123456789_123456789_123456789_123456789_123456789_

Class: OpenSSL::SSL::SSLSocket

Relationships & Source Files
Super Chains via Extension / Inclusion / Inheritance
Instance Chain:
self, SocketForwarder, ::OpenSSL::Buffering, Enumerable
Inherits: Object
Defined in: ext/openssl/ossl_ssl.c,
ext/openssl/lib/openssl/ssl.rb

Constant Summary

::OpenSSL::Buffering - Included

BLOCK_SIZE

Class Method Summary

Instance Attribute Summary

SocketForwarder - Included

#closed?, #do_not_reverse_lookup=

::OpenSSL::Buffering - Included

#sync

The “sync mode” of the SSLSocket.
#eof

Alias for Buffering#eof?.

Instance Method Summary

SocketForwarder - Included

#addr, #fcntl, #getsockopt, #peeraddr, #setsockopt

::OpenSSL::Buffering - Included

#<<

Writes s to the stream.
#close

Closes the SSLSocket and flushes any unwritten data.
#each

Executes the block for every line in the stream where lines are separated by eol.
#each_byte

Calls the given block once for each byte in the stream.
#each_line

Alias for Buffering#each.
#eof?

Returns true if the stream is at file which means there is no more data to be read.
#flush

Flushes buffered data to the SSLSocket.
#getc

Reads one character from the stream.
#gets

Reads the next “line” from the stream.
#initialize

Creates an instance of OpenSSL's buffering ::IO module.
#print

Writes args to the stream.
#printf

Formats and writes to the stream converting parameters under control of the format string.
#puts

Writes args to the stream along with a record separator.
#read

Reads size bytes from the stream.
#read_nonblock

Reads at most maxlen bytes in the non-blocking manner.
#readchar

Reads a one-character string from the stream.
#readline

Reads a line from the stream which is separated by eol.
#readlines

Reads lines from the stream which are separated by eol.
#readpartial

Reads at most maxlen bytes from the stream.
#ungetc

Pushes character c back onto the stream such that a subsequent buffered character read will return it.
#write

Writes s to the stream.
#write_nonblock

Writes s in the non-blocking manner.
#consume_rbuff

Consumes size bytes from the buffer.
#do_write

Writes s to the buffer.
#fill_rbuff

Fills the buffer from the underlying SSLSocket.

Constructor Details

.new

#new(io) ⇒ SSLSocket #new(io, ctx) ⇒ SSLSocket

Creates a new ::OpenSSL::SSL socket from #io which must be a real ::IO object (not an IO-like object that responds to read/write).

If ctx is provided the ::OpenSSL::SSL Sockets initial params will be taken from the context.

The ::OpenSSL::Buffering module provides additional ::IO methods.

This method will freeze the SSLContext if one is provided; however, session management is still allowed in the frozen SSLContext.

Instance Attribute Details

#context (readonly)

The SSLContext object used in this connection.

[ GitHub ] 

  


# File 'ext/openssl/lib/openssl/ssl.rb', line 254



attr_reader :context


  








  

    #hostname   (rw)
  

  [ GitHub ]


  

  


# File 'ext/openssl/lib/openssl/ssl.rb', line 246



attr_reader :hostname


  








  

    #hostname=(hostname)  ⇒ hostname  (rw)  



  

    

Sets the server hostname used for SNI. This needs to be set before #connect.


  









  

    #io   (readonly)
    Also known as: #to_io
  



  

    

The underlying ::IO object.


  



  [ GitHub ]


  

  


# File 'ext/openssl/lib/openssl/ssl.rb', line 250



attr_reader :io


  








  

    #sessionaSession  (rw)  



  

    

Returns the SSLSession object currently used, or nil if the session is not established.


  



  [ GitHub ]


  

  


# File 'ext/openssl/lib/openssl/ssl.rb', line 301



def session
  SSL::Session.new(self)
rescue SSL::Session::SessionError
  nil
end


  








  

    #session=(session)  ⇒ session  (rw)  



  

    

Sets the Session to be used when the connection is established.


