Module: Raktr::Connection::TLS

Defined in:

lib/raktr/connection/tls.rb

Overview

Author:

• Tasos “Zapotek” Laskos <tasos.laskos@gmail.com>

Instance Method Summary

• #_connect ⇒ Object

  Performs an SSL handshake in addition to a plaintext connect operation.

• #_read ⇒ Object

  First checks if there’s a pending SSL #accept operation when this connection is a server handler which has been passed an accepted plaintext connection.

• #_write(*args) ⇒ Object

  First checks if there’s a pending SSL #accept operation when this connection is a server handler which has been passed an accepted plaintext connection.

• #start_tls(options = {}) ⇒ Object

  Converts the #socket to an SSL one.

Instance Method Details

#_connect ⇒ Object

Performs an SSL handshake in addition to a plaintext connect operation.

# File 'lib/raktr/connection/tls.rb', line 77

def _connect
    return if @ssl_connected

    @plaintext_connected ||= super
    return if !@plaintext_connected

    # Mark the connection as not connected due to the pending SSL handshake.
    @connected = false

    @socket.connect_nonblock
    @ssl_connected = @connected = true
rescue IO::WaitReadable, IO::WaitWritable, Errno::EINPROGRESS
rescue => e
    close e
end

#_read ⇒ Object

First checks if there’s a pending SSL #accept operation when this connection is a server handler which has been passed an accepted plaintext connection.

# File 'lib/raktr/connection/tls.rb', line 109

def _read
    return ssl_accept if accept?

    super
rescue OpenSSL::SSL::SSLErrorWaitReadable
end

#_write(*args) ⇒ Object

First checks if there’s a pending SSL #accept operation when this connection is a server handler which has been passed an accepted plaintext connection.

# File 'lib/raktr/connection/tls.rb', line 98

def _write( *args )
    return ssl_accept if accept?

    super( *args )
end

#start_tls(options = {}) ⇒ Object

Converts the Raktr::Connection#socket to an SSL one.

Parameters:

• options (Hash) (defaults to: {})
• [String] (Hash) —

  a customizable set of options

# File 'lib/raktr/connection/tls.rb', line 24

def start_tls( options = {} )
    if @socket.is_a? OpenSSL::SSL::SSLSocket
        @ssl_context = @socket.context
        return
    end

    @ssl_context = OpenSSL::SSL::SSLContext.new
    @ssl_context.verify_mode = OpenSSL::SSL::VERIFY_NONE

    if options[:certificate] && options[:private_key]

        @ssl_context.cert =
            OpenSSL::X509::Certificate.new( File.open( options[:certificate] ) )
        @ssl_context.key  =
            OpenSSL::PKey::RSA.new( File.open( options[:private_key] ) )

        @ssl_context.ca_file     = options[:ca]
        @ssl_context.verify_mode =
            OpenSSL::SSL::VERIFY_PEER | OpenSSL::SSL::VERIFY_FAIL_IF_NO_PEER_CERT

    elsif @role == :server
        @ssl_context.key             = OpenSSL::PKey::RSA.new( 2048 )
        @ssl_context.cert            = OpenSSL::X509::Certificate.new
        @ssl_context.cert.subject    = OpenSSL::X509::Name.new( [['CN', 'localhost']] )
        @ssl_context.cert.issuer     = @ssl_context.cert.subject
        @ssl_context.cert.public_key = @ssl_context.key
        @ssl_context.cert.not_before = Time.now
        @ssl_context.cert.not_after  = Time.now + 60 * 60 * 24
        @ssl_context.cert.version    = 2
        @ssl_context.cert.serial     = 1

        @ssl_context.cert.sign( @ssl_context.key, OpenSSL::Digest::SHA1.new )
    end

    if @role == :server
        @socket = OpenSSL::SSL::SSLServer.new( @socket, @ssl_context )
    else
        @socket = OpenSSL::SSL::SSLSocket.new( @socket, @ssl_context )
        @socket.sync_close = true

        # We've switched to SSL, a connection needs to be re-established
        # via the SSL handshake.
        @connected         = false

        _connect if unix?
    end

    @socket
end