123456789_123456789_123456789_123456789_123456789_

Class: OpenSSL::SSL::SSLSocket

Relationships & Source Files
Super Chains via Extension / Inclusion / Inheritance
Instance Chain:
self, SocketForwarder, ::OpenSSL::Buffering, Enumerable
Inherits: Object
Defined in: ext/openssl/ossl_ssl.c,
ext/openssl/lib/openssl/ssl.rb

Overview

The following attributes are available but don't show up in rdoc.

  • io, context, sync_close

Constant Summary

::OpenSSL::Buffering - Included

BLOCK_SIZE

Class Method Summary

Instance Attribute Summary

SocketForwarder - Included

#closed?, #do_not_reverse_lookup=

::OpenSSL::Buffering - Included

#sync

The “sync mode” of the SSLSocket.
#eof

Alias for Buffering#eof?.

Instance Method Summary

SocketForwarder - Included

#addr, #fcntl, #getsockopt, #peeraddr, #setsockopt

::OpenSSL::Buffering - Included

#<<

Writes s to the stream.
#close

Closes the SSLSocket and flushes any unwritten data.
#each

Executes the block for every line in the stream where lines are separated by eol.
#each_byte

Calls the given block once for each byte in the stream.
#each_line

Alias for Buffering#each.
#eof?

Returns true if the stream is at file which means there is no more data to be read.
#flush

Flushes buffered data to the SSLSocket.
#getc

Reads one character from the stream.
#gets

Reads the next “line+ from the stream.
#initialize

Creates an instance of OpenSSL's buffering IO module.
#print

Writes args to the stream.
#printf

Formats and writes to the stream converting parameters under control of the format string.
#puts

Writes args to the stream along with a record separator.
#read

Reads size bytes from the stream.
#read_nonblock

Reads at most maxlen bytes in the non-blocking manner.
#readchar

Reads a one-character string from the stream.
#readline

Reads a line from the stream which is separated by eol.
#readlines

Reads lines from the stream which are separated by eol.
#readpartial

Reads at most maxlen bytes from the stream.
#ungetc

Pushes character c back onto the stream such that a subsequent buffered character read will return it.
#write

Writes s to the stream.
#write_nonblock

Writes str in the non-blocking manner.
#consume_rbuff

Consumes size bytes from the buffer.
#do_write

Writes s to the buffer.
#fill_rbuff

Fills the buffer from the underlying SSLSocket.

Constructor Details

.new(io, ctx = nil) ⇒ SSLSocket

Raises:

  • (NotImplementedError)
[ GitHub ] 

  


# File 'ext/openssl/lib/openssl/ssl.rb', line 254



def initialize(io, ctx = nil); raise NotImplementedError; end


  






  

  

    

      #new(io)  ⇒ SSLSocket 
      #new(io, ctx)  ⇒ SSLSocket 
    

  



  

    

Creates a new ::OpenSSL::SSL socket from #io which must be a real ruby object (not an IO-like object that responds to read/write).



If ctx is provided the ::OpenSSL::SSL Sockets initial params will be taken from the context.



The ::OpenSSL::Buffering module provides additional IO methods.



This method will freeze the SSLContext if one is provided; however, session management is still allowed in the frozen SSLContext.


  





  


  [ GitHub ]


  

  


# File 'ext/openssl/lib/openssl/ssl.rb', line 279



def initialize(io, context = OpenSSL::SSL::SSLContext.new)
  @io         = io
  @context    = context
  @sync_close = false
  @hostname   = nil
  @io.nonblock = true if @io.respond_to?(:nonblock=)
  context.setup
  super()
end


  







Instance Attribute Details



  

    #context   (readonly)
  

  [ GitHub ]


  

  


# File 'ext/openssl/lib/openssl/ssl.rb', line 260



attr_reader :io, :context


  








  

    #hostname   (rw)
  

  [ GitHub ]


  

  


# File 'ext/openssl/lib/openssl/ssl.rb', line 257



attr_accessor :hostname


  








  

    #io   (readonly)
    Also known as: #to_io
  

  [ GitHub ]


  

  


# File 'ext/openssl/lib/openssl/ssl.rb', line 260



attr_reader :io, :context


  








  

    #session   (rw)
  

  [ GitHub ]


  

  


# File 'ext/openssl/lib/openssl/ssl.rb', line 323



def session
  SSL::Session.new(self)
rescue SSL::Session::SessionError
  nil
end


  








  

    #session=(session)  ⇒ session  (rw)  



  

    

Sets the Session to be used when the connection is established.


