Class: Mongo::Socket::SSL Private

Inherits:
Mongo::Socket show all
Includes:
OpenSSL
Defined in:
lib/mongo/socket/ssl.rb

Overview

This class is part of a private API. You should avoid using this class if possible, as it may be removed or be changed in the future.

Wrapper for TLS sockets.

Since:

  • 2.0.0

Constant Summary

Constants inherited from Mongo::Socket

SSL_ERROR, TIMEOUT_ERROR, TIMEOUT_PACK, WRITE_CHUNK_SIZE

Instance Attribute Summary collapse

Attributes inherited from Mongo::Socket

#family, #options, #socket, #timeout

Instance Method Summary collapse

Methods inherited from Mongo::Socket

#alive?, #close, #connectable?, #connection_address, #connection_generation, #eof?, #gets, #monitor?, #read, #summary, #write

Constructor Details

#initialize(host, port, host_name, timeout, family, options = {}) ⇒ SSL

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Initializes a new TLS socket.

Examples:

Create the TLS socket.

SSL.new('::1', 27017, 30)

Parameters:

  • host (String)

    The hostname or IP address.

  • port (Integer)

    The port number.

  • timeout (Float)

    The socket timeout value.

  • family (Integer)

    The socket family.

  • options (Hash) (defaults to: {})

    The options.

Options Hash (options):

  • :connect_timeout (Float)

    Connect timeout.

  • :connection_address (Address)

    Address of the connection that created this socket.

  • :connection_generation (Integer)

    Generation of the connection (for non-monitoring connections) that created this socket.

  • :monitor (true | false)

    Whether this socket was created by a monitoring connection.

  • :ssl_ca_cert (String)

    The file containing concatenated certificate authority certificates used to validate certs passed from the other end of the connection. Intermediate certificates should NOT be specified in files referenced by this option. One of :ssl_ca_cert, :ssl_ca_cert_string or :ssl_ca_cert_object (in order of priority) is required when using :ssl_verify.

  • :ssl_ca_cert_object (Array<OpenSSL::X509::Certificate>)

    An array of OpenSSL::X509::Certificate objects representing the certificate authority certificates used to validate certs passed from the other end of the connection. Intermediate certificates should NOT be specified in files referenced by this option. One of :ssl_ca_cert, :ssl_ca_cert_string or :ssl_ca_cert_object (in order of priority) is required when using :ssl_verify.

  • :ssl_ca_cert_string (String)

    A string containing certificate authority certificate used to validate certs passed from the other end of the connection. This option allows passing only one CA certificate to the driver. Intermediate certificates should NOT be specified in files referenced by this option. One of :ssl_ca_cert, :ssl_ca_cert_string or :ssl_ca_cert_object (in order of priority) is required when using :ssl_verify.

  • :ssl_cert (String)

    The certificate file used to identify the connection against MongoDB. A certificate chain may be passed by specifying the client certificate first followed by any intermediate certificates up to the CA certificate. The file may also contain the certificate’s private key, which will be ignored. This option, if present, takes precedence over the values of :ssl_cert_string and :ssl_cert_object

  • :ssl_cert_object (OpenSSL::X509::Certificate)

    The OpenSSL::X509::Certificate used to identify the connection against MongoDB. Only one certificate may be passed through this option.

  • :ssl_cert_string (String)

    A string containing the PEM-encoded certificate used to identify the connection against MongoDB. A certificate chain may be passed by specifying the client certificate first followed by any intermediate certificates up to the CA certificate. The string may also contain the certificate’s private key, which will be ignored, This option, if present, takes precedence over the value of :ssl_cert_object

  • :ssl_key (String)

    The private keyfile used to identify the connection against MongoDB. Note that even if the key is stored in the same file as the certificate, both need to be explicitly specified. This option, if present, takes precedence over the values of :ssl_key_string and :ssl_key_object

  • :ssl_key_object (OpenSSL::PKey)

    The private key used to identify the connection against MongoDB

  • :ssl_key_pass_phrase (String)

    A passphrase for the private key.

  • :ssl_key_string (String)

    A string containing the PEM-encoded private key used to identify the connection against MongoDB. This parameter, if present, takes precedence over the value of option :ssl_key_object

  • :ssl_verify (true, false)

    Whether to perform peer certificate validation and hostname verification. Note that the decision of whether to validate certificates will be overridden if :ssl_verify_certificate is set, and the decision of whether to validate hostnames will be overridden if :ssl_verify_hostname is set.

  • :ssl_verify_certificate (true, false)

    Whether to perform peer certificate validation. This setting overrides :ssl_verify with respect to whether certificate validation is performed.

  • :ssl_verify_hostname (true, false)

    Whether to perform peer hostname validation. This setting overrides :ssl_verify with respect to whether hostname validation is performed.

Since:

  • 2.0.0



103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
# File 'lib/mongo/socket/ssl.rb', line 103

def initialize(host, port, host_name, timeout, family, options = {})
  super(timeout, options)
  @host, @port, @host_name = host, port, host_name
  @context = create_context(options)
  @family = family
  @tcp_socket = ::Socket.new(family, SOCK_STREAM, 0)
  begin
    @tcp_socket.setsockopt(IPPROTO_TCP, TCP_NODELAY, 1)
    set_socket_options(@tcp_socket)
    run_tls_context_hooks

    connect!
  rescue
    @tcp_socket.close
    raise
  end
end

Instance Attribute Details

#contextSSLContext (readonly)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Returns context The TLS context.

Returns:

  • (SSLContext)

    context The TLS context.

Since:

  • 2.0.0



122
123
124
# File 'lib/mongo/socket/ssl.rb', line 122

def context
  @context
end

#hostString (readonly)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Returns host The host to connect to.

Returns:

  • (String)

    host The host to connect to.

Since:

  • 2.0.0



125
126
127
# File 'lib/mongo/socket/ssl.rb', line 125

def host
  @host
end

#host_nameString (readonly)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Returns host_name The original host name.

Returns:

  • (String)

    host_name The original host name.

Since:

  • 2.0.0



128
129
130
# File 'lib/mongo/socket/ssl.rb', line 128

def host_name
  @host_name
end

#portInteger (readonly)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Returns port The port to connect to.

Returns:

  • (Integer)

    port The port to connect to.

Since:

  • 2.0.0



131
132
133
# File 'lib/mongo/socket/ssl.rb', line 131

def port
  @port
end

Instance Method Details

#readbyteObject

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Read a single byte from the socket.

Examples:

Read a single byte.

socket.readbyte

Returns:

  • (Object)

    The read byte.

Since:

  • 2.0.0



176
177
178
179
180
181
# File 'lib/mongo/socket/ssl.rb', line 176

def readbyte
  map_exceptions do
    byte = socket.read(1).bytes.to_a[0]
    byte.nil? ? raise(EOFError) : byte
  end
end