Class: Puma::MiniSSL::Engine
- Inherits:
-
Object
- Object
- Puma::MiniSSL::Engine
- Defined in:
- ext/puma_http11/mini_ssl.c
Class Method Summary collapse
Instance Method Summary collapse
- #extract ⇒ Object
- #init? ⇒ Boolean
- #inject(str) ⇒ Object
-
#peercert ⇒ String?
Returns ‘nil` when `MiniSSL::Context#verify_mode` is set to `VERIFY_NONE`.
- #read ⇒ Object
- #shutdown ⇒ Object
- #ssl_vers_st ⇒ Object
- #write(str) ⇒ Object
Class Method Details
.client ⇒ Object
515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 |
# File 'ext/puma_http11/mini_ssl.c', line 515
VALUE engine_init_client(VALUE klass) {
VALUE obj;
ms_conn* conn = engine_alloc(klass, &obj);
#ifdef HAVE_DTLS_METHOD
conn->ctx = SSL_CTX_new(DTLS_method());
#else
conn->ctx = SSL_CTX_new(DTLSv1_method());
#endif
conn->ssl = SSL_new(conn->ctx);
SSL_set_app_data(conn->ssl, NULL);
SSL_set_verify(conn->ssl, SSL_VERIFY_NONE, NULL);
SSL_set_bio(conn->ssl, conn->read, conn->write);
SSL_set_connect_state(conn->ssl);
return obj;
}
|
.server(sslctx) ⇒ Object
497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 |
# File 'ext/puma_http11/mini_ssl.c', line 497
VALUE engine_init_server(VALUE self, VALUE sslctx) {
ms_conn* conn;
VALUE obj;
SSL_CTX* ctx;
SSL* ssl;
conn = engine_alloc(self, &obj);
TypedData_Get_Struct(sslctx, SSL_CTX, &sslctx_type, ctx);
ssl = SSL_new(ctx);
conn->ssl = ssl;
SSL_set_app_data(ssl, NULL);
SSL_set_bio(ssl, conn->read, conn->write);
SSL_set_accept_state(ssl);
return obj;
}
|
Instance Method Details
#extract ⇒ Object
634 635 636 637 638 639 640 641 642 643 644 645 646 647 648 649 650 651 652 653 654 655 |
# File 'ext/puma_http11/mini_ssl.c', line 634
VALUE engine_extract(VALUE self) {
ms_conn* conn;
int bytes;
size_t pending;
// https://www.openssl.org/docs/manmaster/man3/BIO_f_buffer.html
// crypto/bio/bf_buff.c DEFAULT_BUFFER_SIZE
char buf[4096];
TypedData_Get_Struct(self, ms_conn, &engine_data_type, conn);
pending = BIO_pending(conn->write);
if(pending > 0) {
bytes = BIO_read(conn->write, buf, sizeof(buf));
if(bytes > 0) {
return rb_str_new(buf, bytes);
} else if(!BIO_should_retry(conn->write)) {
raise_error(conn->ssl, bytes);
}
}
return Qnil;
}
|
#init? ⇒ Boolean
688 689 690 691 692 693 694 |
# File 'ext/puma_http11/mini_ssl.c', line 688
VALUE engine_init(VALUE self) {
ms_conn* conn;
TypedData_Get_Struct(self, ms_conn, &engine_data_type, conn);
return SSL_in_init(conn->ssl) ? Qtrue : Qfalse;
}
|
#inject(str) ⇒ Object
533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 |
# File 'ext/puma_http11/mini_ssl.c', line 533
VALUE engine_inject(VALUE self, VALUE str) {
ms_conn* conn;
long used;
TypedData_Get_Struct(self, ms_conn, &engine_data_type, conn);
StringValue(str);
used = BIO_write(conn->read, RSTRING_PTR(str), (int)RSTRING_LEN(str));
if(used == 0 || used == -1) {
return Qfalse;
}
return INT2FIX(used);
}
|
#peercert ⇒ String?
Returns ‘nil` when `MiniSSL::Context#verify_mode` is set to `VERIFY_NONE`.
