Module: Ronin::Network::SSL

Includes:
TCP
Included in:
Net, Mixins::SSL, Support
Defined in:
lib/ronin/network/ssl.rb

Overview

Provides helper methods for communicating with SSL-enabled services.

Constant Summary collapse

VERIFY =

This constant is part of a private API. You should avoid using this constant if possible, as it may be removed or be changed in the future.

Maps SSL verify modes to OpenSSL::SSL::VERIFY_* constants.

Returns:

Since:

  • 1.3.0

Hash.new do |hash,key|
  verify_const = if key then "VERIFY_#{key.to_s.upcase}"
                 else        'VERIFY_NONE'
                 end

  unless OpenSSL::SSL.const_defined?(verify_const)
    raise(RuntimeError,"unknown verify mode #{key}")
  end

  hash[key] = OpenSSL::SSL.const_get(verify_const)
end

Instance Method Summary collapse

Methods included from TCP

#tcp_accept, #tcp_banner, #tcp_connect, #tcp_connect_and_send, #tcp_open?, #tcp_send, #tcp_server, #tcp_server_loop, #tcp_server_session, #tcp_session, #tcp_single_server

Instance Method Details

#ssl_connect(host, port, options = {}) {|ssl_socket| ... } ⇒ OpenSSL::SSL::SSLSocket

Establishes a SSL connection.

Examples:

socket = ssl_connect('twitter.com',443)

Parameters:

  • host (String)

    The host to connect to.

  • port (Integer)

    The port to connect to.

  • options (Hash) (defaults to: {})

    Additional options.

Options Hash (options):

  • :local_host (String)

    The local host to bind to.

  • :local_port (Integer)

    The local port to bind to.

  • :verify (Symbol)

    Specifies whether to verify the SSL certificate. May be one of the following:

    • :none
    • :peer
    • :client_once
    • :fail_if_no_peer_cert
  • :cert (String)

    The path to the SSL certificate.

  • :key (String)

    The path to the SSL key.

Yields:

  • (ssl_socket)

    The given block will be passed the new SSL Socket.

Yield Parameters:

  • ssl_socket (OpenSSL::SSL::SSLSocket)

    The new SSL Socket.

Returns:

  • (OpenSSL::SSL::SSLSocket)

    the new SSL Socket.

See Also:


105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
# File 'lib/ronin/network/ssl.rb', line 105

def ssl_connect(host,port,options={})
  local_host = options[:local_host]
  local_port = options[:local_port]

  cert = options[:cert]
  key  = options[:key]

  socket = tcp_connect(host,port,local_host,local_port)

  ssl_context = OpenSSL::SSL::SSLContext.new()
  ssl_context.verify_mode = SSL::VERIFY[options[:verify]]

  if cert
    ssl_context.cert = OpenSSL::X509::Certificate.new(File.new(cert))
  end

  if key
    ssl_context.key = OpenSSL::PKey::RSA.new(File.new(key))
  end

  ssl_socket = OpenSSL::SSL::SSLSocket.new(socket,ssl_context)
  ssl_socket.sync_close = true
  ssl_socket.connect

  yield ssl_socket if block_given?
  return ssl_socket
end

#ssl_session(host, port, options = {}) {|ssl_socket| ... } ⇒ nil

Creates a new temporary SSL connection.

Examples:

ssl_session('twitter.com',443) do |sock|
  sock.write("GET / HTTP/1.1\n\r\n\r")

  sock.each_line { |line| puts line }
end

Parameters:

  • host (String)

    The host to connect to.

  • port (Integer)

    The port to connect to.

  • options (Hash) (defaults to: {})

    Additional options.

Options Hash (options):

  • :local_host (String)

    The local host to bind to.

  • :local_port (Integer)

    The local port to bind to.

  • :verify (Symbol)

    Specifies whether to verify the SSL certificate.

  • :cert (String)

    The path to the SSL certificate.

  • :key (String)

    The path to the SSL key.

Yields:

  • (ssl_socket)

    The given block will be passed the temporary SSL Socket.

Yield Parameters:

  • ssl_socket (OpenSSL::SSL::SSLSocket)

    The temporary SSL Socket.

Returns:

  • (nil)

See Also:


179
180
181
182
183
# File 'lib/ronin/network/ssl.rb', line 179

def ssl_session(host,port,options={},&block)
  ssl_socket = ssl_connect(host,port,options,&block)
  ssl_socket.close
  return nil
end