Class: Aerospike::Socket::SSL

Inherits:
OpenSSL::SSL::SSLSocket
  • Object
show all
Includes:
Base
Defined in:
lib/aerospike/socket/ssl.rb

Constant Summary collapse

SUPPORTED_TLS_PARAMS = 
%i[ca_file ca_path min_version max_version].freeze
DEFAULT_TLS_PARAMS = 
{
  min_version: :TLS1_2
}.freeze

Class Method Summary collapse

Methods included from Base

#alive?, #close, #connected?, #initialize, #read, #read_from_socket, #timeout=, #write, #write_to_socket

Class Method Details

.build_ssl_context(tls_options) ⇒ Object 



44
45
46
 
# File 'lib/aerospike/socket/ssl.rb', line 44

def build_ssl_context(tls_options)
  tls_options[:context] || create_context(tls_options)
end

.connect(host, port, timeout, tls_name, tls_options) ⇒ Object 



33
34
35
36
37
38
39
40
41
42
 
# File 'lib/aerospike/socket/ssl.rb', line 33

def connect(host, port, timeout, tls_name, tls_options)
  Aerospike.logger.debug("Connecting to #{host}:#{tls_name}:#{port} using TLS options #{tls_options}")
  tcp_sock = TCP.connect(host, port, timeout)
  ctx = build_ssl_context(tls_options)
  new(tcp_sock, ctx).tap do |ssl_sock|
    ssl_sock.hostname = tls_name
    ssl_sock.connect
    ssl_sock.post_connection_check(tls_name)
  end
end

.create_context(tls_options) ⇒ Object 



48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
 
# File 'lib/aerospike/socket/ssl.rb', line 48

def create_context(tls_options)
  OpenSSL::SSL::SSLContext.new.tap do |ctx|
    if tls_options[:cert_file] && tls_options[:pkey_file]
      cert = OpenSSL::X509::Certificate.new(File.read(tls_options[:cert_file]))
      pkey = OpenSSL::PKey.read(File.read(tls_options[:pkey_file]), tls_options[:pkey_pass])
      if ctx.respond_to?(:add_certificate)
        ctx.add_certificate(cert, pkey)
      else
        ctx.cert = cert
        ctx.key = pkey
      end
    end

    params = DEFAULT_TLS_PARAMS.merge(filter_params(tls_options))
    ctx.set_params(params) unless params.empty?
  end
end

.filter_params(params) ⇒ Object 



66
67
68
 
# File 'lib/aerospike/socket/ssl.rb', line 66

def filter_params(params)
  params.select { |key| SUPPORTED_TLS_PARAMS.include?(key) }
end