696 697 698 699 700 701 702 703 704 705 706 707 708 709 710 711 712 713 714 715 716 717 718 719 720 721 722 723 724 725 726 727 728 729 730 731 732 733 734 735 736 737 |
# File 'ext/puma_http11/mini_ssl.c', line 696
VALUE engine_peercert(VALUE self) {
ms_conn* conn;
X509* cert;
int bytes;
unsigned char* buf = NULL;
ms_cert_buf* cert_buf = NULL;
VALUE rb_cert_buf;
TypedData_Get_Struct(self, ms_conn, &engine_data_type, conn);
#ifdef HAVE_SSL_GET1_PEER_CERTIFICATE
cert = SSL_get1_peer_certificate(conn->ssl);
#else
cert = SSL_get_peer_certificate(conn->ssl);
#endif
if(!cert) {
/*
* See if there was a failed certificate associated with this client.
*/
cert_buf = (ms_cert_buf*)SSL_get_app_data(conn->ssl);
if(!cert_buf) {
return Qnil;
}
buf = cert_buf->buf;
bytes = cert_buf->bytes;
} else {
bytes = i2d_X509(cert, &buf);
X509_free(cert);
if(bytes < 0) {
return Qnil;
}
}
rb_cert_buf = rb_str_new((const char*)(buf), bytes);
if(!cert_buf) {
OPENSSL_free(buf);
}
return rb_cert_buf;
}
|
#read ⇒ Object
584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 600 601 602 603 604 605 606 607 608 609 610 |
# File 'ext/puma_http11/mini_ssl.c', line 584
VALUE engine_read(VALUE self) {
ms_conn* conn;
char buf[512];
int bytes, error;
TypedData_Get_Struct(self, ms_conn, &engine_data_type, conn);
ERR_clear_error();
bytes = SSL_read(conn->ssl, (void*)buf, sizeof(buf));
if(bytes > 0) {
return rb_str_new(buf, bytes);
}
if(SSL_want_read(conn->ssl)) return Qnil;
error = SSL_get_error(conn->ssl, bytes);
if(error == SSL_ERROR_ZERO_RETURN) {
rb_eof_error();
} else {
raise_error(conn->ssl, bytes);
}
return Qnil;
}
|
#shutdown ⇒ Object
657 658 659 660 661 662 663 664 665 666 667 668 669 670 671 672 673 674 675 676 677 678 679 680 681 682 683 684 685 686 |
# File 'ext/puma_http11/mini_ssl.c', line 657
VALUE engine_shutdown(VALUE self) {
ms_conn* conn;
int ok;
TypedData_Get_Struct(self, ms_conn, &engine_data_type, conn);
if (SSL_in_init(conn->ssl)) {
// Avoid "shutdown while in init" error
// See https://github.com/openssl/openssl/blob/openssl-3.5.2/ssl/ssl_lib.c#L2827-L2828
return Qtrue;
}
ERR_clear_error();
ok = SSL_shutdown(conn->ssl);
// See https://github.com/openssl/openssl/blob/openssl-3.5.2/ssl/ssl_lib.c#L2792-L2797
// for description of SSL_shutdown return values.
switch (ok) {
case 0:
// "close notify" alert is sent by us.
return Qfalse;
case 1:
// "close notify" alert was received from peer.
return Qtrue;
default:
raise_error(conn->ssl, ok);
}
return Qnil;
}
|
#ssl_vers_st ⇒ Object
742 743 744 745 746 747 |
# File 'ext/puma_http11/mini_ssl.c', line 742
static VALUE
engine_ssl_vers_st(VALUE self) {
ms_conn* conn;
TypedData_Get_Struct(self, ms_conn, &engine_data_type, conn);
return rb_ary_new3(2, rb_str_new2(SSL_get_version(conn->ssl)), rb_str_new2(SSL_state_string(conn->ssl)));
}
|
#write(str) ⇒ Object
612 613 614 615 616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 632 |
# File 'ext/puma_http11/mini_ssl.c', line 612
VALUE engine_write(VALUE self, VALUE str) {
ms_conn* conn;
int bytes;
TypedData_Get_Struct(self, ms_conn, &engine_data_type, conn);
StringValue(str);
ERR_clear_error();
bytes = SSL_write(conn->ssl, (void*)RSTRING_PTR(str), (int)RSTRING_LEN(str));
if(bytes > 0) {
return INT2FIX(bytes);
}
if(SSL_want_write(conn->ssl)) return Qnil;
raise_error(conn->ssl, bytes);
return Qnil;
}
|