Class: DRb::DRbSSLSocket::SSLConfig
- Inherits:
-
Object
- Object
- DRb::DRbSSLSocket::SSLConfig
- Defined in:
- lib/drb/ssl.rb
Constant Summary collapse
- DEFAULT =
{ :SSLCertificate => nil, :SSLPrivateKey => nil, :SSLClientCA => nil, :SSLCACertificatePath => nil, :SSLCACertificateFile => nil, :SSLVerifyMode => ::OpenSSL::SSL::VERIFY_NONE, :SSLVerifyDepth => nil, :SSLVerifyCallback => nil, # custom verification :SSLCertificateStore => nil, # Must specify if you use auto generated certificate. :SSLCertName => nil, # e.g. [["CN","fqdn.example.com"]] :SSLCertComment => "Generated by Ruby/OpenSSL" }
Instance Method Summary collapse
- #[](key) ⇒ Object
- #accept(tcp) ⇒ Object
- #connect(tcp) ⇒ Object
-
#initialize(config) ⇒ SSLConfig
constructor
A new instance of SSLConfig.
- #setup_certificate ⇒ Object
- #setup_ssl_context ⇒ Object
Constructor Details
#initialize(config) ⇒ SSLConfig
Returns a new instance of SSLConfig.
27 28 29 30 31 32 |
# File 'lib/drb/ssl.rb', line 27 def initialize(config) @config = config @cert = config[:SSLCertificate] @pkey = config[:SSLPrivateKey] @ssl_ctx = nil end |
Instance Method Details
#[](key) ⇒ Object
34 35 36 |
# File 'lib/drb/ssl.rb', line 34 def [](key); @config[key] || DEFAULT[key] end |
#accept(tcp) ⇒ Object
45 46 47 48 49 50 |
# File 'lib/drb/ssl.rb', line 45 def accept(tcp) ssl = OpenSSL::SSL::SSLSocket.new(tcp, @ssl_ctx) ssl.sync = true ssl.accept ssl end |
#connect(tcp) ⇒ Object
38 39 40 41 42 43 |
# File 'lib/drb/ssl.rb', line 38 def connect(tcp) ssl = ::OpenSSL::SSL::SSLSocket.new(tcp, @ssl_ctx) ssl.sync = true ssl.connect ssl end |
#setup_certificate ⇒ Object
52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 |
# File 'lib/drb/ssl.rb', line 52 def setup_certificate if @cert && @pkey return end rsa = OpenSSL::PKey::RSA.new(512){|p, n| next unless self[:verbose] case p when 0; $stderr.putc "." # BN_generate_prime when 1; $stderr.putc "+" # BN_generate_prime when 2; $stderr.putc "*" # searching good prime, # n = #of try, # but also data from BN_generate_prime when 3; $stderr.putc "\n" # found good prime, n==0 - p, n==1 - q, # but also data from BN_generate_prime else; $stderr.putc "*" # BN_generate_prime end } cert = OpenSSL::X509::Certificate.new cert.version = 3 cert.serial = 0 name = OpenSSL::X509::Name.new(self[:SSLCertName]) cert.subject = name cert.issuer = name cert.not_before = Time.now cert.not_after = Time.now + (365*24*60*60) cert.public_key = rsa.public_key ef = OpenSSL::X509::ExtensionFactory.new(nil,cert) cert.extensions = [ ef.create_extension("basicConstraints","CA:FALSE"), ef.create_extension("subjectKeyIdentifier", "hash") ] ef.issuer_certificate = cert cert.add_extension(ef.create_extension("authorityKeyIdentifier", "keyid:always,issuer:always")) if comment = self[:SSLCertComment] cert.add_extension(ef.create_extension("nsComment", comment)) end cert.sign(rsa, OpenSSL::Digest::SHA1.new) @cert = cert @pkey = rsa end |
#setup_ssl_context ⇒ Object
97 98 99 100 101 102 103 104 105 106 107 108 109 |
# File 'lib/drb/ssl.rb', line 97 def setup_ssl_context ctx = ::OpenSSL::SSL::SSLContext.new ctx.cert = @cert ctx.key = @pkey ctx.client_ca = self[:SSLClientCA] ctx.ca_path = self[:SSLCACertificatePath] ctx.ca_file = self[:SSLCACertificateFile] ctx.verify_mode = self[:SSLVerifyMode] ctx.verify_depth = self[:SSLVerifyDepth] ctx.verify_callback = self[:SSLVerifyCallback] ctx.cert_store = self[:SSLCertificateStore] @ssl_ctx = ctx end |