Class: OpenSSL::SSL::SSLSocket
| Relationships & Source Files | |
| Super Chains via Extension / Inclusion / Inheritance | |
|
Instance Chain:
self,
SocketForwarder,
::OpenSSL::Buffering,
Enumerable
|
|
| Inherits: | Object |
| Defined in: | ext/openssl/ossl_ssl.c, ext/openssl/lib/openssl/ssl.rb |
Constant Summary
::OpenSSL::Buffering - Included
Class Method Summary
-
.new(io) ⇒ SSLSocket
constructor
Creates a new
::OpenSSL::SSLsocket from io which must be a real::IOobject (not an IO-like object that responds to read/write). -
.open(remote_host, remote_port, local_host = nil, local_port = nil, context: nil)
Creates a new instance of
SSLSocket.
Instance Attribute Summary
-
#context
readonly
The SSLContext object used in this connection.
- #hostname rw
-
#hostname=(hostname) ⇒ hostname
rw
Sets the server hostname used for SNI.
-
#io
(also: #to_io)
readonly
The underlying
::IOobject. -
#session ⇒ aSession
rw
Returns the SSLSession object currently used, or nil if the session is not established.
-
#session=(session) ⇒ session
rw
Sets the
Sessionto be used when the connection is established. -
#session_reused? ⇒ Boolean
readonly
Returns
trueif a reused session was negotiated during the handshake. -
#sync_close
rw
Whether to close the underlying socket as well, when the SSL/TLS connection is shut down.
-
#to_io
readonly
Alias for #io.
- #using_anon_cipher? ⇒ Boolean readonly private
SocketForwarder - Included
::OpenSSL::Buffering - Included
| #eof | Alias for Buffering#eof?. |
| #sync | The “sync mode” of the |
Instance Method Summary
-
#accept ⇒ self
Waits for a SSL/TLS client to initiate a handshake.
-
#accept_nonblock([options]) ⇒ self
Initiates the SSL/TLS handshake as a server in non-blocking manner.
-
#alpn_protocol ⇒ String | nil
Returns the ALPN protocol string that was finally selected by the server during the handshake.
-
#cert ⇒ cert?
The X509 certificate for this socket endpoint.
-
#cipher ⇒ nil, ...
Returns the cipher suite actually used in the current session, or nil if no session has been established.
-
#client_ca ⇒ Array, ...
Returns the list of client CAs.
-
#close_read
Close the stream for reading.
-
#close_write
Closes the stream for writing.
-
#connect ⇒ self
Initiates an SSL/TLS handshake with a server.
-
#connect_nonblock([options]) ⇒ self
Initiates the SSL/TLS handshake as a client in non-blocking manner.
-
#export_keying_material(label, length) ⇒ String
Enables use of shared session key material in accordance with RFC 5705.
-
#finished_message ⇒ "finished message"
Returns the last Finished message sent.
-
#npn_protocol ⇒ String | nil
Returns the protocol string that was finally selected by the client during the handshake.
-
#peer_cert ⇒ cert?
The X509 certificate for this socket’s peer.
-
#peer_cert_chain ⇒ Array, ...
The X509 certificate chain for this socket’s peer.
-
#peer_finished_message ⇒ "peer finished message"
Returns the last Finished message received.
-
#pending ⇒ Integer
The number of bytes that are immediately available for reading.
-
#post_connection_check(hostname) ⇒ true
Perform hostname verification following RFC 6125.
-
#ssl_version ⇒ String
Returns a String representing the SSL/TLS version that was negotiated for the connection, for example “TLSv1.2”.
-
#state ⇒ String
A description of the current connection state.
-
#sysclose ⇒ nil
Sends “close notify” to the peer and tries to shut down the
::OpenSSL::SSLconnection gracefully. -
#sysread(length) ⇒ String
Reads length bytes from the
::OpenSSL::SSLconnection. -
#syswrite(string) ⇒ Integer
Writes string to the
::OpenSSL::SSLconnection. -
#tmp_key ⇒ PKey?
Returns the ephemeral key used in case of forward secrecy cipher.
-
#verify_result ⇒ Integer
Returns the result of the peer certificates verification.
- #client_cert_cb private
- #session_get_cb private
- #session_new_cb private
-
#stop ⇒ nil
private
Sends “close notify” to the peer and tries to shut down the
::OpenSSL::SSLconnection gracefully. -
#sysread_nonblock(length) ⇒ String
private
A non-blocking version of #sysread.
