Method: EventMachine::Connection#start_tls
- Defined in:
- lib/em/connection.rb
#start_tls(args = {}) ⇒ Object
TODO:
support passing an encryption parameter, which can be string or Proc, to get a passphrase
TODO:
support passing key material via raw strings or Procs that return strings instead of
Call #start_tls at any point to initiate TLS encryption on connected streams. The method is smart enough to know whether it should perform a server-side or a client-side handshake. An appropriate place to call #start_tls is in your redefined #post_init method, or in the #connection_completed handler for an outbound connection.
for encrypted private keys. just filenames.
422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 |
# File 'lib/em/connection.rb', line 422 def start_tls args={} priv_key_path = args[:private_key_file] priv_key = args[:private_key] priv_key_pass = args[:private_key_pass] cert_chain_path = args[:cert_chain_file] cert = args[:cert] verify_peer = args[:verify_peer] sni_hostname = args[:sni_hostname] cipher_list = args[:cipher_list] ssl_version = args[:ssl_version] ecdh_curve = args[:ecdh_curve] dhparam = args[:dhparam] fail_if_no_peer_cert = args[:fail_if_no_peer_cert] [priv_key_path, cert_chain_path].each do |file| next if file.nil? or file.empty? raise FileNotFoundException, "Could not find #{file} for start_tls" unless File.exist? file end if !priv_key_path.nil? && !priv_key_path.empty? && !priv_key.nil? && !priv_key.empty? raise BadPrivateKeyParams, "Specifying both private_key and private_key_file not allowed" end if !cert_chain_path.nil? && !cert_chain_path.empty? && !cert.nil? && !cert.empty? raise BadCertParams, "Specifying both cert and cert_chain_file not allowed" end if (!priv_key_path.nil? && !priv_key_path.empty?) || (!priv_key.nil? && !priv_key.empty?) if (cert_chain_path.nil? || cert_chain_path.empty?) && (cert.nil? || cert.empty?) raise BadParams, "You have specified a private key to use, but not the related cert" end end protocols_bitmask = 0 if ssl_version.nil? protocols_bitmask |= EventMachine::EM_PROTO_TLSv1 protocols_bitmask |= EventMachine::EM_PROTO_TLSv1_1 protocols_bitmask |= EventMachine::EM_PROTO_TLSv1_2 if EventMachine.const_defined? :EM_PROTO_TLSv1_3 protocols_bitmask |= EventMachine::EM_PROTO_TLSv1_3 end else [ssl_version].flatten.each do |p| case p.to_s.downcase when 'sslv2' protocols_bitmask |= EventMachine::EM_PROTO_SSLv2 when 'sslv3' protocols_bitmask |= EventMachine::EM_PROTO_SSLv3 when 'tlsv1' protocols_bitmask |= EventMachine::EM_PROTO_TLSv1 when 'tlsv1_1' protocols_bitmask |= EventMachine::EM_PROTO_TLSv1_1 when 'tlsv1_2' protocols_bitmask |= EventMachine::EM_PROTO_TLSv1_2 when 'tlsv1_3' protocols_bitmask |= EventMachine::EM_PROTO_TLSv1_3 else raise("Unrecognized SSL/TLS Protocol: #{p}") end end end EventMachine::set_tls_parms(@signature, priv_key_path || '', priv_key || '', priv_key_pass || '', cert_chain_path || '', cert || '', verify_peer, fail_if_no_peer_cert, sni_hostname || '', cipher_list || '', ecdh_curve || '', dhparam || '', protocols_bitmask) EventMachine::start_tls @signature end |