Class: RubyTls::SSL::Box
- Inherits:
-
Object
- Object
- RubyTls::SSL::Box
- Defined in:
- lib/ruby-tls/ssl.rb
Constant Summary collapse
- InstanceLookup =
::Concurrent::Map.new
- READ_BUFFER =
2048
- SSL_VERIFY_PEER =
0x01
- SSL_VERIFY_CLIENT_ONCE =
0x04
- SSL_ERROR_WANT_READ =
2
- SSL_ERROR_SSL =
1
- SSL_RECEIVED_SHUTDOWN =
2
Instance Attribute Summary collapse
-
#context ⇒ Object
readonly
Returns the value of attribute context.
-
#handshake_completed ⇒ Object
readonly
Returns the value of attribute handshake_completed.
-
#hosts ⇒ Object
readonly
Returns the value of attribute hosts.
-
#is_server ⇒ Object
readonly
Returns the value of attribute is_server.
Instance Method Summary collapse
- #add_host(host_name:, **options) ⇒ Object
- #cleanup ⇒ Object
- #decrypt(data) ⇒ Object
- #encrypt(data) ⇒ Object
- #get_peer_cert ⇒ Object
-
#initialize(server, transport, options = {}) ⇒ Box
constructor
A new instance of Box.
- #negotiated ⇒ Object
- #negotiated_protocol ⇒ Object
-
#remove_host(host_name) ⇒ Object
Careful with this.
- #signal_handshake ⇒ Object
- #start ⇒ Object
-
#verify(cert) ⇒ Object
Called from class level callback function.
Constructor Details
#initialize(server, transport, options = {}) ⇒ Box
Returns a new instance of Box.
548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586 |
# File 'lib/ruby-tls/ssl.rb', line 548 def initialize(server, transport, = {}) @ready = true @handshake_completed = false @handshake_signaled = false @negotiated = false @transport = transport @read_buffer = FFI::MemoryPointer.new(:char, READ_BUFFER, false) @is_server = server @context = Context.new(server, ) @bioRead = SSL.BIO_new(SSL.BIO_s_mem) @bioWrite = SSL.BIO_new(SSL.BIO_s_mem) @ssl = SSL.SSL_new(@context.ssl_ctx) SSL.SSL_set_bio(@ssl, @bioRead, @bioWrite) @write_queue = [] InstanceLookup[@ssl.address] = self @alpn_fallback = [:fallback] if [:verify_peer] SSL.SSL_set_verify(@ssl, SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, VerifyCB) end # Add Server Name Indication (SNI) for client connections if [:host_name] if server @hosts = ::Concurrent::Map.new @hosts[[:host_name].to_s] = @context @context.add_server_name_indication else SSL.SSL_set_tlsext_host_name(@ssl, [:host_name]) end end SSL.SSL_connect(@ssl) unless server end |
Instance Attribute Details
#context ⇒ Object (readonly)
Returns the value of attribute context.
612 613 614 |
# File 'lib/ruby-tls/ssl.rb', line 612 def context @context end |
#handshake_completed ⇒ Object (readonly)
Returns the value of attribute handshake_completed.
613 614 615 |
# File 'lib/ruby-tls/ssl.rb', line 613 def handshake_completed @handshake_completed end |
#hosts ⇒ Object (readonly)
Returns the value of attribute hosts.
614 615 616 |
# File 'lib/ruby-tls/ssl.rb', line 614 def hosts @hosts end |
#is_server ⇒ Object (readonly)
Returns the value of attribute is_server.
