Class: Puma::MiniSSL::Context
Relationships & Source Files | |
Inherits: | Object |
Defined in: | lib/puma/minissl.rb |
Class Method Summary
- .new ⇒ Context constructor
Instance Attribute Summary
- #ca rw
- #ca=(ca) rw
- #cert rw
- #cert=(cert) rw
- #cert_pem rw
- #cert_pem=(cert_pem) rw
- #cipher_suites (also: #ssl_cipher_list) rw
- #cipher_suites=(list) (also: #ssl_cipher_list=) rw
-
#key
rw
non-jruby
Context
properties. - #key=(key) rw
- #key_password_command rw
- #key_password_command=(key_password_command) rw
- #key_pem rw
- #key_pem=(key_pem) rw
-
#keystore
rw
jruby-specific
Context
properties: java uses a keystore and password pair rather than a cert/key pair. - #keystore=(keystore) rw
- #keystore_pass rw
- #keystore_type rw
- #keystore_type=(type) rw
- #no_tlsv1 rw
-
#no_tlsv1=(tlsv1)
rw
disables TLSv1.
- #no_tlsv1_1 rw
-
#no_tlsv1_1=(tlsv1_1)
rw
disables TLSv1 and
TLSv1.1
. - #protocols rw
- #protocols=(list) rw
- #reuse rw
-
#reuse=(reuse_str)
rw
Controls session reuse.
- #reuse_cache_size readonly
- #reuse_timeout readonly
- #ssl_cipher_filter rw
-
#ssl_cipher_list
rw
Alias for #cipher_suites.
- #ssl_ciphersuites rw
- #truststore rw
- #truststore=(truststore) rw
- #truststore_pass rw
- #truststore_type rw
- #truststore_type=(type) rw
- #verification_flags rw
- #verify_mode rw
Instance Method Summary
-
#check
See additional method definition at line 278.
- #check_file(file, desc)
-
#key_password
Executes the command to return the password needed to decrypt the key.
Constructor Details
.new ⇒ Context
# File 'lib/puma/minissl.rb', line 212
def initialize @no_tlsv1 = false @no_tlsv1_1 = false @key = nil @cert = nil @key_pem = nil @cert_pem = nil @reuse = nil @reuse_cache_size = nil @reuse_timeout = nil end
Instance Attribute Details
#ca (rw)
[ GitHub ]# File 'lib/puma/minissl.rb', line 288
attr_reader :ca
#ca=(ca) (rw)
[ GitHub ]# File 'lib/puma/minissl.rb', line 311
def ca=(ca) check_file ca, 'ca' @ca = ca end
#cert (rw)
[ GitHub ]# File 'lib/puma/minissl.rb', line 287
attr_reader :cert
#cert=(cert) (rw)
[ GitHub ]# File 'lib/puma/minissl.rb', line 306
def cert=(cert) check_file cert, 'Cert' @cert = cert end
#cert_pem (rw)
[ GitHub ]# File 'lib/puma/minissl.rb', line 289
attr_reader :cert_pem
#cert_pem=(cert_pem) (rw)
#cipher_suites (rw) Also known as: #ssl_cipher_list
[ GitHub ]# File 'lib/puma/minissl.rb', line 237
attr_reader :cipher_suites
#cipher_suites=(list) (rw) Also known as: #ssl_cipher_list=
[ GitHub ]# File 'lib/puma/minissl.rb', line 264
def cipher_suites=(list) list = list.split(',').map(&:strip) if list.is_a?(String) @cipher_suites = list end
#key (rw)
non-jruby Context
properties
# File 'lib/puma/minissl.rb', line 285
attr_reader :key
#key=(key) (rw)
[ GitHub ]# File 'lib/puma/minissl.rb', line 297
def key=(key) check_file key, 'Key' @key = key end
#key_password_command (rw)
[ GitHub ]# File 'lib/puma/minissl.rb', line 286
attr_reader :key_password_command
#key_password_command=(key_password_command) (rw)
[ GitHub ]# File 'lib/puma/minissl.rb', line 302
def key_password_command=(key_password_command) @key_password_command = key_password_command end
#key_pem (rw)
[ GitHub ]# File 'lib/puma/minissl.rb', line 290
attr_reader :key_pem
#key_pem=(key_pem) (rw)
#keystore (rw)
jruby-specific Context
properties: java uses a keystore and password pair rather than a cert/key pair
# File 'lib/puma/minissl.rb', line 231
attr_reader :keystore
#keystore=(keystore) (rw)
[ GitHub ]# File 'lib/puma/minissl.rb', line 240
def keystore=(keystore) check_file keystore, 'Keystore' @keystore = keystore end
#keystore_pass (rw)
[ GitHub ]# File 'lib/puma/minissl.rb', line 233
attr_accessor :keystore_pass
#keystore_type (rw)
[ GitHub ]# File 'lib/puma/minissl.rb', line 232
attr_reader :keystore_type
#keystore_type=(type) (rw)
# File 'lib/puma/minissl.rb', line 254
def keystore_type=(type) raise ArgumentError, "Invalid keystore type: #{type.inspect}" unless ['pkcs12', 'jks', nil].include?(type) @keystore_type = type end
#no_tlsv1 (rw)
[ GitHub ]# File 'lib/puma/minissl.rb', line 210
attr_reader :no_tlsv1, :no_tlsv1_1
#no_tlsv1=(tlsv1) (rw)
disables TLSv1
# File 'lib/puma/minissl.rb', line 374
def no_tlsv1=(tlsv1) raise ArgumentError, "Invalid value of no_tlsv1=" unless ['true', 'false', true, false].include?(tlsv1) @no_tlsv1 = tlsv1 end
#no_tlsv1_1 (rw)
