Class: Qpid::Proton::SSL

Inherits:

Object

• Object
• Qpid::Proton::SSL

Includes:

Util::ErrorHandler, Util::SwigHelper

Defined in:

lib/core/ssl.rb

Overview

The SSL support for Transport.

A Transport may be configured ot use SLL for encryption and/or authentication. A Transport can be configured as either the SSL client or the server. An SSL client is the party that proctively establishes a connection to an SSL server. An SSL server is the party that accepts a connection request from the remote SSL client.

If either the client or the server needs to identify itself with the remote node, it must have its SSL certificate configured.

If either the client or the server needs to verify the identify of the remote node, it must have its database of trusted CAs configured.

An SSL server connection may allow the remote client to connect without SS (i.e., “in the clear”).

The level of verification required of the remote may be configured.

Support for SSL client session resume is provided as well.

See Also:

• For setting the SSL certificate.
• Setting the CA database.
• Allowing unsecured clients.
• Setting peer authentication.
• SSLDomain
• #resume_status

Constant Summary

RESUME_UNKNOWN =

Session resume state is unkonnwn or not supported.

Cproton::PN_SSL_RESUME_UNKNOWN

RESUME_NEW =

Session renegotiated and not resumed.

Cproton::PN_SSL_RESUME_NEW

RESUME_REUSED =

Session resumed from the previous session.

Cproton::PN_SSL_RESUME_REUSED

PROTON_METHOD_PREFIX =

"pn_ssl"

Class Method Summary

• .create(transport, domain, session_details = nil) ⇒ Object
• .present? ⇒ Boolean

  Returns whether SSL is supported.

Instance Method Summary

• #cipher_name ⇒ String^?

  Returns the cipher name that is currently in used.

• #peer_hostname ⇒ String

  Gets the peer hostname.

• #protocol_name ⇒ String^?

  Returns the name of the SSL protocol that is currently active, or returns nil if SSL is nota ctive.

• #resume_status ⇒ Object

  Checks whether or not the state has resumed.

Methods included from Util::ErrorHandler

#can_raise_error, #check_for_error, #create_exception_handler_wrapper, included

Methods included from Util::SwigHelper

included

Class Method Details

.create(transport, domain, session_details = nil) ⇒ Object

# File 'lib/core/ssl.rb', line 83

def self.create(transport, domain, session_details = nil)
  result = nil
  # like python, make sure we're not creating a different SSL
  # object for a transport with an existing SSL object
  if transport.ssl?
    transport.instance_eval { result = @ssl }
    if ((!domain.nil? && (result.domain != domain)) ||
        (!session_details.nil? && (result.session_details != session_details)))
      raise SSLException.new("cannot re-configure existing SSL object")
    end
  else
    impl = Cproton.pn_ssl(transport.impl)
    session_id = nil
    session_id = session_details.session_id unless session_details.nil?
    result = SSL.new(impl, domain, session_details, session_id)
  end
  return result
end

.present? ⇒ Boolean

Returns whether SSL is supported.

Returns:

• (Boolean) —

  True if SSL support is available.

# File 'lib/core/ssl.rb', line 78

def self.present?
  Cproton.pn_ssl_present
end

Instance Method Details

#cipher_name ⇒ String^?

Returns the cipher name that is currently in used.

Gets the text description of the cipher that is currently active, or returns nil if SSL is not active. Note that the cipher in use my change over time due to renegotiation or other changes to the SSL layer.

Returns:

• (String, nil) —

  The cipher name.

# File 'lib/core/ssl.rb', line 122

def cipher_name
  rc, name = Cproton.pn_ssl_get_cipher_name(@impl, 128)
  return name if rc
  nil
end

#peer_hostname ⇒ String

Gets the peer hostname.

Returns:

• (String) —

  The peer hostname.

Raises:

• (SSLError)

# File 'lib/core/ssl.rb', line 156

def peer_hostname
  (error, name) = Cproton.pn_ssl_get_peer_hostname(@impl, 1024)
  raise SSLError.new if error < 0
  return name
end

#protocol_name ⇒ String^?

Returns the name of the SSL protocol that is currently active, or returns nil if SSL is nota ctive. Not that the protocol may change over time due to renegotation.

Returns:

• (String, nil) —

  The protocol name.

# File 'lib/core/ssl.rb', line 134

def protocol_name
  rc, name = Cproton.pn_ssl_get_protocol_name(@impl, 128)
  retur name if rc
  nil
end

#resume_status ⇒ Object

Checks whether or not the state has resumed.

Used for client session resume. When called on an active session, it indicates wehther the state has been resumed from a previous session.

NOTE: This is a best-effort service - there is no guarantee that the remote server will accept the resumed parameters. The remote server may choose to ignore these parameters, and request a renegotation instead.

# File 'lib/core/ssl.rb', line 149

def resume_status
  Cproton.pn_ssl_resume_status(@impl)
end