  









  

    #session_reused?Boolean  (readonly)  



  

    

Returns true if a reused session was negotiated during the handshake.


  









  

    #sync_close   (rw)
  

  [ GitHub ]


  

  


# File 'ext/openssl/lib/openssl/ssl.rb', line 261



attr_accessor :sync_close


  








  

    #to_io   (readonly)
  



  

    

Alias for #io.


  



  [ GitHub ]


  

  


# File 'ext/openssl/lib/openssl/ssl.rb', line 262



alias :to_io :io


  








  

    #using_anon_cipher?Boolean  (readonly, private)
  

  [ GitHub ]


  

  


# File 'ext/openssl/lib/openssl/ssl.rb', line 331



def using_anon_cipher?
  ctx = OpenSSL::SSL::SSLContext.new
  ctx.ciphers = "aNULL"
  ctx.ciphers.include?(cipher)
end


  







Instance Method Details



  

    #acceptself   



  

    

Waits for a SSL/TLS client to initiate a handshake.  The handshake may be started after unencrypted data has been sent over the socket.


  









  

    #accept_nonblock([options])  ⇒ self   



  

    

Initiates the SSL/TLS handshake as a server in non-blocking manner.



# emulates blocking accept
begin
  ssl.accept_nonblock
rescue IO::WaitReadable
  IO.select([s2])
  retry
rescue IO::WaitWritable
  IO.select(nil, [s2])
  retry
end



By specifying exception: false, the options hash allows you to indicate that accept_nonblock should not raise an IO::WaitReadable or IO::WaitWritable exception, but return the symbol :wait_readable or :wait_writable instead.


  









  

    #alpn_protocolString   



  

    

Returns the ALPN protocol string that was finally selected by the client during the handshake.


  









  

    #cert  ⇒ cert?   



  

    

The X509 certificate for this socket endpoint.


  









  

    #cipherArray, ...   



  

    

The cipher being used for the current connection


  









  

    #client_caArray, ...   



  

    

Returns the list of client CAs. Please note that in contrast to SSLContext#client_ca= no array of ::OpenSSL::X509::Certificate is returned but ::OpenSSL::X509::Name instances of the CA's subject distinguished name.



In server mode, returns the list set by SSLContext#client_ca=. In client mode, returns the list of client CAs sent from the server.


  









  

    #client_cert_cb   (private)
  

  [ GitHub ]


  

  


# File 'ext/openssl/lib/openssl/ssl.rb', line 337



def client_cert_cb
  @context.client_cert_cb
end


  








  

    #connectself   



  

    

Initiates an SSL/TLS handshake with a server.  The handshake may be started after unencrypted data has been sent over the socket.


  









  

    #connect_nonblock([options])  ⇒ self   



  

    

Initiates the SSL/TLS handshake as a client in non-blocking manner.



# emulates blocking connect
begin
  ssl.connect_nonblock
rescue IO::WaitReadable
  IO.select([s2])
  retry
rescue IO::WaitWritable
  IO.select(nil, [s2])
  retry
end



By specifying exception: false, the options hash allows you to indicate that connect_nonblock should not raise an IO::WaitReadable or IO::WaitWritable exception, but return the symbol :wait_readable or :wait_writable instead.


  









  

    #npn_protocolString   



  

    

Returns the protocol string that was finally selected by the client during the handshake.


  









  

    #peer_certcert?   



  

    

The X509 certificate for this socket's peer.


  









  

    #peer_cert_chainArray, ...   



  

    

The X509 certificate chain for this socket's peer.


