Class: Qpid::Proton::SSL
- Inherits:
-
Object
- Object
- Qpid::Proton::SSL
- Includes:
- Util::ErrorHandler, Util::SwigHelper
- Defined in:
- lib/core/ssl.rb
Overview
The SSL support for Transport.
A Transport may be configured ot use SLL for encryption and/or authentication. A Transport can be configured as either the SSL client or the server. An SSL client is the party that proctively establishes a connection to an SSL server. An SSL server is the party that accepts a connection request from the remote SSL client.
If either the client or the server needs to identify itself with the remote node, it must have its SSL certificate configured.
If either the client or the server needs to verify the identify of the remote node, it must have its database of trusted CAs configured.
An SSL server connection may allow the remote client to connect without SS (i.e., “in the clear”).
The level of verification required of the remote may be configured.
Support for SSL client session resume is provided as well.
Constant Summary collapse
- RESUME_UNKNOWN =
Session resume state is unkonnwn or not supported.
Cproton::PN_SSL_RESUME_UNKNOWN
- RESUME_NEW =
Session renegotiated and not resumed.
Cproton::PN_SSL_RESUME_NEW
- RESUME_REUSED =
Session resumed from the previous session.
Cproton::PN_SSL_RESUME_REUSED
- PROTON_METHOD_PREFIX =
"pn_ssl"
Class Method Summary collapse
- .create(transport, domain, session_details = nil) ⇒ Object
-
.present? ⇒ Boolean
Returns whether SSL is supported.
Instance Method Summary collapse
-
#cipher_name ⇒ String?
Returns the cipher name that is currently in used.
-
#peer_hostname ⇒ String
Gets the peer hostname.
-
#protocol_name ⇒ String?
Returns the name of the SSL protocol that is currently active, or returns nil if SSL is nota ctive.
-
#resume_status ⇒ Object
Checks whether or not the state has resumed.
Methods included from Util::ErrorHandler
#can_raise_error, #check_for_error, #create_exception_handler_wrapper, included
Methods included from Util::SwigHelper
Class Method Details
.create(transport, domain, session_details = nil) ⇒ Object
83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 |
# File 'lib/core/ssl.rb', line 83 def self.create(transport, domain, session_details = nil) result = nil # like python, make sure we're not creating a different SSL # object for a transport with an existing SSL object if transport.ssl? transport.instance_eval { result = @ssl } if ((!domain.nil? && (result.domain != domain)) || (!session_details.nil? && (result.session_details != session_details))) raise SSLException.new("cannot re-configure existing SSL object") end else impl = Cproton.pn_ssl(transport.impl) session_id = nil session_id = session_details.session_id unless session_details.nil? result = SSL.new(impl, domain, session_details, session_id) end return result end |
.present? ⇒ Boolean
Returns whether SSL is supported.
78 79 80 |
# File 'lib/core/ssl.rb', line 78 def self.present? Cproton.pn_ssl_present end |
Instance Method Details
#cipher_name ⇒ String?
Returns the cipher name that is currently in used.
Gets the text description of the cipher that is currently active, or returns nil if SSL is not active. Note that the cipher in use my change over time due to renegotiation or other changes to the SSL layer.
122 123 124 125 126 |
# File 'lib/core/ssl.rb', line 122 def cipher_name rc, name = Cproton.pn_ssl_get_cipher_name(@impl, 128) return name if rc nil end |
#peer_hostname ⇒ String
Gets the peer hostname.
156 157 158 159 160 |
# File 'lib/core/ssl.rb', line 156 def peer_hostname (error, name) = Cproton.pn_ssl_get_peer_hostname(@impl, 1024) raise SSLError.new if error < 0 return name end |
#protocol_name ⇒ String?
Returns the name of the SSL protocol that is currently active, or returns nil if SSL is nota ctive. Not that the protocol may change over time due to renegotation.
134 135 136 137 138 |
# File 'lib/core/ssl.rb', line 134 def protocol_name rc, name = Cproton.pn_ssl_get_protocol_name(@impl, 128) retur name if rc nil end |
#resume_status ⇒ Object
Checks whether or not the state has resumed.
Used for client session resume. When called on an active session, it indicates wehther the state has been resumed from a previous session.
NOTE: This is a best-effort service - there is no guarantee that the remote server will accept the resumed parameters. The remote server may choose to ignore these parameters, and request a renegotation instead.
149 150 151 |
# File 'lib/core/ssl.rb', line 149 def resume_status Cproton.pn_ssl_resume_status(@impl) end |