ Object

A callback invoked when DH parameters are required.

Instance Method Summary collapse

#initialize(version = nil) ⇒ SSLContext constructor

call-seq: SSLContext.new => ctx SSLContext.new(:TLSv1) => ctx SSLContext.new(“SSLv23_client”) => ctx.
#set_params(params = {}) ⇒ Object

call-seq: ctx.set_params(params = {}) -> params.

Constructor Details

#initialize(version = nil) ⇒ `SSLContext`

call-seq:

SSLContext.new => ctx
SSLContext.new(:TLSv1) => ctx
SSLContext.new("SSLv23_client") => ctx

You can get a list of valid methods with OpenSSL::SSL::SSLContext::METHODS

# File 'lib/extensions/openssl/openssl/ssl.rb', line 98

def initialize(version = nil)
  self.options |= OpenSSL::SSL::OP_ALL
  self.ssl_version = version if version
end

Instance Attribute Details

#servername_cb ⇒ `Object`

A callback invoked at connect time to distinguish between multiple server names.

The callback is invoked with an SSLSocket and a server name. The callback must return an SSLContext for the server name or nil.



90
91
92

# File 'lib/extensions/openssl/openssl/ssl.rb', line 90

def servername_cb
  @servername_cb
end

#tmp_dh_callback ⇒ `Object`

A callback invoked when DH parameters are required.

The callback is invoked with the Session for the key exchange, an flag indicating the use of an export cipher and the keylength required.

The callback must return an OpenSSL::PKey::DH instance of the correct key length.



83
84
85

# File 'lib/extensions/openssl/openssl/ssl.rb', line 83

def tmp_dh_callback
  @tmp_dh_callback
end

Instance Method Details

#set_params(params = {}) ⇒ `Object`

call-seq:

ctx.set_params(params = {}) -> params

Sets saner defaults optimized for the use with HTTP-like protocols.

If a Hash params is given, the parameters are overridden with it. The keys in params must be assignment methods on SSLContext.

If the verify_mode is not VERIFY_NONE and ca_file, ca_path and cert_store are not set then the system default certificate store is used.

# File 'lib/extensions/openssl/openssl/ssl.rb', line 115

def set_params(params={})
  params = DEFAULT_PARAMS.merge(params)
  params.each{|name, value| self.__send__("#{name}=", value) }
  if self.verify_mode != OpenSSL::SSL::VERIFY_NONE
    unless self.ca_file or self.ca_path or self.cert_store
      self.cert_store = DEFAULT_CERT_STORE
    end
  end
  return params
end