  









  

    #session_reused?Boolean  (readonly)  



  

    

Returns true if a reused session was negotiated during the handshake.


  









  

    #sync_close   (rw)
  



  

    

Whether to close the underlying socket as well, when the SSL/TLS connection is shut down. This defaults to false.


  



  [ GitHub ]


  

  


# File 'ext/openssl/lib/openssl/ssl.rb', line 258



attr_accessor :sync_close


  








  

    #to_io   (readonly)
  



  

    

Alias for #io.


  



  [ GitHub ]


  

  


# File 'ext/openssl/lib/openssl/ssl.rb', line 251



alias :to_io :io


  








  

    #using_anon_cipher?Boolean  (readonly, private)
  

  [ GitHub ]


  

  


# File 'ext/openssl/lib/openssl/ssl.rb', line 309



def using_anon_cipher?
  ctx = OpenSSL::SSL::SSLContext.new
  ctx.ciphers = "aNULL"
  ctx.ciphers.include?(cipher)
end


  







Instance Method Details



  

    #acceptself   



  

    

Waits for a SSL/TLS client to initiate a handshake.  The handshake may be started after unencrypted data has been sent over the socket.


  









  

    #accept_nonblock([options])  ⇒ self   



  

    

Initiates the SSL/TLS handshake as a server in non-blocking manner.



# emulates blocking accept
begin
  ssl.accept_nonblock
rescue IO::WaitReadable
  IO.select([s2])
  retry
rescue IO::WaitWritable
  IO.select(nil, [s2])
  retry
end



By specifying exception: false, the options hash allows you to indicate that accept_nonblock should not raise an ::IO::WaitReadable or ::IO::WaitWritable exception, but return the symbol :wait_readable or :wait_writable instead.


  









  

    #alpn_protocolString | nil   



  

    

Returns the ALPN protocol string that was finally selected by the server during the handshake.


  









  

    #cert  ⇒ cert?   



  

    

The X509 certificate for this socket endpoint.


  









  

    #cipherArray, ...   



  

    

The cipher being used for the current connection


  









  

    #client_caArray, ...   



  

    

Returns the list of client CAs. Please note that in contrast to SSLContext#client_ca= no array of ::OpenSSL::X509::Certificate is returned but ::OpenSSL::X509::Name instances of the CA's subject distinguished name.



In server mode, returns the list set by SSLContext#client_ca=. In client mode, returns the list of client CAs sent from the server.


  









  

    #client_cert_cb   (private)
  

  [ GitHub ]


  

  


# File 'ext/openssl/lib/openssl/ssl.rb', line 315



def client_cert_cb
  @context.client_cert_cb
end


  








  

    #connectself   



  

    

Initiates an SSL/TLS handshake with a server.  The handshake may be started after unencrypted data has been sent over the socket.


  









  

    #connect_nonblock([options])  ⇒ self   



  

    

Initiates the SSL/TLS handshake as a client in non-blocking manner.



# emulates blocking connect
begin
  ssl.connect_nonblock
rescue IO::WaitReadable
  IO.select([s2])
  retry
rescue IO::WaitWritable
  IO.select(nil, [s2])
  retry
end



By specifying exception: false, the options hash allows you to indicate that connect_nonblock should not raise an ::IO::WaitReadable or ::IO::WaitWritable exception, but return the symbol :wait_readable or :wait_writable instead.


  









  

    #npn_protocolString | nil   



  

    

Returns the protocol string that was finally selected by the client during the handshake.


  









  

    #peer_certcert?   



  

    

The X509 certificate for this socket's peer.


  









  

    #peer_cert_chainArray, ...   



  

    

The X509 certificate chain for this socket's peer.


  









  

    #pendingInteger   



  

    

The number of bytes that are immediately available for reading.


  









  

    #post_connection_check(hostname)  ⇒ true   



  

    

Perform hostname verification following RFC 6125.