[ GitHub ]# File 'lib/puma/minissl.rb', line 210
attr_reader :no_tlsv1, :no_tlsv1_1
#no_tlsv1_1=(tlsv1_1) (rw)
disables TLSv1 and TLSv1.1
. Overrides #no_tlsv1=
# File 'lib/puma/minissl.rb', line 381
def no_tlsv1_1=(tlsv1_1) raise ArgumentError, "Invalid value of no_tlsv1_1=" unless ['true', 'false', true, false].include?(tlsv1_1) @no_tlsv1_1 = tlsv1_1 end
#protocols (rw)
[ GitHub ]# File 'lib/puma/minissl.rb', line 238
attr_reader :protocols
#protocols=(list) (rw)
[ GitHub ]# File 'lib/puma/minissl.rb', line 273
def protocols=(list) list = list.split(',').map(&:strip) if list.is_a?(String) @protocols = list end
#reuse (rw)
[ GitHub ]# File 'lib/puma/minissl.rb', line 295
attr_reader :reuse, :reuse_cache_size, :reuse_timeout
#reuse=(reuse_str) (rw)
Controls session reuse. Allowed values are as follows:
-
‘off’ - matches the behavior of
::Puma
5.6 and earlier. This is included in case reuse ‘on’ is made the default in future Puma versions. -
‘dflt’ - sets session reuse on, with OpenSSL default cache size of 20k and default timeout of 300 seconds.
-
‘s,t’ - where s and t are integer strings, for size and timeout.
-
‘s’ - where s is an integer strings for size.
-
‘,t’ - where t is an integer strings for timeout.
# File 'lib/puma/minissl.rb', line 351
def reuse=(reuse_str) case reuse_str when 'off' @reuse = nil when 'dflt' @reuse = true when /\A\d+\z/ @reuse = true @reuse_cache_size = reuse_str.to_i when /\A\d,\d\z/ @reuse = true size, time = reuse_str.split ',' @reuse_cache_size = size.to_i @reuse_timeout = time.to_i when /\A,\d+\z/ @reuse = true @reuse_timeout = reuse_str.delete(',').to_i end end
#reuse_cache_size (readonly)
[ GitHub ]# File 'lib/puma/minissl.rb', line 295
attr_reader :reuse, :reuse_cache_size, :reuse_timeout
#reuse_timeout (readonly)
[ GitHub ]# File 'lib/puma/minissl.rb', line 295
attr_reader :reuse, :reuse_cache_size, :reuse_timeout
#ssl_cipher_filter (rw)
[ GitHub ]# File 'lib/puma/minissl.rb', line 291
attr_accessor :ssl_cipher_filter
#ssl_cipher_list (rw)
Alias for #cipher_suites.
# File 'lib/puma/minissl.rb', line 270
alias_method :ssl_cipher_list, :cipher_suites
#ssl_ciphersuites (rw)
[ GitHub ]# File 'lib/puma/minissl.rb', line 292
attr_accessor :ssl_ciphersuites
#truststore (rw)
[ GitHub ]# File 'lib/puma/minissl.rb', line 234
attr_reader :truststore
#truststore=(truststore) (rw)
[ GitHub ]# File 'lib/puma/minissl.rb', line 245
def truststore=(truststore) # NOTE: historically truststore was assumed the same as keystore, this is kept for backwards # compatibility, to rely on JVM's trust defaults we allow setting `truststore = :default` unless truststore.eql?(:default) raise ArgumentError, "No such truststore file '#{truststore}'" unless File.exist?(truststore) end @truststore = truststore end
#truststore_pass (rw)
[ GitHub ]# File 'lib/puma/minissl.rb', line 236
attr_accessor :truststore_pass
#truststore_type (rw)
[ GitHub ]# File 'lib/puma/minissl.rb', line 235
attr_reader :truststore_type
#truststore_type=(type) (rw)
# File 'lib/puma/minissl.rb', line 259
def truststore_type=(type) raise ArgumentError, "Invalid truststore type: #{type.inspect}" unless ['pkcs12', 'jks', nil].include?(type) @truststore_type = type end
#verification_flags (rw)
[ GitHub ]# File 'lib/puma/minissl.rb', line 293
attr_accessor :verification_flags
#verify_mode (rw)
[ GitHub ]# File 'lib/puma/minissl.rb', line 209
attr_accessor :verify_mode
Instance Method Details
#check
See additional method definition at line 278.
# File 'lib/puma/minissl.rb', line 326
def check raise "Keystore not configured" unless @keystore # @truststore defaults to @keystore due backwards compatibility end
#check_file(file, desc)
# File 'lib/puma/minissl.rb', line 224
def check_file(file, desc) raise ArgumentError, "#{desc} file '#{file}' does not exist" unless File.exist? file raise ArgumentError, "#{desc} file '#{file}' is not readable" unless File.readable? file end
#key_password
Executes the command to return the password needed to decrypt the key.
# File 'lib/puma/minissl.rb', line 332
def key_password raise "Key password command not configured" if @key_password_command.nil? stdout_str, stderr_str, status = Open3.capture3(@key_password_command) return stdout_str.chomp if status.success? raise "Key password failed with code #{status.exitstatus}: #{stderr_str}" end