-
#syswrite_nonblock(string) ⇒ Integer
private
Writes string to the
::OpenSSL::SSLconnection in a non-blocking manner. - #tmp_dh_callback private
SocketForwarder - Included
| #addr, #fcntl, | |
| #fileno | The file descriptor for the socket. |
| #getsockopt, #local_address, #peeraddr, #remote_address, #setsockopt, #wait, #wait_readable, #wait_writable | |
::OpenSSL::Buffering - Included
| #<< | Writes s to the stream. |
| #close | Closes the |
| #each | Executes the block for every line in the stream where lines are separated by eol. |
| #each_byte | Calls the given block once for each byte in the stream. |
| #each_line | Alias for Buffering#each. |
| #eof? | Returns true if the stream is at file which means there is no more data to be read. |
| #flush | Flushes buffered data to the |
| #getbyte | Get the next 8bit byte from |
| #getc | Reads one character from the stream. |
| #gets | Reads the next “line” from the stream. |
| #initialize | Creates an instance of OpenSSL’s buffering |
Writes args to the stream. |
|
| #printf | Formats and writes to the stream converting parameters under control of the format string. |
| #puts | Writes args to the stream along with a record separator. |
| #read | Reads size bytes from the stream. |
| #read_nonblock | Reads at most maxlen bytes in the non-blocking manner. |
| #readbyte | Get the next 8bit byte. |
| #readchar | Reads a one-character string from the stream. |
| #readline | Reads a line from the stream which is separated by eol. |
| #readlines | Reads lines from the stream which are separated by eol. |
| #readpartial | Reads at most maxlen bytes from the stream. |
| #ungetc | Pushes character c back onto the stream such that a subsequent buffered character read will return it. |
| #write | Writes s to the stream. |
| #write_nonblock | Writes s in the non-blocking manner. |
| #consume_rbuff | Consumes size bytes from the buffer. |
| #do_write | Writes s to the buffer. |
| #fill_rbuff | Fills the buffer from the underlying |
Constructor Details
.new(io) ⇒ SSLSocket
.new(io, ctx) ⇒ SSLSocket
SSLSocket
.new(io, ctx) ⇒ SSLSocket
Creates a new ::OpenSSL::SSL socket from io which must be a real ::IO object (not an IO-like object that responds to read/write).
If ctx is provided the ::OpenSSL::SSL Sockets initial params will be taken from the context.
The ::OpenSSL::Buffering module provides additional ::IO methods.
This method will freeze the SSLContext if one is provided; however, session management is still allowed in the frozen SSLContext.
# File 'ext/openssl/ossl_ssl.c', line 1616
static VALUE
ossl_ssl_initialize(int argc, VALUE *argv, VALUE self)
{
VALUE io, v_ctx;
SSL *ssl;
SSL_CTX *ctx;
TypedData_Get_Struct(self, SSL, &ossl_ssl_type, ssl);
if (ssl)
ossl_raise(eSSLError, "SSL already initialized");
if (rb_scan_args(argc, argv, "11", &io, &v_ctx) == 1)
v_ctx = rb_funcall(cSSLContext, rb_intern("new"), 0);
GetSSLCTX(v_ctx, ctx);
rb_ivar_set(self, id_i_context, v_ctx);
ossl_sslctx_setup(v_ctx);
if (rb_respond_to(io, rb_intern("nonblock=")))
rb_funcall(io, rb_intern("nonblock="), 1, Qtrue);
Check_Type(io, T_FILE);
rb_ivar_set(self, id_i_io, io);
ssl = SSL_new(ctx);
if (!ssl)
ossl_raise(eSSLError, NULL);
RTYPEDDATA_DATA(self) = ssl;
SSL_set_ex_data(ssl, ossl_ssl_ex_ptr_idx, (void *)self);
SSL_set_info_callback(ssl, ssl_info_cb);
rb_call_super(0, NULL);
return self;
}
Class Method Details
.open(remote_host, remote_port, local_host = nil, local_port = nil, context: nil)
Creates a new instance of SSLSocket. remotehost_ and remoteport_ are used to open TCPSocket. If localhost_ and localport_ are specified, then those parameters are used on the local end to establish the connection. If context is provided, the ::OpenSSL::SSL Sockets initial params will be taken from the context.
