Class: Aerospike::Socket::SSL

Inherits:

OpenSSL::SSL::SSLSocket

• Object
• OpenSSL::SSL::SSLSocket
• Aerospike::Socket::SSL

Includes:

Base

Defined in:

lib/aerospike/socket/ssl.rb

Constant Summary

SUPPORTED_SSL_PARAMS =

i[ca_file ca_path min_version max_version].freeze

DEFAULT_SSL_PARAMS =

{
  min_version: :TLS1_2
}.freeze

Class Method Summary

• .build_ssl_context(ssl_options) ⇒ Object
• .connect(host, port, timeout, tls_name, ssl_options) ⇒ Object
• .create_context(ssl_options) ⇒ Object
• .filter_params(params) ⇒ Object

Methods included from Base

#close, #connected?, #initialize, #read, #read_from_socket, #timeout=, #write, #write_to_socket

Class Method Details

.build_ssl_context(ssl_options) ⇒ Object

# File 'lib/aerospike/socket/ssl.rb', line 42

def build_ssl_context(ssl_options)
  ssl_options[:context] || create_context(ssl_options)
end

.connect(host, port, timeout, tls_name, ssl_options) ⇒ Object

# File 'lib/aerospike/socket/ssl.rb', line 31

def connect(host, port, timeout, tls_name, ssl_options)
  Aerospike.logger.debug("Connecting to #{host}:#{tls_name}:#{port} using SSL options #{ssl_options}")
  tcp_sock = TCP.connect(host, port, timeout)
  ctx = build_ssl_context(ssl_options)
  new(tcp_sock, ctx).tap do |ssl_sock|
    ssl_sock.hostname = tls_name
    ssl_sock.connect
    ssl_sock.post_connection_check(tls_name)
  end
end

.create_context(ssl_options) ⇒ Object

# File 'lib/aerospike/socket/ssl.rb', line 46

def create_context(ssl_options)
  OpenSSL::SSL::SSLContext.new.tap do |ctx|
    if ssl_options[:cert_file] && ssl_options[:pkey_file]
      cert = OpenSSL::X509::Certificate.new(File.read(ssl_options[:cert_file]))
      pkey = OpenSSL::PKey.read(File.read(ssl_options[:pkey_file]), ssl_options[:pkey_pass])
      if ctx.respond_to?(:add_certificate)
        ctx.add_certificate(cert, pkey)
      else
        ctx.cert = cert
        ctx.key = pkey
      end
    end

    params = DEFAULT_SSL_PARAMS.merge(filter_params(ssl_options))
    ctx.set_params(params) unless params.empty?
  end
end

.filter_params(params) ⇒ Object

# File 'lib/aerospike/socket/ssl.rb', line 64

def filter_params(params)
  params.select { |key| SUPPORTED_SSL_PARAMS.include?(key) }
end