612 613 614 |
# File 'lib/ruby-tls/ssl.rb', line 612 def is_server @is_server end |
Instance Method Details
#add_host(host_name:, **options) ⇒ Object
589 590 591 592 593 594 595 596 |
# File 'lib/ruby-tls/ssl.rb', line 589 def add_host(host_name:, **) raise 'Server Name Indication (SNI) not configured for default host' unless @hosts raise 'only valid for server mode context' unless @is_server context = Context.new(true, ) @hosts[host_name.to_s] = context context.add_server_name_indication nil end |
#cleanup ⇒ Object
718 719 720 721 722 723 724 725 726 727 728 729 730 731 732 733 734 735 736 737 738 739 740 |
# File 'lib/ruby-tls/ssl.rb', line 718 def cleanup return unless @ready @ready = false InstanceLookup.delete @ssl.address if (SSL.SSL_get_shutdown(@ssl) & SSL_RECEIVED_SHUTDOWN) != 0 SSL.SSL_shutdown @ssl else SSL.SSL_clear @ssl end SSL.SSL_free @ssl if @hosts @hosts.each_value do |context| context.cleanup end @hosts = nil else @context.cleanup end end |
#decrypt(data) ⇒ Object
657 658 659 660 661 662 663 664 665 666 667 668 669 670 671 672 673 674 675 676 677 678 679 680 681 682 683 684 685 686 687 |
# File 'lib/ruby-tls/ssl.rb', line 657 def decrypt(data) return unless @ready put_cipher_text data if not SSL.SSL_is_init_finished(@ssl) resp = @is_server ? SSL.SSL_accept(@ssl) : SSL.SSL_connect(@ssl) if resp < 0 err_code = SSL.SSL_get_error(@ssl, resp) if err_code != SSL_ERROR_WANT_READ @transport.close_cb if err_code == SSL_ERROR_SSL return end end @handshake_completed = true signal_handshake unless @handshake_signaled end while true do size = get_plain_text(@read_buffer, READ_BUFFER) if size > 0 @transport.dispatch_cb @read_buffer.read_string(size) else break end end dispatch_cipher_text end |
#encrypt(data) ⇒ Object
644 645 646 647 648 649 650 651 652 653 |
# File 'lib/ruby-tls/ssl.rb', line 644 def encrypt(data) return unless @ready wrote = put_plain_text data if wrote < 0 @transport.close_cb else dispatch_cipher_text end end |
#get_peer_cert ⇒ Object
617 618 619 620 |
# File 'lib/ruby-tls/ssl.rb', line 617 def get_peer_cert return '' unless @ready SSL.SSL_get_peer_certificate(@ssl) end |
#negotiated ⇒ Object
713 714 715 |
# File 'lib/ruby-tls/ssl.rb', line 713 def negotiated @negotiated = true end |
#negotiated_protocol ⇒ Object
622 623 624 625 626 627 628 629 630 631 632 633 634 635 636 |
# File 'lib/ruby-tls/ssl.rb', line 622 def negotiated_protocol return nil unless @context.alpn_set proto = FFI::MemoryPointer.new(:pointer, 1, true) len = FFI::MemoryPointer.new(:uint, 1, true) SSL.SSL_get0_alpn_selected(@ssl, proto, len) resp = proto.get_pointer(0) if resp.address == 0 :failed else length = len.get_uint(0) resp.read_string(length).to_sym end end |
#remove_host(host_name) ⇒ Object
Careful with this. If you remove all the hosts you’ll end up with a segfault
600 601 602 603 604 605 606 607 608 609 |
# File 'lib/ruby-tls/ssl.rb', line 600 def remove_host(host_name) raise 'Server Name Indication (SNI) not configured for default host' unless @hosts raise 'only valid for server mode context' unless @is_server context = @hosts[host_name.to_s] if context @hosts.delete(host_name.to_s) context.cleanup end nil end |
#signal_handshake ⇒ Object
689 690 691 692 693 694 695 696 697 698 699 700 701 702 703 704 705 706 707 708 709 710 711 |
# File 'lib/ruby-tls/ssl.rb', line 689 def signal_handshake @handshake_signaled = true # Check protocol support here if @context.alpn_set proto = negotiated_protocol if proto == :failed if @negotiated # We should shutdown if this is the case @transport.close_cb return elsif @alpn_fallback # Client or Server with a client that doesn't support ALPN proto = @alpn_fallback.to_sym end end else proto = nil end @transport.handshake_cb(proto) end |
#start ⇒ Object
638 639 640 641 642 |
# File 'lib/ruby-tls/ssl.rb', line 638 def start return unless @ready dispatch_cipher_text end |
#verify(cert) ⇒ Object
Called from class level callback function
743 744 745 |
# File 'lib/ruby-tls/ssl.rb', line 743 def verify(cert) @transport.verify_cb(cert) == true ? 1 : 0 end |