123456789_123456789_123456789_123456789_123456789_

Class: OpenSSL::SSL::SSLSocket

Relationships & Source Files
Super Chains via Extension / Inclusion / Inheritance
Instance Chain:
Inherits: Object
Defined in: ext/openssl/ossl_ssl.c,
ext/openssl/lib/openssl/ssl.rb

Overview

The following attributes are available but don't show up in rdoc.

  • io, context, sync_close

Constant Summary

::OpenSSL::Buffering - Included

BLOCK_SIZE

Class Method Summary

Instance Attribute Summary

SocketForwarder - Included

::OpenSSL::Buffering - Included

#sync

The “sync mode” of the SSLSocket.

#eof

Alias for Buffering#eof?.

Instance Method Summary

Nonblock - Included

SocketForwarder - Included

::OpenSSL::Buffering - Included

#<<

Writes s to the stream.

#close

Closes the SSLSocket and flushes any unwritten data.

#each

Executes the block for every line in the stream where lines are separated by eol.

#each_byte

Calls the given block once for each byte in the stream.

#each_line

Alias for Buffering#each.

#eof?

Returns true if the stream is at file which means there is no more data to be read.

#flush

Flushes buffered data to the SSLSocket.

#getc

Reads one character from the stream.

#gets

Reads the next “line+ from the stream.

#initialize

Creates an instance of OpenSSL's buffering IO module.

#print

Writes args to the stream.

#printf

Formats and writes to the stream converting parameters under control of the format string.

#puts

Writes args to the stream along with a record separator.

#read

Reads size bytes from the stream.

#read_nonblock

Reads at most maxlen bytes in the non-blocking manner.

#readchar

Reads a one-character string from the stream.

#readline

Reads a line from the stream which is separated by eol.

#readlines

Reads lines from the stream which are separated by eol.

#readpartial

Reads at most maxlen bytes from the stream.

#ungetc

Pushes character c back onto the stream such that a subsequent buffered character read will return it.

#write

Writes s to the stream.

#write_nonblock

Writes str in the non-blocking manner.

#consume_rbuff

Consumes size bytes from the buffer.

#do_write

Writes s to the buffer.

#fill_rbuff

Fills the buffer from the underlying SSLSocket.

Constructor Details

.new

#new(io) ⇒ SSLSocket #new(io, ctx) ⇒ SSLSocket

Creates a new ::OpenSSL::SSL socket from io which must be a real ruby object (not an IO-like object that responds to read/write).

If ctx is provided the ::OpenSSL::SSL Sockets initial params will be taken from the context.

The ::OpenSSL::Buffering module provides additional IO methods.

This method will freeze the SSLContext if one is provided; however, session management is still allowed in the frozen SSLContext.

Instance Attribute Details

#session (rw)

[ GitHub ]

  
# File 'ext/openssl/lib/openssl/ssl.rb', line 245

def session
  SSL::Session.new(self)
rescue SSL::Session::SessionError
  nil
end

#session=(session) ⇒ session (rw)

Sets the Session to be used when the connection is established.

#session_reused?Boolean (readonly)

Returns true if a reused session was negotiated during the handshake.

#using_anon_cipher?Boolean (readonly, private)

[ GitHub ]

  
# File 'ext/openssl/lib/openssl/ssl.rb', line 253

def using_anon_cipher?
  ctx = OpenSSL::SSL::SSLContext.new
  ctx.ciphers = "aNULL"
  ctx.ciphers.include?(cipher)
end

Instance Method Details

#acceptself

Waits for a SSL/TLS client to initiate a handshake. The handshake may be started after unencrypted data has been sent over the socket.

#accept_nonblockself

Initiates the SSL/TLS handshake as a server in non-blocking manner.

# emulates blocking accept
begin
  ssl.accept_nonblock
rescue IO::WaitReadable
  IO.select([s2])
  retry
rescue IO::WaitWritable
  IO.select(nil, [s2])
  retry
end

#cert ⇒ cert?

The X509 certificate for this socket endpoint.

#cipherArray, ...

The cipher being used for the current connection

#client_caArray, ...

Returns the list of client CAs. Please note that in contrast to SSLContext#client_ca= no array of ::OpenSSL::X509::Certificate is returned but ::OpenSSL::X509::Name instances of the CA's subject distinguished name.

In server mode, returns the list set by SSLContext#client_ca=. In client mode, returns the list of client CAs sent from the server.

#connectself

Initiates an SSL/TLS handshake with a server. The handshake may be started after unencrypted data has been sent over the socket.

#connect_nonblockself

Initiates the SSL/TLS handshake as a client in non-blocking manner.

# emulates blocking connect
begin
  ssl.connect_nonblock
rescue IO::WaitReadable
  IO.select([s2])
  retry
rescue IO::WaitWritable
  IO.select(nil, [s2])
  retry
end

#npn_protocolString

Returns the protocol string that was finally selected by the client during the handshake.

#peer_certcert?

The X509 certificate for this socket's peer.

#peer_cert_chainArray, ...

The X509 certificate chain for this socket's peer.

#pendingInteger

The number of bytes that are immediately available for reading

#post_connection_check(hostname)

Perform hostname verification after an ::OpenSSL::SSL connection is established

This method MUST be called after calling #connect to ensure that the hostname of a remote peer has been verified.

[ GitHub ]

  
# File 'ext/openssl/lib/openssl/ssl.rb', line 230

def post_connection_check(hostname)
  if peer_cert.nil?
    msg = "Peer verification enabled, but no certificate received."
    if using_anon_cipher?
      msg += " Anonymous cipher suite #{cipher[0]} was negotiated. Anonymous suites must be disabled to use peer verification."
    end
    raise SSLError, msg
  end

  unless OpenSSL::SSL.verify_certificate_identity(peer_cert, hostname)
    raise SSLError, "hostname \"#{hostname}\" does not match the server certificate"
  end
  return true
end

#ssl_versionString

Returns a String representing the SSL/TLS version that was negotiated for the connection, for example “TLSv1.2”.

#stateString

A description of the current connection state.

#sysclosenil

Shuts down the ::OpenSSL::SSL connection and prepares it for another connection.

#sysread(length) ⇒ String #sysread(length, buffer) ⇒ buffer

Reads length bytes from the ::OpenSSL::SSL connection. If a pre-allocated buffer is provided the data will be written into it.

#sysread_nonblock(length) ⇒ String (private) #sysread_nonblock(length, buffer) ⇒ buffer #sysread_nonblock(length[, buffer [, opts]) ⇒ buffer

A non-blocking version of #sysread. Raises an SSLError if reading would block. If “exception: false” is passed, this method returns a symbol of :wait_readable, :wait_writable, or nil, rather than raising an exception.

Reads length bytes from the ::OpenSSL::SSL connection. If a pre-allocated buffer is provided the data will be written into it.

#syswrite(string) ⇒ Integer

Writes string to the ::OpenSSL::SSL connection.

#syswrite_nonblock(string) ⇒ Integer (private)

Writes string to the ::OpenSSL::SSL connection in a non-blocking manner. Raises an SSLError if writing would block.

#to_io

Alias for io.

[ GitHub ]

#verify_resultInteger

Returns the result of the peer certificates verification. See verify(1) for error values and descriptions.

If no peer certificate was presented X509_V_OK is returned.