This method MUST be called after calling #connect to ensure that the hostname of a remote peer has been verified.


  



  [ GitHub ]


  

  


# File 'ext/openssl/lib/openssl/ssl.rb', line 280



def post_connection_check(hostname)
  if peer_cert.nil?
    msg = "Peer verification enabled, but no certificate received."
    if using_anon_cipher?
      msg += " Anonymous cipher suite #{cipher[0]} was negotiated. " \
             "Anonymous suites must be disabled to use peer verification."
    end
    raise SSLError, msg
  end

  unless OpenSSL::SSL.verify_certificate_identity(peer_cert, hostname)
    raise SSLError, "hostname \"#{hostname}\" does not match the server certificate"
  end
  return true
end


  








  

    #session_get_cb   (private)
  

  [ GitHub ]


  

  


# File 'ext/openssl/lib/openssl/ssl.rb', line 331



def session_get_cb
  @context.session_get_cb
end


  








  

    #session_new_cb   (private)
  

  [ GitHub ]


  

  


# File 'ext/openssl/lib/openssl/ssl.rb', line 327



def session_new_cb
  @context.session_new_cb
end


  








  

    #ssl_versionString   



  

    

Returns a String representing the SSL/TLS version that was negotiated for the connection, for example “TLSv1.2”.


  









  

    #stateString   



  

    

A description of the current connection state. This is for diagnostic purposes only.


  









  

    #stopnil  (private)  



  

    

Sends “close notify” to the peer and tries to shut down the ::OpenSSL::SSL connection gracefully.


  









  

    #sysclosenil   



  

    

Sends “close notify” to the peer and tries to shut down the ::OpenSSL::SSL connection gracefully.



If sync_close is set to true, the underlying ::IO is also closed.


  



  [ GitHub ]


  

  


# File 'ext/openssl/lib/openssl/ssl.rb', line 267



def sysclose
  return if closed?
  stop
  io.close if sync_close
end


  








  

    

      #sysread(length)  ⇒ String 
      #sysread(length, buffer)  ⇒ buffer 
    

  



  

    

Reads length bytes from the ::OpenSSL::SSL connection.  If a pre-allocated buffer is provided the data will be written into it.


  





  








  

    

      #sysread_nonblock(length)  ⇒ String  (private)
      #sysread_nonblock(length, buffer)  ⇒ buffer 
      #sysread_nonblock(length[, buffer [, opts])  ⇒ buffer 
    

  



  

    

A non-blocking version of #sysread.  Raises an SSLError if reading would block.  If “exception: false” is passed, this method returns a symbol of :wait_readable, :wait_writable, or nil, rather than raising an exception.



Reads length bytes from the ::OpenSSL::SSL connection.  If a pre-allocated buffer is provided the data will be written into it.


  





  








  

    #syswrite(string)  ⇒ Integer   



  

    

Writes string to the ::OpenSSL::SSL connection.


  









  

    #syswrite_nonblock(string)  ⇒ Integer  (private)  



  

    

Writes string to the ::OpenSSL::SSL connection in a non-blocking manner.  Raises an SSLError if writing would block.


  









  

    #tmp_dh_callback   (private)
  

  [ GitHub ]


  

  


# File 'ext/openssl/lib/openssl/ssl.rb', line 319



def tmp_dh_callback
  @context.tmp_dh_callback || OpenSSL::PKey::DEFAULT_TMP_DH_CALLBACK
end


  








  

    #tmp_ecdh_callback   (private)
  

  [ GitHub ]


  

  


# File 'ext/openssl/lib/openssl/ssl.rb', line 323



def tmp_ecdh_callback
  @context.tmp_ecdh_callback
end


  








  

    #tmp_keyPKey?   



  

    

Returns the ephemeral key used in case of forward secrecy cipher.


  









  

    #verify_resultInteger   



  

    

Returns the result of the peer certificates verification.  See verify(1) for error values and descriptions.



If no peer certificate was presented X509_V_OK is returned.