Class: LibTLS::Config

Inherits:

Object

• Object
• LibTLS::Config

Defined in:

lib/libtls/config.rb

Overview

A TLS configuration

This object is an abstraction over the libtls configuration. It can be used as a shorthand for configuring the struct tls context.

config = LibTLS::Config.new(
  ca_path: '/etc/ssl',
  key_mem: [key_ptr, 512]
)
LibTLS::Raw.tls_configure(ctx, config.as_raw)
config.free

Constant Summary

VALID_SET_CONFIGS =

Keys that can be configured

This is derived from the tls_config_set_* functions in Raw.

i(
  ca_file ca_path ca_mem cert_file cert_mem ciphers dheparams ecdhecurve
  key_file key_mem protocols verify_depth
)

Instance Method Summary

• #as_raw ⇒ FFI::Pointer

  Convert this object into the C representation.

• #free ⇒ Object

  Release any memory held on to by the C library.

• #initialize(config_hash) ⇒ Config constructor

  Return a new instance of Config.

Constructor Details

#initialize(config_hash) ⇒ Config

Return a new instance of Config

Parameters:

• config_hash (Hash) —

  the Ruby representation of the configuration. The keys are any of VALID_SET_CONFIGS; the value is either a scalar value, or an array. The array is splatted into the appropriate C function.

Options Hash (config_hash):

• ca_file (String) —

  The filename used to load a file containing the root certificates. (Client)

• ca_path (String) —

  The path (directory) which should be searched for root certificates. (Client)

• ca_mem ([FFI::Pointer, Fixnum]) —

  Set the root certificates directly from memory. (Client)

• cert_file (String) —

  Set file from which the public certificate will be read. (Client and server)

• cert_mem ([FFI::Pointer, Fixnum]) —

  Set the public certificate directly from memory. (Client and server)

• ciphers (String) —

  Set the list of ciphers that may be used. (Client and server)

• dheparams (String) —

  Set the dheparams option to either “none” (0), “auto” (-1), or “legacy” (1024). The default is “none”. (Server)

• ecdhecurve (String) —

  Set the ecdhecurve option to one of “none” (NID_undef), “auto” (-1), or any NID value understood by OBJ_txt2nid (3). (Server)

• keyfile (String) —

  Set the file from which the private key will be read. (Server)

• key_mem ([FFI::Pointer, Fixnum]) —

  Directly set the private key from memory. (Server)

• protocols (Fixnum) —

  Sets which versions of the protocol may be used, as documented in Raw#tls_config_set_protocols. (Client and server)

• verify_depth (Fixnum) —

  Set the verify depth as documented under SSL_CTX_set_verify_depth(3). (Client)

# File 'lib/libtls/config.rb', line 61

def initialize(config_hash)
  @config_hash = config_hash
end

Instance Method Details

#as_raw ⇒ FFI::Pointer

Convert this object into the C representation

This builds a struct tls_config pointer, sets the values on it as dictated by the hash passed in, and returns the struct tls_config pointer.

The return value must be freed using #free.

Returns:

• (FFI::Pointer) —

  the completed struct tls_config pointer

Raises:

• (LibTLS::UnknownCError) —

  if tls_config_new or the appropriate tls_config_set_* fails

# File 'lib/libtls/config.rb', line 76

def as_raw
  @raw_config ||= buld_raw_config
end

#free ⇒ Object

Release any memory held on to by the C library

This method must be called when finished.

# File 'lib/libtls/config.rb', line 84

def free
  LibTLS::Raw.tls_config_free(as_raw)
end