Class: Socketry::SSL::Socket
- Inherits:
-
TCP::Socket
- Object
- TCP::Socket
- Socketry::SSL::Socket
- Defined in:
- lib/socketry/ssl/socket.rb
Overview
SSL Sockets
Constant Summary
Constants included from Timeout
Timeout::DEFAULT_TIMEOUTS, Timeout::DEFAULT_TIMER
Instance Attribute Summary
Attributes inherited from TCP::Socket
#addr_fmaily, #local_addr, #local_port, #read_timeout, #remote_addr, #remote_port, #resolver, #socket_class, #write_timeout
Instance Method Summary collapse
-
#accept(tcp_socket, timeout: nil) ⇒ self
Accept an SSL connection from a Socketry or Ruby socket.
-
#close ⇒ true, false
Close the socket.
-
#connect(remote_addr, remote_port, local_addr: nil, local_port: nil, timeout: Socketry::Timeout::DEFAULT_TIMEOUTS[:connect], enable_sni: true, verify_hostname: true) ⇒ self
Make an SSL connection to a remote host.
-
#from_socket(ssl_socket) ⇒ self
Wrap a Ruby OpenSSL::SSL::SSLSocket (or other low-level SSL socket).
-
#initialize(ssl_socket_class: OpenSSL::SSL::SSLSocket, ssl_context: OpenSSL::SSL::SSLContext.new, ssl_params: nil, **args) ⇒ Socketry::SSL::Socket
constructor
Create an unconnected Socketry::SSL::Socket.
-
#read_nonblock(size, outbuf: nil) ⇒ String, :wait_readable
Perform a non-blocking read operation.
-
#write_nonblock(data) ⇒ Fixnum, :wait_writable
Perform a non-blocking write operation.
Methods inherited from TCP::Socket
#closed?, connect, #nodelay, #nodelay=, #read, #readpartial, #reconnect, #to_io, #write, #writepartial
Methods included from Timeout
#clear_timeout, #lifetime, #set_timeout, #start_timer, #time_remaining
Constructor Details
#initialize(ssl_socket_class: OpenSSL::SSL::SSLSocket, ssl_context: OpenSSL::SSL::SSLContext.new, ssl_params: nil, **args) ⇒ Socketry::SSL::Socket
Create an unconnected Socketry::SSL::Socket
20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 |
# File 'lib/socketry/ssl/socket.rb', line 20 def initialize( ssl_socket_class: OpenSSL::SSL::SSLSocket, ssl_context: OpenSSL::SSL::SSLContext.new, ssl_params: nil, **args ) raise TypeError, "invalid SSL context (#{ssl_context.class})" unless ssl_context.is_a?(OpenSSL::SSL::SSLContext) raise TypeError, "expected Hash, got #{ssl_params.class}" if ssl_params && !ssl_params.is_a?(Hash) @ssl_socket_class = ssl_socket_class @ssl_context = ssl_context @ssl_context.set_params(ssl_params) if ssl_params && !ssl_params.empty? @ssl_socket = nil super(**args) end |
Instance Method Details
#accept(tcp_socket, timeout: nil) ⇒ self
Accept an SSL connection from a Socketry or Ruby socket
102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 |
# File 'lib/socketry/ssl/socket.rb', line 102 def accept(tcp_socket, timeout: nil) tcp_socket = IO.try_convert(tcp_socket) || raise(TypeError, "couldn't convert #{tcp_socket.class} to IO") ssl_socket = @ssl_socket_class.new(tcp_socket, @ssl_context) begin ssl_socket.accept_nonblock rescue IO::WaitReadable retry if IO.select([tcp_socket], nil, nil, timeout) raise Socketry::TimeoutError, "failed to complete handshake after #{timeout} seconds" rescue IO::WaitWritable retry if IO.select(nil, [tcp_socket], nil, timeout) raise Socketry::TimeoutError, "failed to complete handshake after #{timeout} seconds" end from_socket(ssl_socket) end |
#close ⇒ true, false
Close the socket
165 166 167 168 169 170 |
# File 'lib/socketry/ssl/socket.rb', line 165 def close return false unless super @ssl_socket.close @ssl_socket = nil true end |
#connect(remote_addr, remote_port, local_addr: nil, local_port: nil, timeout: Socketry::Timeout::DEFAULT_TIMEOUTS[:connect], enable_sni: true, verify_hostname: true) ⇒ self
Make an SSL connection to a remote host
53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 |
# File 'lib/socketry/ssl/socket.rb', line 53 def connect( remote_addr, remote_port, local_addr: nil, local_port: nil, timeout: Socketry::Timeout::DEFAULT_TIMEOUTS[:connect], enable_sni: true, verify_hostname: true ) super(remote_addr, remote_port, local_addr: local_addr, local_port: local_port, timeout: timeout) @ssl_socket = @ssl_socket_class.new(@socket, @ssl_context) @ssl_socket.hostname = remote_addr if enable_sni @ssl_socket.sync_close = true begin @ssl_socket.connect_nonblock rescue IO::WaitReadable retry if @socket.wait_readable(timeout) raise Socketry::TimeoutError, "connection to #{remote_addr}:#{remote_port} timed out" rescue IO::WaitWritable retry if @socket.wait_writable(timeout) raise Socketry::TimeoutError, "connection to #{remote_addr}:#{remote_port} timed out" rescue OpenSSL::SSL::SSLError => ex raise Socketry::SSL::CertificateVerifyError, ex. if ex..include?("certificate verify failed") raise Socketry::SSL::Error, ex., ex.backtrace end begin @ssl_socket.post_connection_check(remote_addr) if verify_hostname rescue OpenSSL::SSL::SSLError => ex raise Socketry::SSL::HostnameError, ex., ex.backtrace end self rescue => ex @socket.close rescue nil @socket = nil @ssl_socket.close rescue nil @ssl_socket = nil raise ex end |
#from_socket(ssl_socket) ⇒ self
Wrap a Ruby OpenSSL::SSL::SSLSocket (or other low-level SSL socket)
124 125 126 127 128 129 130 131 132 133 |
# File 'lib/socketry/ssl/socket.rb', line 124 def from_socket(ssl_socket) raise TypeError, "expected #{@ssl_socket_class}, got #{ssl_socket.class}" unless ssl_socket.is_a?(@ssl_socket_class) raise StateError, "already connected" if @socket @socket = ssl_socket.to_io @ssl_socket = ssl_socket @ssl_socket.sync_close = true self end |
#read_nonblock(size, outbuf: nil) ⇒ String, :wait_readable
Perform a non-blocking read operation
142 143 144 145 146 147 148 149 150 |
# File 'lib/socketry/ssl/socket.rb', line 142 def read_nonblock(size, outbuf: nil) case outbuf when String perform { @ssl_socket.read_nonblock(size, outbuf, exception: false) } when NilClass perform { @ssl_socket.read_nonblock(size, exception: false) } else raise TypeError, "unexpected outbuf class: #{outbuf.class}" end end |
#write_nonblock(data) ⇒ Fixnum, :wait_writable
Perform a non-blocking write operation
158 159 160 |
# File 'lib/socketry/ssl/socket.rb', line 158 def write_nonblock(data) perform { @ssl_socket.write_nonblock(data, exception: false) } end |