Examples
sock = OpenSSL::SSL::SSLSocket.open('localhost', 443)
sock.connect # Initiates a connection to localhost:443with SSLContext:
ctx = OpenSSL::SSL::SSLContext.new
sock = OpenSSL::SSL::SSLSocket.open('localhost', 443, context: ctx)
sock.connect # Initiates a connection to localhost:443 with SSLContext# File 'ext/openssl/lib/openssl/ssl.rb', line 534
def open(remote_host, remote_port, local_host=nil, local_port=nil, context: nil) sock = ::TCPSocket.open(remote_host, remote_port, local_host, local_port) if context.nil? return OpenSSL::SSL::SSLSocket.new(sock) else return OpenSSL::SSL::SSLSocket.new(sock, context) end end
Instance Attribute Details
#context (readonly)
The SSLContext object used in this connection.
# File 'ext/openssl/lib/openssl/ssl.rb', line 409
attr_reader :context
#hostname (rw)
[ GitHub ]# File 'ext/openssl/lib/openssl/ssl.rb', line 402
attr_reader :hostname
#hostname=(hostname) ⇒ hostname (rw)
Sets the server hostname used for SNI. This needs to be set before #connect.
# File 'ext/openssl/ossl_ssl.c', line 2360
static VALUE
ossl_ssl_set_hostname(VALUE self, VALUE arg)
{
SSL *ssl;
char *hostname = NULL;
GetSSL(self, ssl);
if (!NIL_P(arg))
hostname = StringValueCStr(arg);
if (!SSL_set_tlsext_host_name(ssl, hostname))
ossl_raise(eSSLError, NULL);
/* for SSLSocket#hostname */
rb_ivar_set(self, id_i_hostname, arg);
return arg;
}
#io (readonly) Also known as: #to_io
The underlying ::IO object.
# File 'ext/openssl/lib/openssl/ssl.rb', line 405
attr_reader :io
#session ⇒ aSession (rw)
Returns the SSLSession object currently used, or nil if the session is not established.
#session=(session) ⇒ session (rw)
Sets the Session to be used when the connection is established.
# File 'ext/openssl/ossl_ssl.c', line 2338
static VALUE
ossl_ssl_set_session(VALUE self, VALUE arg1)
{
SSL *ssl;
SSL_SESSION *sess;
GetSSL(self, ssl);
GetSSLSession(arg1, sess);
if (SSL_set_session(ssl, sess) != 1)
ossl_raise(eSSLError, "SSL_set_session");
return arg1;
}
#session_reused? ⇒ Boolean (readonly)
Returns true if a reused session was negotiated during the handshake.
# File 'ext/openssl/ossl_ssl.c', line 2322
static VALUE
ossl_ssl_session_reused(VALUE self)
{
SSL *ssl;
GetSSL(self, ssl);
return SSL_session_reused(ssl) ? Qtrue : Qfalse;
}
#sync_close (rw)
Whether to close the underlying socket as well, when the SSL/TLS connection is shut down. This defaults to false.
# File 'ext/openssl/lib/openssl/ssl.rb', line 413
attr_accessor :sync_close
#to_io (readonly)
Alias for #io.
# File 'ext/openssl/lib/openssl/ssl.rb', line 406
alias :to_io :io
#using_anon_cipher? ⇒ Boolean (readonly, private)
[ GitHub ]
# File 'ext/openssl/lib/openssl/ssl.rb', line 490
def using_anon_cipher? ctx = OpenSSL::SSL::SSLContext.new ctx.ciphers = "aNULL" ctx.ciphers.include?(cipher) end
Instance Method Details
#accept ⇒ self
Waits for a SSL/TLS client to initiate a handshake.
# File 'ext/openssl/ossl_ssl.c', line 1883
static VALUE
ossl_ssl_accept(VALUE self)
{
ossl_ssl_setup(self);
return ossl_start_ssl(self, SSL_accept, "SSL_accept", Qfalse);
}
#accept_nonblock([options]) ⇒ self
Initiates the SSL/TLS handshake as a server in non-blocking manner.
# emulates blocking accept
begin
ssl.accept_nonblock
rescue IO::WaitReadable
IO.select([s2])
retry
rescue IO::WaitWritable
IO.select(nil, [s2])
retry
endBy specifying a keyword argument exception to false, you can indicate that accept_nonblock should not raise an ::IO::WaitReadable or ::IO::WaitWritable exception, but return the symbol :wait_readable or :wait_writable instead.
# File 'ext/openssl/ossl_ssl.c', line 1913
static VALUE
ossl_ssl_accept_nonblock(int argc, VALUE *argv, VALUE self)
{
VALUE opts;
rb_scan_args(argc, argv, "0:", &opts);
ossl_ssl_setup(self);
return ossl_start_ssl(self, SSL_accept, "SSL_accept", opts);
}
#alpn_protocol ⇒ String | nil
Returns the ALPN protocol string that was finally selected by the server during the handshake.
