Class: OpenSSL::X509::Store
Relationships & Source Files | |
Inherits: | Object |
Defined in: | ext/openssl/ossl_x509store.c |
Overview
The X509 certificate store holds trusted CA certificates used to verify peer certificates.
The easiest way to create a useful certificate store is:
cert_store = OpenSSL::X509::Store.new
cert_store.set_default_paths
This will use your system's built-in certificates.
If your system does not have a default set of certificates you can obtain a set from Mozilla here: curl.haxx.se/docs/caextract.html (Note that this set does not have an HTTPS download option so you may wish to use the firefox-db2pem.sh script to extract the certificates from a local install to avoid man-in-the-middle attacks.)
After downloading or generating a cacert.pem from the above link you can create a certificate store from the pem file like this:
cert_store = OpenSSL::X509::Store.new
cert_store.add_file 'cacert.pem'
The certificate store can be used with an SSLSocket like this:
ssl_context = OpenSSL::SSL::SSLContext.new
ssl_context.cert_store = cert_store
tcp_socket = TCPSocket.open 'example.com', 443
ssl_socket = OpenSSL::SSL::SSLSocket.new tcp_socket, ssl_context
Class Method Summary
- X509::Store.new ⇒ Store constructor
Instance Attribute Summary
- #verify_callback rw
-
#verify_callback=(cb)
rw
General callback for ::OpenSSL verify.
- #chain readonly
- #error readonly
- #error_string readonly
- #flags=(flags) writeonly
- #purpose=(purpose) writeonly
- #time=(time) writeonly
- #trust=(trust) writeonly
Instance Method Summary
-
#add_cert(cert)
Adds the Certificate
cert
to the certificate store. - #add_crl(arg)
-
#add_file(file) ⇒ Store
Adds the certificates in
file
to the certificate store. - #add_path(dir)
-
#set_default_paths
Adds the default certificates to the certificate store.
- #verify(*args)
Constructor Details
X509::Store.new ⇒ Store
Instance Attribute Details
#chain (readonly)
#error (readonly)
#error_string (readonly)
#flags=(flags) (writeonly)
#purpose=(purpose) (writeonly)
#time=(time) (writeonly)
#trust=(trust) (writeonly)
#verify_callback (rw)
#verify_callback=(cb) (rw)
General callback for ::OpenSSL verify
Instance Method Details
#add_cert(cert)
Adds the Certificate cert
to the certificate store.
#add_crl(arg)
#add_file(file) ⇒ Store
Adds the certificates in file
to the certificate store. The file
can contain multiple PEM-encoded certificates.
#add_path(dir)
#set_default_paths
Adds the default certificates to the certificate store. These certificates are loaded from the default configuration directory which can usually be determined by:
File.dirname OpenSSL::Config::DEFAULT_CONFIG_FILE