Class: OpenSSL::SSL::SSLContext
- Inherits:
-
Object
- Object
- OpenSSL::SSL::SSLContext
- Defined in:
- lib/openssl/ssl.rb
Constant Summary collapse
- DEFAULT_PARAMS =
:nodoc:
{ # :nodoc: :min_version => OpenSSL::SSL::TLS1_VERSION, :verify_mode => OpenSSL::SSL::VERIFY_PEER, :verify_hostname => nil, # TODO => true needs JRuby support to call verify_certificate_identity :options => OpenSSL::SSL::OP_ALL | OpenSSL::SSL::OP_NO_COMPRESSION }
- DEFAULT_TMP_DH_CALLBACK =
:nodoc:
lambda { |ctx, is_export, keylen| # :nodoc: warn "using default DH parameters." if $VERBOSE DEFAULT_2048 }
- DEFAULT_CERT_STORE =
:nodoc:
OpenSSL::X509::Store.new
Instance Attribute Summary collapse
-
#servername_cb ⇒ Object
A callback invoked at connect time to distinguish between multiple server names.
-
#tmp_dh_callback ⇒ Object
A callback invoked when DH parameters are required.
Instance Method Summary collapse
-
#max_version=(version) ⇒ Object
call-seq: ctx.max_version = OpenSSL::SSL::TLS1_2_VERSION ctx.max_version = :TLS1_2 ctx.max_version = nil.
-
#min_version=(version) ⇒ Object
call-seq: ctx.min_version = OpenSSL::SSL::TLS1_2_VERSION ctx.min_version = :TLS1_2 ctx.min_version = nil.
-
#set_params(params = {}) ⇒ Object
call-seq: ctx.set_params(params = {}) -> params.
Instance Attribute Details
#servername_cb ⇒ Object
A callback invoked at connect time to distinguish between multiple server names.
The callback is invoked with an SSLSocket and a server name. The callback must return an SSLContext for the server name or nil.
105 106 107 |
# File 'lib/openssl/ssl.rb', line 105 def servername_cb @servername_cb end |
#tmp_dh_callback ⇒ Object
A callback invoked when DH parameters are required.
The callback is invoked with the Session for the key exchange, an flag indicating the use of an export cipher and the keylength required.
The callback must return an OpenSSL::PKey::DH instance of the correct key length.
98 99 100 |
# File 'lib/openssl/ssl.rb', line 98 def tmp_dh_callback @tmp_dh_callback end |
Instance Method Details
#max_version=(version) ⇒ Object
178 179 180 181 |
# File 'lib/openssl/ssl.rb', line 178 def max_version=(version) set_minmax_proto_version(@min_proto_version ||= nil, version) @max_proto_version = version end |
#min_version=(version) ⇒ Object
call-seq:
ctx.min_version = OpenSSL::SSL::TLS1_2_VERSION
ctx.min_version = :TLS1_2
ctx.min_version = nil
Sets the lower bound on the supported SSL/TLS protocol version. The version may be specified by an integer constant named OpenSSL::SSL::*_VERSION, a Symbol, or nil
which means “any version”.
Be careful that you don’t overwrite OpenSSL::SSL::OP_NO_SSL,TLSv* options by #options= once you have called #min_version= or #max_version=.
Example
ctx = OpenSSL::SSL::SSLContext.new
ctx.min_version = OpenSSL::SSL::TLS1_1_VERSION
ctx.max_version = OpenSSL::SSL::TLS1_2_VERSION
sock = OpenSSL::SSL::SSLSocket.new(tcp_sock, ctx)
sock.connect # Initiates a connection using either TLS 1.1 or TLS 1.2
166 167 168 169 |
# File 'lib/openssl/ssl.rb', line 166 def min_version=(version) set_minmax_proto_version(version, @max_proto_version ||= nil) @min_proto_version = version end |
#set_params(params = {}) ⇒ Object
call-seq:
ctx.set_params(params = {}) -> params
Sets saner defaults optimized for the use with HTTP-like protocols.
If a Hash params is given, the parameters are overridden with it. The keys in params must be assignment methods on SSLContext.
If the verify_mode is not VERIFY_NONE and ca_file, ca_path and cert_store are not set then the system default certificate store is used.
134 135 136 137 138 139 140 141 142 143 144 |
# File 'lib/openssl/ssl.rb', line 134 def set_params(params={}) params = DEFAULT_PARAMS.merge(params) self. = params.delete(:options) # set before min_version/max_version params.each{|name, value| self.__send__("#{name}=", value) } if self.verify_mode != OpenSSL::SSL::VERIFY_NONE unless self.ca_file or self.ca_path or self.cert_store self.cert_store = DEFAULT_CERT_STORE end end return params end |