  









  

    #pendingInteger   



  

    

The number of bytes that are immediately available for reading


  









  

    #post_connection_check(hostname)  
  



  

    

Perform hostname verification after an ::OpenSSL::SSL connection is established



This method MUST be called after calling #connect to ensure that the hostname of a remote peer has been verified.


  



  [ GitHub ]


  

  


# File 'ext/openssl/lib/openssl/ssl.rb', line 308



def post_connection_check(hostname)
  if peer_cert.nil?
    msg = "Peer verification enabled, but no certificate received."
    if using_anon_cipher?
      msg += " Anonymous cipher suite #{cipher[0]} was negotiated. Anonymous suites must be disabled to use peer verification."
    end
    raise SSLError, msg
  end

  unless OpenSSL::SSL.verify_certificate_identity(peer_cert, hostname)
    raise SSLError, "hostname \"#{hostname}\" does not match the server certificate"
  end
  return true
end


  








  

    #session_get_cb   (private)
  

  [ GitHub ]


  

  


# File 'ext/openssl/lib/openssl/ssl.rb', line 353



def session_get_cb
  @context.session_get_cb
end


  








  

    #session_new_cb   (private)
  

  [ GitHub ]


  

  


# File 'ext/openssl/lib/openssl/ssl.rb', line 349



def session_new_cb
  @context.session_new_cb
end


  








  

    #ssl_versionString   



  

    

Returns a String representing the SSL/TLS version that was negotiated for the connection, for example “TLSv1.2”.


  









  

    #stateString   



  

    

A description of the current connection state.


  









  

    #stopnil  (private)  



  

    

Sends “close notify” to the peer and tries to shut down the ::OpenSSL::SSL connection gracefully.


  









  

    #sysclosenil   



  

    

Sends “close notify” to the peer and tries to shut down the ::OpenSSL::SSL connection gracefully.



If sync_close is set to true, the underlying IO is also closed.


  



  [ GitHub ]


  

  


# File 'ext/openssl/lib/openssl/ssl.rb', line 297



def sysclose
  return if closed?
  stop
  io.close if sync_close
end


  








  

    

      #sysread(length)  ⇒ String 
      #sysread(length, buffer)  ⇒ buffer 
    

  



  

    

Reads length bytes from the ::OpenSSL::SSL connection.  If a pre-allocated buffer is provided the data will be written into it.


  





  








  

    

      #sysread_nonblock(length)  ⇒ String  (private)
      #sysread_nonblock(length, buffer)  ⇒ buffer 
      #sysread_nonblock(length[, buffer [, opts])  ⇒ buffer 
    

  



  

    

A non-blocking version of #sysread.  Raises an SSLError if reading would block.  If “exception: false” is passed, this method returns a symbol of :wait_readable, :wait_writable, or nil, rather than raising an exception.



Reads length bytes from the ::OpenSSL::SSL connection.  If a pre-allocated buffer is provided the data will be written into it.


  





  








  

    #syswrite(string)  ⇒ Integer   



  

    

Writes string to the ::OpenSSL::SSL connection.


  









  

    #syswrite_nonblock(string)  ⇒ Integer  (private)  



  

    

Writes string to the ::OpenSSL::SSL connection in a non-blocking manner.  Raises an SSLError if writing would block.


  









  

    #tmp_dh_callback   (private)
  

  [ GitHub ]


  

  


# File 'ext/openssl/lib/openssl/ssl.rb', line 341



def tmp_dh_callback
  @context.tmp_dh_callback || OpenSSL::PKey::DEFAULT_TMP_DH_CALLBACK
end


  








  

    #tmp_ecdh_callback   (private)
  

  [ GitHub ]


  

  


# File 'ext/openssl/lib/openssl/ssl.rb', line 345



def tmp_ecdh_callback
  @context.tmp_ecdh_callback
end


  








  

    #verify_resultInteger   



  

    

Returns the result of the peer certificates verification.  See verify(1) for error values and descriptions.



If no peer certificate was presented X509_V_OK is returned.