Class: Qpid::Proton::SSL
- Inherits:
-
Object
- Object
- Qpid::Proton::SSL
- Includes:
- Util::ErrorHandler, Util::Wrapper
- Defined in:
- lib/core/ssl.rb
Overview
The SSL support for Transport.
A Transport may be configured ot use SLL for encryption and/or authentication. A Transport can be configured as either the SSL client or the server. An SSL client is the party that proctively establishes a connection to an SSL server. An SSL server is the party that accepts a connection request from the remote SSL client.
If either the client or the server needs to identify itself with the remote node, it must have its SSL certificate configured.
If either the client or the server needs to verify the identify of the remote node, it must have its database of trusted CAs configured.
An SSL server connection may allow the remote client to connect without SS (i.e., “in the clear”).
The level of verification required of the remote may be configured.
Support for SSL client session resume is provided as well.
Constant Summary collapse
- RESUME_UNKNOWN =
Session resume state is unkonnwn or not supported.
Cproton::PN_SSL_RESUME_UNKNOWN
- RESUME_NEW =
Session renegotiated and not resumed.
Cproton::PN_SSL_RESUME_NEW
- RESUME_REUSED =
Session resumed from the previous session.
Cproton::PN_SSL_RESUME_REUSED
- PROTON_METHOD_PREFIX =
"pn_ssl"
Instance Attribute Summary
Attributes included from Util::Wrapper
Class Method Summary collapse
- .create(transport, domain, session_details = nil) ⇒ Object
-
.present? ⇒ Boolean
Returns whether SSL is supported.
Instance Method Summary collapse
-
#cipher_name ⇒ String?
Returns the cipher name that is currently in used.
-
#peer_hostname ⇒ String
Gets the peer hostname.
-
#protocol_name ⇒ String?
Returns the name of the SSL protocol that is currently active, or returns nil if SSL is nota ctive.
-
#resume_status ⇒ Object
Checks whether or not the state has resumed.
Methods included from Util::ErrorHandler
#can_raise_error, #check_for_error, #create_exception_handler_wrapper, included
Methods included from Util::Wrapper
included, #inspect, registry, #to_s
Class Method Details
.create(transport, domain, session_details = nil) ⇒ Object
78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 |
# File 'lib/core/ssl.rb', line 78 def self.create(transport, domain, session_details = nil) result = nil # like python, make sure we're not creating a different SSL # object for a transport with an existing SSL object if transport.ssl? transport.instance_eval { result = @ssl } if ((!domain.nil? && (result.domain != domain)) || (!session_details.nil? && (result.session_details != session_details))) raise SSLException.new("cannot re-configure existing SSL object") end else impl = Cproton.pn_ssl(transport.impl) session_id = nil session_id = session_details.session_id unless session_details.nil? result = SSL.new(impl, domain, session_details, session_id) end return result end |
.present? ⇒ Boolean
Returns whether SSL is supported.
73 74 75 |
# File 'lib/core/ssl.rb', line 73 def self.present? Cproton.pn_ssl_present end |
Instance Method Details
#cipher_name ⇒ String?
Returns the cipher name that is currently in used.
Gets the text description of the cipher that is currently active, or returns nil if SSL is not active. Note that the cipher in use my change over time due to renegotiation or other changes to the SSL layer.
117 118 119 120 121 |
# File 'lib/core/ssl.rb', line 117 def cipher_name rc, name = Cproton.pn_ssl_get_cipher_name(@impl, 128) return name if rc nil end |
#peer_hostname ⇒ String
Gets the peer hostname.
150 151 152 153 154 |
# File 'lib/core/ssl.rb', line 150 def peer_hostname (error, name) = Cproton.pn_ssl_get_peer_hostname(@impl, 1024) raise SSLError.new if error < 0 return name end |
#protocol_name ⇒ String?
Returns the name of the SSL protocol that is currently active, or returns nil if SSL is nota ctive. Not that the protocol may change over time due to renegotation.
129 130 131 132 |
# File 'lib/core/ssl.rb', line 129 def protocol_name rc, name = Cproton.pn_ssl_get_protocol_name(@impl, 128) name if rc end |
#resume_status ⇒ Object
Checks whether or not the state has resumed.
Used for client session resume. When called on an active session, it indicates wehther the state has been resumed from a previous session.
NOTE: This is a best-effort service - there is no guarantee that the remote server will accept the resumed parameters. The remote server may choose to ignore these parameters, and request a renegotation instead.
143 144 145 |
# File 'lib/core/ssl.rb', line 143 def resume_status Cproton.pn_ssl_resume_status(@impl) end |