Class: OpenSSL::SSL::SSLContext
- Inherits:
-
Object
- Object
- OpenSSL::SSL::SSLContext
- Defined in:
- lib/jopenssl22/openssl/ssl.rb,
lib/jopenssl23/openssl/ssl.rb
Constant Summary collapse
- DEFAULT_PARAMS =
{ :ssl_version => "SSLv23", :verify_mode => OpenSSL::SSL::VERIFY_PEER, :ciphers => %w{ ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES128-GCM-SHA256 DHE-DSS-AES128-GCM-SHA256 DHE-RSA-AES256-GCM-SHA384 DHE-DSS-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-SHA256 ECDHE-RSA-AES128-SHA256 ECDHE-ECDSA-AES128-SHA ECDHE-RSA-AES128-SHA ECDHE-ECDSA-AES256-SHA384 ECDHE-RSA-AES256-SHA384 ECDHE-ECDSA-AES256-SHA ECDHE-RSA-AES256-SHA DHE-RSA-AES128-SHA256 DHE-RSA-AES256-SHA256 DHE-RSA-AES128-SHA DHE-RSA-AES256-SHA DHE-DSS-AES128-SHA256 DHE-DSS-AES256-SHA256 DHE-DSS-AES128-SHA DHE-DSS-AES256-SHA AES128-GCM-SHA256 AES256-GCM-SHA384 AES128-SHA256 AES256-SHA256 AES128-SHA AES256-SHA ECDHE-ECDSA-RC4-SHA ECDHE-RSA-RC4-SHA RC4-SHA }.join(":"), :options => -> { opts = OpenSSL::SSL::OP_ALL opts &= ~OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS if defined?(OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS) opts |= OpenSSL::SSL::OP_NO_COMPRESSION if defined?(OpenSSL::SSL::OP_NO_COMPRESSION) opts |= OpenSSL::SSL::OP_NO_SSLv2 if defined?(OpenSSL::SSL::OP_NO_SSLv2) opts |= OpenSSL::SSL::OP_NO_SSLv3 if defined?(OpenSSL::SSL::OP_NO_SSLv3) opts }.call }
- DEFAULT_CERT_STORE =
OpenSSL::X509::Store.new
- INIT_VARS =
["cert", "key", "client_ca", "ca_file", "ca_path", "timeout", "verify_mode", "verify_depth", "renegotiation_cb", "verify_callback", "cert_store", "extra_chain_cert", "client_cert_cb", "session_id_context", "tmp_dh_callback", "session_get_cb", "session_new_cb", "session_remove_cb", "tmp_ecdh_callback", "servername_cb", "npn_protocols", "alpn_protocols", "alpn_select_cb", "npn_select_cb"].map { |x| "@#{x}" }
Instance Attribute Summary collapse
-
#servername_cb ⇒ Object
A callback invoked at connect time to distinguish between multiple server names.
-
#tmp_dh_callback ⇒ Object
A callback invoked when DH parameters are required.
Instance Method Summary collapse
-
#set_params(params = {}) ⇒ Object
Sets the parameters for this SSL context to the values in
params
.
Instance Attribute Details
#servername_cb ⇒ Object
A callback invoked at connect time to distinguish between multiple server names.
The callback is invoked with an SSLSocket and a server name. The callback must return an SSLContext for the server name or nil.
101 102 103 |
# File 'lib/jopenssl23/openssl/ssl.rb', line 101 def servername_cb @servername_cb end |
#tmp_dh_callback ⇒ Object
A callback invoked when DH parameters are required.
The callback is invoked with the Session for the key exchange, an flag indicating the use of an export cipher and the keylength required.
The callback must return an OpenSSL::PKey::DH instance of the correct key length.
93 94 95 |
# File 'lib/jopenssl23/openssl/ssl.rb', line 93 def tmp_dh_callback @tmp_dh_callback end |
Instance Method Details
#set_params(params = {}) ⇒ Object
Sets the parameters for this SSL context to the values in params
. The keys in params
must be assignment methods on SSLContext.
If the verify_mode is not VERIFY_NONE and ca_file, ca_path and cert_store are not set then the system default certificate store is used.
87 88 89 90 91 92 93 94 95 96 |
# File 'lib/jopenssl22/openssl/ssl.rb', line 87 def set_params(params={}) params = DEFAULT_PARAMS.merge(params) params.each{|name, value| self.__send__("#{name}=", value) } if self.verify_mode != OpenSSL::SSL::VERIFY_NONE unless self.ca_file or self.ca_path or self.cert_store self.cert_store = DEFAULT_CERT_STORE end end return params end |