Method: OpenSSL::SSL::SSLSocket#post_connection_check

Defined in:
lib/jopenssl22/openssl/ssl.rb,
lib/jopenssl23/openssl/ssl.rb,
lib/jopenssl19/openssl/ssl-internal.rb

#post_connection_check(hostname) ⇒ Object

call-seq:

ssl.post_connection_check(hostname) -> true

Perform hostname verification following RFC 6125.

This method MUST be called after calling #connect to ensure that the hostname of a remote peer has been verified.



242
243
244
245
246
247
248
249
250
251
252
253
254
255
 
# File 'lib/jopenssl22/openssl/ssl.rb', line 242

def post_connection_check(hostname)
  if peer_cert.nil?
    msg = "Peer verification enabled, but no certificate received."
    if using_anon_cipher?
      msg += " Anonymous cipher suite #{cipher[0]} was negotiated. Anonymous suites must be disabled to use peer verification."
    end
    raise SSLError, msg
  end

  unless OpenSSL::SSL.verify_certificate_identity(peer_cert, hostname)
    raise SSLError, "hostname \"#{hostname}\" does not match the server certificate"
  end
  return true
end