18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
|
# File 'lib/pcp/client.rb', line 18
def ssl_verify_peer(cert)
start_tls_options = parent.instance_variable_get(:@socket_tls)
logger = start_tls_options[:xxx_logger]
logger.debug { [:ssl_verify_peer] }
peer_cert = OpenSSL::X509::Certificate.new cert
hostname = start_tls_options[:xxx_hostname]
if !OpenSSL::SSL.verify_certificate_identity(peer_cert, hostname)
logger.error { [:ssl_verify_peer, :fail,
"Certificate presented does not match '#{hostname}'"] }
return false
end
ssl_ca_cert = start_tls_options[:xxx_ssl_ca_cert]
cert_store = OpenSSL::X509::Store.new
cert_store.add_file ssl_ca_cert
if !cert_store.verify(peer_cert)
logger.error { [:ssl_verify_peer, :ca_verify_failed,
"Peer certificate not verified by ca"] }
return false
end
logger.debug { [:ssl_verify_peer, :success] }
return true
end
|