123456789_123456789_123456789_123456789_123456789_

Class: OpenSSL::SSL::SSLSocket

Relationships & Source Files
Super Chains via Extension / Inclusion / Inheritance
Instance Chain:
self, Nonblock, SocketForwarder, ::OpenSSL::Buffering, Enumerable
Inherits: Object
Defined in: ext/openssl/ossl_ssl.c,
ext/openssl/lib/openssl/ssl.rb

Overview

The following attributes are available but don't show up in rdoc.

  • io, context, sync_close

Constant Summary

::OpenSSL::Buffering - Included

BLOCK_SIZE

Class Method Summary

Instance Attribute Summary

SocketForwarder - Included

#closed?, #do_not_reverse_lookup=

::OpenSSL::Buffering - Included

#sync

The “sync mode” of the SSLSocket.
#eof

Alias for Buffering#eof?.

Instance Method Summary

Nonblock - Included

#initialize

SocketForwarder - Included

#addr, #fcntl, #getsockopt, #peeraddr, #setsockopt

::OpenSSL::Buffering - Included

#<<

Writes s to the stream.
#close

Closes the SSLSocket and flushes any unwritten data.
#each

Executes the block for every line in the stream where lines are separated by eol.
#each_byte

Calls the given block once for each byte in the stream.
#each_line

Alias for Buffering#each.
#eof?

Returns true if the stream is at file which means there is no more data to be read.
#flush

Flushes buffered data to the SSLSocket.
#getc

Reads one character from the stream.
#gets

Reads the next “line+ from the stream.
#initialize

Creates an instance of OpenSSL's buffering IO module.
#print

Writes args to the stream.
#printf

Formats and writes to the stream converting parameters under control of the format string.
#puts

Writes args to the stream along with a record separator.
#read

Reads size bytes from the stream.
#read_nonblock

Reads at most maxlen bytes in the non-blocking manner.
#readchar

Reads a one-character string from the stream.
#readline

Reads a line from the stream which is separated by eol.
#readlines

Reads lines from the stream which are separated by eol.
#readpartial

Reads at most maxlen bytes from the stream.
#ungetc

Pushes character c back onto the stream such that a subsequent buffered character read will return it.
#write

Writes s to the stream.
#write_nonblock

Writes str in the non-blocking manner.
#consume_rbuff

Consumes size bytes from the buffer.
#do_write

Writes s to the buffer.
#fill_rbuff

Fills the buffer from the underlying SSLSocket.

Constructor Details

.new

#new(io) ⇒ SSLSocket #new(io, ctx) ⇒ SSLSocket

Creates a new ::OpenSSL::SSL socket from io which must be a real ruby object (not an IO-like object that responds to read/write).

If ctx is provided the ::OpenSSL::SSL Sockets initial params will be taken from the context.

The ::OpenSSL::Buffering module provides additional IO methods.

This method will freeze the SSLContext if one is provided; however, session management is still allowed in the frozen SSLContext.

Instance Attribute Details

#session (rw)

[ GitHub ] 

  


# File 'ext/openssl/lib/openssl/ssl.rb', line 245



def session
  SSL::Session.new(self)
rescue SSL::Session::SessionError
  nil
end


  








  

    #session=(session)  ⇒ session  (rw)  



  

    

Sets the Session to be used when the connection is established.


  









  

    #session_reused?Boolean  (readonly)  



  

    

Returns true if a reused session was negotiated during the handshake.


  









  

    #using_anon_cipher?Boolean  (readonly, private)
  

  [ GitHub ]


  

  


# File 'ext/openssl/lib/openssl/ssl.rb', line 253



def using_anon_cipher?
  ctx = OpenSSL::SSL::SSLContext.new
  ctx.ciphers = "aNULL"
  ctx.ciphers.include?(cipher)
end


  







Instance Method Details



  

    #acceptself   



  

    

Waits for a SSL/TLS client to initiate a handshake.  The handshake may be started after unencrypted data has been sent over the socket.


  









  

    #accept_nonblockself   



  

    

Initiates the SSL/TLS handshake as a server in non-blocking manner.



