Class: OpenSSL::SSL::SSLContext

Inherits:

Object

Object
OpenSSL::SSL::SSLContext

Defined in:: lib/jopenssl22/openssl/ssl.rb,
lib/jopenssl23/openssl/ssl.rb

Constant Summary collapse

DEFAULT_PARAMS =

{
  :ssl_version => "SSLv23",
  :verify_mode => OpenSSL::SSL::VERIFY_PEER,
  :ciphers => %w{
    ECDHE-ECDSA-AES128-GCM-SHA256
    ECDHE-RSA-AES128-GCM-SHA256
    ECDHE-ECDSA-AES256-GCM-SHA384
    ECDHE-RSA-AES256-GCM-SHA384
    DHE-RSA-AES128-GCM-SHA256
    DHE-DSS-AES128-GCM-SHA256
    DHE-RSA-AES256-GCM-SHA384
    DHE-DSS-AES256-GCM-SHA384
    ECDHE-ECDSA-AES128-SHA256
    ECDHE-RSA-AES128-SHA256
    ECDHE-ECDSA-AES128-SHA
    ECDHE-RSA-AES128-SHA
    ECDHE-ECDSA-AES256-SHA384
    ECDHE-RSA-AES256-SHA384
    ECDHE-ECDSA-AES256-SHA
    ECDHE-RSA-AES256-SHA
    DHE-RSA-AES128-SHA256
    DHE-RSA-AES256-SHA256
    DHE-RSA-AES128-SHA
    DHE-RSA-AES256-SHA
    DHE-DSS-AES128-SHA256
    DHE-DSS-AES256-SHA256
    DHE-DSS-AES128-SHA
    DHE-DSS-AES256-SHA
    AES128-GCM-SHA256
    AES256-GCM-SHA384
    AES128-SHA256
    AES256-SHA256
    AES128-SHA
    AES256-SHA
    ECDHE-ECDSA-RC4-SHA
    ECDHE-RSA-RC4-SHA
    RC4-SHA
  }.join(":"),
  :options => -> {
    opts = OpenSSL::SSL::OP_ALL
    opts &= ~OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS if defined?(OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS)
    opts |= OpenSSL::SSL::OP_NO_COMPRESSION if defined?(OpenSSL::SSL::OP_NO_COMPRESSION)
    opts |= OpenSSL::SSL::OP_NO_SSLv2 if defined?(OpenSSL::SSL::OP_NO_SSLv2)
    opts |= OpenSSL::SSL::OP_NO_SSLv3 if defined?(OpenSSL::SSL::OP_NO_SSLv3)
    opts
  }.call
}

DEFAULT_CERT_STORE =

OpenSSL::X509::Store.new

INIT_VARS =

["cert", "key", "client_ca", "ca_file", "ca_path",
"timeout", "verify_mode", "verify_depth", "renegotiation_cb",
"verify_callback", "cert_store", "extra_chain_cert",
"client_cert_cb", "session_id_context", "tmp_dh_callback",
"session_get_cb", "session_new_cb", "session_remove_cb",
"tmp_ecdh_callback", "servername_cb", "npn_protocols",
"alpn_protocols", "alpn_select_cb",
"npn_select_cb"].map { |x| "@#{x}" }

Instance Attribute Summary collapse

#servername_cb ⇒ Object

A callback invoked at connect time to distinguish between multiple server names.
#tmp_dh_callback ⇒ Object

A callback invoked when DH parameters are required.

Instance Method Summary collapse

#set_params(params = {}) ⇒ Object

Sets the parameters for this SSL context to the values in params.

Instance Attribute Details

#servername_cb ⇒ `Object`

A callback invoked at connect time to distinguish between multiple server names.

The callback is invoked with an SSLSocket and a server name. The callback must return an SSLContext for the server name or nil.



101
102
103

# File 'lib/jopenssl23/openssl/ssl.rb', line 101

def servername_cb
  @servername_cb
end

#tmp_dh_callback ⇒ `Object`

A callback invoked when DH parameters are required.

The callback is invoked with the Session for the key exchange, an flag indicating the use of an export cipher and the keylength required.

The callback must return an OpenSSL::PKey::DH instance of the correct key length.



93
94
95

# File 'lib/jopenssl23/openssl/ssl.rb', line 93

def tmp_dh_callback
  @tmp_dh_callback
end

Instance Method Details

#set_params(params = {}) ⇒ `Object`

Sets the parameters for this SSL context to the values in params. The keys in params must be assignment methods on SSLContext.

If the verify_mode is not VERIFY_NONE and ca_file, ca_path and cert_store are not set then the system default certificate store is used.

# File 'lib/jopenssl22/openssl/ssl.rb', line 87

def set_params(params={})
  params = DEFAULT_PARAMS.merge(params)
  params.each{|name, value| self.__send__("#{name}=", value) }
  if self.verify_mode != OpenSSL::SSL::VERIFY_NONE
    unless self.ca_file or self.ca_path or self.cert_store
      self.cert_store = DEFAULT_CERT_STORE
    end
  end
  return params
end