Class: RubyTls::SSL::Box
- Inherits:
-
Object
- Object
- RubyTls::SSL::Box
- Defined in:
- lib/ruby-tls/ssl.rb
Constant Summary collapse
- InstanceLookup =
ThreadSafe::Cache.new
- READ_BUFFER =
2048
- SSL_VERIFY_PEER =
0x01
- SSL_VERIFY_CLIENT_ONCE =
0x04
- SSL_ERROR_WANT_READ =
2
- SSL_ERROR_SSL =
1
- SSL_RECEIVED_SHUTDOWN =
2
Instance Attribute Summary collapse
-
#context ⇒ Object
readonly
Returns the value of attribute context.
-
#handshake_completed ⇒ Object
readonly
Returns the value of attribute handshake_completed.
-
#is_server ⇒ Object
readonly
Returns the value of attribute is_server.
Instance Method Summary collapse
- #cleanup ⇒ Object
- #decrypt(data) ⇒ Object
- #encrypt(data) ⇒ Object
- #get_peer_cert ⇒ Object
-
#initialize(server, transport, options = {}) ⇒ Box
constructor
A new instance of Box.
- #negotiated ⇒ Object
- #negotiated_protocol ⇒ Object
- #signal_handshake ⇒ Object
- #start ⇒ Object
-
#verify(cert) ⇒ Object
Called from class level callback function.
Constructor Details
#initialize(server, transport, options = {}) ⇒ Box
Returns a new instance of Box.
420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 |
# File 'lib/ruby-tls/ssl.rb', line 420 def initialize(server, transport, = {}) @ready = true @handshake_completed = false @handshake_signaled = false @negotiated = false @transport = transport @read_buffer = FFI::MemoryPointer.new(:char, READ_BUFFER, false) @is_server = server @context = Context.new(server, ) @bioRead = SSL.BIO_new(SSL.BIO_s_mem) @bioWrite = SSL.BIO_new(SSL.BIO_s_mem) @ssl = SSL.SSL_new(@context.ssl_ctx) SSL.SSL_set_bio(@ssl, @bioRead, @bioWrite) @write_queue = [] InstanceLookup[@ssl.address] = self @alpn_fallback = [:fallback] if [:verify_peer] SSL.SSL_set_verify(@ssl, SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, VerifyCB) end SSL.SSL_connect(@ssl) unless server end |
Instance Attribute Details
#context ⇒ Object (readonly)
Returns the value of attribute context.
451 452 453 |
# File 'lib/ruby-tls/ssl.rb', line 451 def context @context end |
#handshake_completed ⇒ Object (readonly)
Returns the value of attribute handshake_completed.
452 453 454 |
# File 'lib/ruby-tls/ssl.rb', line 452 def handshake_completed @handshake_completed end |
#is_server ⇒ Object (readonly)
Returns the value of attribute is_server.
450 451 452 |
# File 'lib/ruby-tls/ssl.rb', line 450 def is_server @is_server end |
Instance Method Details
#cleanup ⇒ Object
556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 |
# File 'lib/ruby-tls/ssl.rb', line 556 def cleanup @ready = false InstanceLookup.delete @ssl.address if (SSL.SSL_get_shutdown(@ssl) & SSL_RECEIVED_SHUTDOWN) != 0 SSL.SSL_shutdown @ssl else SSL.SSL_clear @ssl end SSL.SSL_free @ssl @context.cleanup end |
#decrypt(data) ⇒ Object
495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 |
# File 'lib/ruby-tls/ssl.rb', line 495 def decrypt(data) return unless @ready put_cipher_text data if not SSL.SSL_is_init_finished(@ssl) resp = @is_server ? SSL.SSL_accept(@ssl) : SSL.SSL_connect(@ssl) if resp < 0 err_code = SSL.SSL_get_error(@ssl, resp) if err_code != SSL_ERROR_WANT_READ @transport.close_cb if err_code == SSL_ERROR_SSL return end end @handshake_completed = true signal_handshake unless @handshake_signaled end while true do size = get_plain_text(@read_buffer, READ_BUFFER) if size > 0 @transport.dispatch_cb @read_buffer.read_string(size) else break end end dispatch_cipher_text end |
#encrypt(data) ⇒ Object
482 483 484 485 486 487 488 489 490 491 |
# File 'lib/ruby-tls/ssl.rb', line 482 def encrypt(data) return unless @ready wrote = put_plain_text data if wrote < 0 @transport.close_cb else dispatch_cipher_text end end |
#get_peer_cert ⇒ Object
455 456 457 458 |
# File 'lib/ruby-tls/ssl.rb', line 455 def get_peer_cert return '' unless @ready SSL.SSL_get_peer_certificate(@ssl) end |
#negotiated ⇒ Object
551 552 553 |
# File 'lib/ruby-tls/ssl.rb', line 551 def negotiated @negotiated = true end |
#negotiated_protocol ⇒ Object
460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 |
# File 'lib/ruby-tls/ssl.rb', line 460 def negotiated_protocol return nil unless @context.alpn_set proto = FFI::MemoryPointer.new(:pointer, 1, true) len = FFI::MemoryPointer.new(:uint, 1, true) SSL.SSL_get0_alpn_selected(@ssl, proto, len) resp = proto.get_pointer(0) if resp.address == 0 :failed else length = len.get_uint(0) resp.read_string(length).to_sym end end |
#signal_handshake ⇒ Object
527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 |
# File 'lib/ruby-tls/ssl.rb', line 527 def signal_handshake @handshake_signaled = true # Check protocol support here if @context.alpn_set proto = negotiated_protocol if proto == :failed if @negotiated # We should shutdown if this is the case @transport.close_cb return elsif @alpn_fallback # Client or Server with a client that doesn't support ALPN proto = @alpn_fallback.to_sym end end else proto = nil end @transport.handshake_cb(proto) end |
#start ⇒ Object
476 477 478 479 480 |
# File 'lib/ruby-tls/ssl.rb', line 476 def start return unless @ready dispatch_cipher_text end |
#verify(cert) ⇒ Object
Called from class level callback function
573 574 575 |
# File 'lib/ruby-tls/ssl.rb', line 573 def verify(cert) @transport.verify_cb(cert) == true ? 1 : 0 end |