# emulates blocking accept
begin
  ssl.accept_nonblock
rescue IO::WaitReadable
  IO.select([s2])
  retry
rescue IO::WaitWritable
  IO.select(nil, [s2])
  retry
end


  









  

    #cert  ⇒ cert?   



  

    

The X509 certificate for this socket endpoint.


  









  

    #cipherArray, ...   



  

    

The cipher being used for the current connection


  









  

    #client_caArray, ...   



  

    

Returns the list of client CAs. Please note that in contrast to SSLContext#client_ca= no array of ::OpenSSL::X509::Certificate is returned but ::OpenSSL::X509::Name instances of the CA's subject distinguished name.



In server mode, returns the list set by SSLContext#client_ca=. In client mode, returns the list of client CAs sent from the server.


  









  

    #connectself   



  

    

Initiates an SSL/TLS handshake with a server.  The handshake may be started after unencrypted data has been sent over the socket.


  









  

    #connect_nonblockself   



  

    

Initiates the SSL/TLS handshake as a client in non-blocking manner.



# emulates blocking connect
begin
  ssl.connect_nonblock
rescue IO::WaitReadable
  IO.select([s2])
  retry
rescue IO::WaitWritable
  IO.select(nil, [s2])
  retry
end


  









  

    #npn_protocolString   



  

    

Returns the protocol string that was finally selected by the client during the handshake.


  









  

    #peer_certcert?   



  

    

The X509 certificate for this socket's peer.


  









  

    #peer_cert_chainArray, ...   



  

    

The X509 certificate chain for this socket's peer.


  









  

    #pendingInteger   



  

    

The number of bytes that are immediately available for reading


  









  

    #post_connection_check(hostname)  
  



  

    

Perform hostname verification after an ::OpenSSL::SSL connection is established



This method MUST be called after calling #connect to ensure that the hostname of a remote peer has been verified.


  



  [ GitHub ]


  

  


# File 'ext/openssl/lib/openssl/ssl.rb', line 230



def post_connection_check(hostname)
  if peer_cert.nil?
    msg = "Peer verification enabled, but no certificate received."
    if using_anon_cipher?
      msg += " Anonymous cipher suite #{cipher[0]} was negotiated. Anonymous suites must be disabled to use peer verification."
    end
    raise SSLError, msg
  end

  unless OpenSSL::SSL.verify_certificate_identity(peer_cert, hostname)
    raise SSLError, "hostname \"#{hostname}\" does not match the server certificate"
  end
  return true
end


  








  

    #ssl_versionString   



  

    

Returns a String representing the SSL/TLS version that was negotiated for the connection, for example “TLSv1.2”.


  









  

    #stateString   



  

    

A description of the current connection state.


  









  

    #sysclosenil   



  

    

Shuts down the ::OpenSSL::SSL connection and prepares it for another connection.


  









  

    

      #sysread(length)  ⇒ String 
      #sysread(length, buffer)  ⇒ buffer 
    

  



  

    

Reads length bytes from the ::OpenSSL::SSL connection.  If a pre-allocated buffer is provided the data will be written into it.


  





  








  

    

      #sysread_nonblock(length)  ⇒ String  (private)
      #sysread_nonblock(length, buffer)  ⇒ buffer 
      #sysread_nonblock(length[, buffer [, opts])  ⇒ buffer 
    

  



  

    

A non-blocking version of #sysread.  Raises an SSLError if reading would block.  If “exception: false” is passed, this method returns a symbol of :wait_readable, :wait_writable, or nil, rather than raising an exception.



Reads length bytes from the ::OpenSSL::SSL connection.  If a pre-allocated buffer is provided the data will be written into it.


  





  








  

    #syswrite(string)  ⇒ Integer   



  

    

Writes string to the ::OpenSSL::SSL connection.


  









  

    #syswrite_nonblock(string)  ⇒ Integer  (private)  



  

    

Writes string to the ::OpenSSL::SSL connection in a non-blocking manner.  Raises an SSLError if writing would block.


  









  

    #to_io  
  



  

    

Alias for io.


  



  [ GitHub ]






  

    #verify_resultInteger   



  

    

Returns the result of the peer certificates verification.  See verify(1) for error values and descriptions.



If no peer certificate was presented X509_V_OK is returned.