Class: Mongo::Socket::SSL Private

Inherits:

Mongo::Socket

• Object
• Mongo::Socket
• Mongo::Socket::SSL

Includes:

Loggable, OpenSSL

Defined in:

lib/mongo/socket/ssl.rb

Overview

This class is part of a private API. You should avoid using this class if possible, as it may be removed or be changed in the future.

Wrapper for TLS sockets.

Since:

• 2.0.0

Constant Summary

Constants included from Loggable

Loggable::PREFIX

Constants inherited from Mongo::Socket

SSL_ERROR, TIMEOUT_ERROR, TIMEOUT_PACK, WRITE_CHUNK_SIZE

Instance Attribute Summary

• #context ⇒ SSLContext readonly private

  Context The TLS context.

• #host ⇒ String readonly private

  Host The host to connect to.

• #host_name ⇒ String readonly private

  Host_name The original host name.

• #port ⇒ Integer readonly private

  Port The port to connect to.

Attributes inherited from Mongo::Socket

#family, #options, #socket, #timeout

Instance Method Summary

• #initialize(host, port, host_name, timeout, family, options = {}) ⇒ SSL constructor private

  Initializes a new TLS socket.

• #readbyte ⇒ Object private

  Read a single byte from the socket.

Methods included from Loggable

#log_debug, #log_error, #log_fatal, #log_info, #log_warn, #logger

Methods inherited from Mongo::Socket

#alive?, #close, #connectable?, #connection_address, #connection_generation, #eof?, #gets, #monitor?, #pipe, #read, #summary, #write

Constructor Details

#initialize(host, port, host_name, timeout, family, options = {}) ⇒ SSL

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Initializes a new TLS socket.

Examples:

Create the TLS socket.

SSL.new('::1', 27017, 30)

Parameters:

• host (String) —

  The hostname or IP address.

• port (Integer) —

  The port number.

• timeout (Float) —

  The socket timeout value.

• family (Integer) —

  The socket family.

• options (Hash) (defaults to: {}) —

  The options.

Options Hash (options):

• :connect_timeout (Float) —

  Connect timeout.

• :connection_address (Address) —

  Address of the connection that created this socket.

• :connection_generation (Integer) —

  Generation of the connection (for non-monitoring connections) that created this socket.

• :monitor (true | false) —

  Whether this socket was created by a monitoring connection.

• :ssl_ca_cert (String) —

  The file containing concatenated certificate authority certificates used to validate certs passed from the other end of the connection. Intermediate certificates should NOT be specified in files referenced by this option. One of :ssl_ca_cert, :ssl_ca_cert_string or :ssl_ca_cert_object (in order of priority) is required when using :ssl_verify.

• :ssl_ca_cert_object (Array<OpenSSL::X509::Certificate>) —

  An array of OpenSSL::X509::Certificate objects representing the certificate authority certificates used to validate certs passed from the other end of the connection. Intermediate certificates should NOT be specified in files referenced by this option. One of :ssl_ca_cert, :ssl_ca_cert_string or :ssl_ca_cert_object (in order of priority) is required when using :ssl_verify.

• :ssl_ca_cert_string (String) —

  A string containing certificate authority certificate used to validate certs passed from the other end of the connection. This option allows passing only one CA certificate to the driver. Intermediate certificates should NOT be specified in files referenced by this option. One of :ssl_ca_cert, :ssl_ca_cert_string or :ssl_ca_cert_object (in order of priority) is required when using :ssl_verify.

• :ssl_cert (String) —

  The certificate file used to identify the connection against MongoDB. A certificate chain may be passed by specifying the client certificate first followed by any intermediate certificates up to the CA certificate. The file may also contain the certificate’s private key, which will be ignored. This option, if present, takes precedence over the values of :ssl_cert_string and :ssl_cert_object

• :ssl_cert_object (OpenSSL::X509::Certificate) —

  The OpenSSL::X509::Certificate used to identify the connection against MongoDB. Only one certificate may be passed through this option.

• :ssl_cert_string (String) —

  A string containing the PEM-encoded certificate used to identify the connection against MongoDB. A certificate chain may be passed by specifying the client certificate first followed by any intermediate certificates up to the CA certificate. The string may also contain the certificate’s private key, which will be ignored, This option, if present, takes precedence over the value of :ssl_cert_object

• :ssl_key (String) —

  The private keyfile used to identify the connection against MongoDB. Note that even if the key is stored in the same file as the certificate, both need to be explicitly specified. This option, if present, takes precedence over the values of :ssl_key_string and :ssl_key_object

• :ssl_key_object (OpenSSL::PKey) —

  The private key used to identify the connection against MongoDB

• :ssl_key_pass_phrase (String) —

  A passphrase for the private key.

• :ssl_key_string (String) —

  A string containing the PEM-encoded private key used to identify the connection against MongoDB. This parameter, if present, takes precedence over the value of option :ssl_key_object

• :ssl_verify (true, false) —

  Whether to perform peer certificate validation and hostname verification. Note that the decision of whether to validate certificates will be overridden if :ssl_verify_certificate is set, and the decision of whether to validate hostnames will be overridden if :ssl_verify_hostname is set.

• :ssl_verify_certificate (true, false) —

  Whether to perform peer certificate validation. This setting overrides :ssl_verify with respect to whether certificate validation is performed.

• :ssl_verify_hostname (true, false) —

  Whether to perform peer hostname validation. This setting overrides :ssl_verify with respect to whether hostname validation is performed.

Since:

• 2.0.0

# File 'lib/mongo/socket/ssl.rb', line 104

def initialize(host, port, host_name, timeout, family, options = {})
  super(timeout, options)
  @host, @port, @host_name = host, port, host_name
  @context = create_context(options)
  @family = family
  @tcp_socket = ::Socket.new(family, SOCK_STREAM, 0)
  begin
    @tcp_socket.setsockopt(IPPROTO_TCP, TCP_NODELAY, 1)
    set_socket_options(@tcp_socket)
    run_tls_context_hooks

    connect!
  rescue
    @tcp_socket.close
    raise
  end
end

Instance Attribute Details

#context ⇒ SSLContext (readonly)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Returns context The TLS context.

Returns:

• (SSLContext) —

  context The TLS context.

Since:

• 2.0.0

# File 'lib/mongo/socket/ssl.rb', line 123

def context
  @context
end

#host ⇒ String (readonly)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Returns host The host to connect to.

Returns:

• (String) —

  host The host to connect to.

Since:

• 2.0.0

# File 'lib/mongo/socket/ssl.rb', line 126

def host
  @host
end

#host_name ⇒ String (readonly)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Returns host_name The original host name.

Returns:

• (String) —

  host_name The original host name.

Since:

• 2.0.0

# File 'lib/mongo/socket/ssl.rb', line 129

def host_name
  @host_name
end

#port ⇒ Integer (readonly)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Returns port The port to connect to.

Returns:

• (Integer) —

  port The port to connect to.

Since:

• 2.0.0

# File 'lib/mongo/socket/ssl.rb', line 132

def port
  @port
end

Instance Method Details

#readbyte ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Read a single byte from the socket.

Examples:

Read a single byte.

socket.readbyte

Returns:

• (Object) —

  The read byte.

Since:

• 2.0.0

# File 'lib/mongo/socket/ssl.rb', line 188

def readbyte
  map_exceptions do
    byte = socket.read(1).bytes.to_a[0]
    byte.nil? ? raise(EOFError) : byte
  end
end