Class: HTTPX::SSL

Inherits:

TCP

• Object
• TCP
• HTTPX::SSL

Defined in:

lib/httpx/io/ssl.rb

Direct Known Subclasses

ProxySSL

Constant Summary

TLS_OPTIONS =

if OpenSSL::SSL::SSLContext.instance_methods.include?(:alpn_protocols)
  { alpn_protocols: %w[h2 http/1.1].freeze }.freeze
else
  {}.freeze
end

Constants included from Loggable

Loggable::COLORS

Instance Attribute Summary

Attributes inherited from TCP

#addresses, #interests, #ip, #port, #state

Instance Method Summary

• #can_verify_peer? ⇒ Boolean
• #close ⇒ Object
• #connect ⇒ Object
• #connected? ⇒ Boolean
• #initialize(_, _, options) ⇒ SSL constructor

  A new instance of SSL.

• #protocol ⇒ Object
• #read(size, buffer) ⇒ Object
• #try_ssl_connect ⇒ Object

  :nocov:.

• #verify_hostname(host) ⇒ Object
• #write ⇒ Object

Methods inherited from TCP

#add_addresses, #closed?, #inspect, #socket, #to_io

Methods included from Loggable

#log, #log_exception

Constructor Details

#initialize(_, _, options) ⇒ SSL

Returns a new instance of SSL.

# File 'lib/httpx/io/ssl.rb', line 18

def initialize(_, _, options)
  super
  @ctx = OpenSSL::SSL::SSLContext.new
  ctx_options = TLS_OPTIONS.merge(options.ssl)
  @sni_hostname = ctx_options.delete(:hostname) || @hostname
  @ctx.set_params(ctx_options) unless ctx_options.empty?
  @state = :negotiated if @keep_open

  @hostname_is_ip = IPRegex.match?(@sni_hostname)
end

Instance Method Details

#can_verify_peer? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/httpx/io/ssl.rb', line 35

def can_verify_peer?
  @ctx.verify_mode == OpenSSL::SSL::VERIFY_PEER
end

#close ⇒ Object

# File 'lib/httpx/io/ssl.rb', line 46

def close
  super
  # allow reconnections
  # connect only works if initial @io is a socket
  @io = @io.io if @io.respond_to?(:io)
end

#connect ⇒ Object

# File 'lib/httpx/io/ssl.rb', line 57

def connect
  super
  return if @state == :negotiated ||
            @state != :connected

  unless @io.is_a?(OpenSSL::SSL::SSLSocket)
    @io = OpenSSL::SSL::SSLSocket.new(@io, @ctx)
    @io.hostname = @sni_hostname unless @hostname_is_ip
    @io.sync_close = true
  end
  try_ssl_connect
end

#connected? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/httpx/io/ssl.rb', line 53

def connected?
  @state == :negotiated
end

#protocol ⇒ Object

# File 'lib/httpx/io/ssl.rb', line 29

def protocol
  @io.alpn_protocol || super
rescue StandardError
  super
end

#read(size, buffer) ⇒ Object

# File 'lib/httpx/io/ssl.rb', line 83

def read(_, buffer)
  super
rescue ::IO::WaitWritable
  buffer.clear
  0
end

#try_ssl_connect ⇒ Object

:nocov:

# File 'lib/httpx/io/ssl.rb', line 72

def try_ssl_connect
  @io.connect_nonblock
  @io.post_connection_check(@sni_hostname) if @ctx.verify_mode != OpenSSL::SSL::VERIFY_NONE && !@hostname_is_ip
  transition(:negotiated)
  @interests = :w
rescue ::IO::WaitReadable
  @interests = :r
rescue ::IO::WaitWritable
  @interests = :w
end

#verify_hostname(host) ⇒ Object

# File 'lib/httpx/io/ssl.rb', line 39

def verify_hostname(host)
  return false if @ctx.verify_mode == OpenSSL::SSL::VERIFY_NONE
  return false if !@io.respond_to?(:peer_cert) || @io.peer_cert.nil?

  OpenSSL::SSL.verify_certificate_identity(@io.peer_cert, host)
end

#write ⇒ Object

# File 'lib/httpx/io/ssl.rb', line 90

def write(*)
  super
rescue ::IO::WaitReadable
  0
end