Class: RubyTls::SSL::Context
- Inherits:
-
Object
- Object
- RubyTls::SSL::Context
- Defined in:
- lib/ruby-tls/ssl.rb
Constant Summary collapse
- CIPHERS =
'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES128-SHA:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!CAMELLIA:@STRENGTH'.freeze
- SESSION =
'ruby-tls'.freeze
- ALPN_LOOKUP =
ThreadSafe::Cache.new
- ALPN_Select_CB =
FFI::Function.new(:int, [ # array of str, unit8 out,uint8 in, *arg :pointer, :pointer, :pointer, :string, :uint, :pointer ]) do |ssl_p, out, outlen, inp, inlen, arg| ssl = Box::InstanceLookup[ssl_p.address] return SSL::SSL_TLSEXT_ERR_ALERT_FATAL unless ssl protos = ssl.context.alpn_str status = SSL.SSL_select_next_proto(out, outlen, protos, protos.length, inp, inlen) ssl.negotiated case status when SSL::OPENSSL_NPN_UNSUPPORTED SSL::SSL_TLSEXT_ERR_ALERT_FATAL when SSL::OPENSSL_NPN_NEGOTIATED SSL::SSL_TLSEXT_ERR_OK when SSL::OPENSSL_NPN_NO_OVERLAP SSL::SSL_TLSEXT_ERR_ALERT_WARNING end end
Instance Attribute Summary collapse
-
#alpn_set ⇒ Object
readonly
Returns the value of attribute alpn_set.
-
#alpn_str ⇒ Object
readonly
Returns the value of attribute alpn_str.
-
#is_server ⇒ Object
readonly
Returns the value of attribute is_server.
-
#ssl_ctx ⇒ Object
readonly
Returns the value of attribute ssl_ctx.
Instance Method Summary collapse
- #cleanup ⇒ Object
-
#initialize(server, options = {}) ⇒ Context
constructor
A new instance of Context.
Constructor Details
#initialize(server, options = {}) ⇒ Context
Returns a new instance of Context.
315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 |
# File 'lib/ruby-tls/ssl.rb', line 315 def initialize(server, = {}) @is_server = server @ssl_ctx = SSL.SSL_CTX_new(server ? SSL.SSLv23_server_method : SSL.SSLv23_client_method) SSL.SSL_CTX_set_options(@ssl_ctx, SSL::SSL_OP_ALL) SSL.SSL_CTX_set_mode(@ssl_ctx, SSL::SSL_MODE_RELEASE_BUFFERS) if @is_server set_private_key([:private_key] || SSL::DEFAULT_PRIVATE) set_certificate([:cert_chain] || SSL::DEFAULT_CERT) end SSL.SSL_CTX_set_cipher_list(@ssl_ctx, [:ciphers] || CIPHERS) @alpn_set = false if @is_server SSL.SSL_CTX_sess_set_cache_size(@ssl_ctx, 128) SSL.SSL_CTX_set_session_id_context(@ssl_ctx, SESSION, 8) if SSL::ALPN_SUPPORTED && [:protocols] @alpn_str = Context.build_alpn_string([:protocols]) SSL.SSL_CTX_set_alpn_select_cb(@ssl_ctx, ALPN_Select_CB, nil) @alpn_set = true end else set_private_key([:private_key]) set_certificate([:cert_chain]) # Check for ALPN support if SSL::ALPN_SUPPORTED && [:protocols] protocols = Context.build_alpn_string([:protocols]) @alpn_set = SSL.SSL_CTX_set_alpn_protos(@ssl_ctx, protocols, protocols.length) == 0 end end end |
Instance Attribute Details
#alpn_set ⇒ Object (readonly)
Returns the value of attribute alpn_set.
359 360 361 |
# File 'lib/ruby-tls/ssl.rb', line 359 def alpn_set @alpn_set end |
#alpn_str ⇒ Object (readonly)
Returns the value of attribute alpn_str.
360 361 362 |
# File 'lib/ruby-tls/ssl.rb', line 360 def alpn_str @alpn_str end |
#is_server ⇒ Object (readonly)
Returns the value of attribute is_server.
357 358 359 |
# File 'lib/ruby-tls/ssl.rb', line 357 def is_server @is_server end |
#ssl_ctx ⇒ Object (readonly)
Returns the value of attribute ssl_ctx.
358 359 360 |
# File 'lib/ruby-tls/ssl.rb', line 358 def ssl_ctx @ssl_ctx end |
Instance Method Details
#cleanup ⇒ Object
350 351 352 353 354 355 |
# File 'lib/ruby-tls/ssl.rb', line 350 def cleanup if @ssl_ctx SSL.SSL_CTX_free(@ssl_ctx) @ssl_ctx = nil end end |