# File 'ext/openssl/ossl_ssl.c', line 2504
static VALUE
ossl_ssl_alpn_protocol(VALUE self)
{
SSL *ssl;
const unsigned char *out;
unsigned int outlen;
GetSSL(self, ssl);
SSL_get0_alpn_selected(ssl, &out, &outlen);
if (!outlen)
return Qnil;
else
return rb_str_new((const char *) out, outlen);
}
#cert ⇒ cert?
The X509 certificate for this socket endpoint.
# File 'ext/openssl/ossl_ssl.c', line 2167
static VALUE
ossl_ssl_get_cert(VALUE self)
{
SSL *ssl;
X509 *cert = NULL;
GetSSL(self, ssl);
/*
* Is this OpenSSL bug? Should add a ref?
* TODO: Ask for.
*/
cert = SSL_get_certificate(ssl); /* NO DUPs => DON'T FREE. */
if (!cert) {
return Qnil;
}
return ossl_x509_new(cert);
}
#cipher ⇒ nil, ...
Returns the cipher suite actually used in the current session, or nil if no session has been established.
# File 'ext/openssl/ossl_ssl.c', line 2266
static VALUE
ossl_ssl_get_cipher(VALUE self)
{
SSL *ssl;
const SSL_CIPHER *cipher;
GetSSL(self, ssl);
cipher = SSL_get_current_cipher(ssl);
return cipher ? ossl_ssl_cipher_to_ary(cipher) : Qnil;
}
#client_ca ⇒ Array, ...
Returns the list of client CAs. Please note that in contrast to SSLContext#client_ca= no array of ::OpenSSL::X509::Certificate is returned but ::OpenSSL::X509::Name instances of the CA’s subject distinguished name.
In server mode, returns the list set by SSLContext#client_ca=. In client mode, returns the list of client CAs sent from the server.
# File 'ext/openssl/ossl_ssl.c', line 2460
static VALUE
ossl_ssl_get_client_ca_list(VALUE self)
{
SSL *ssl;
STACK_OF(X509_NAME) *ca;
GetSSL(self, ssl);
ca = SSL_get_client_CA_list(ssl);
return ossl_x509name_sk2ary(ca);
}
#client_cert_cb (private)
[ GitHub ]# File 'ext/openssl/lib/openssl/ssl.rb', line 496
def client_cert_cb @context.client_cert_cb end
#close_read
# File 'ext/openssl/lib/openssl/ssl.rb', line 465
def close_read # Unsupported and ignored. # Just don't read any more. end
#close_write
Closes the stream for writing. The behavior of this method depends on the version of ::OpenSSL and the TLS protocol in use.
-
Sends a ‘close_notify’ alert to the peer.
-
Does not wait for the peer’s ‘close_notify’ alert in response.
In TLS 1.2 and earlier:
-
On receipt of a ‘close_notify’ alert, responds with a ‘close_notify’ alert of its own and close down the connection immediately, discarding any pending writes.
Therefore, on TLS 1.2, this method will cause the connection to be completely shut down. On TLS 1.3, the connection will remain open for reading only.
# File 'ext/openssl/lib/openssl/ssl.rb', line 484
def close_write stop end
#connect ⇒ self
Initiates an SSL/TLS handshake with a server.
# File 'ext/openssl/ossl_ssl.c', line 1836
static VALUE
ossl_ssl_connect(VALUE self)
{
ossl_ssl_setup(self);
return ossl_start_ssl(self, SSL_connect, "SSL_connect", Qfalse);
}
#connect_nonblock([options]) ⇒ self
Initiates the SSL/TLS handshake as a client in non-blocking manner.
# emulates blocking connect
begin
ssl.connect_nonblock
rescue IO::WaitReadable
IO.select([s2])
retry
rescue IO::WaitWritable
IO.select(nil, [s2])
retry
endBy specifying a keyword argument exception to false, you can indicate that connect_nonblock should not raise an ::IO::WaitReadable or ::IO::WaitWritable exception, but return the symbol :wait_readable or :wait_writable instead.
# File 'ext/openssl/ossl_ssl.c', line 1866
static VALUE
ossl_ssl_connect_nonblock(int argc, VALUE *argv, VALUE self)
{
VALUE opts;
rb_scan_args(argc, argv, "0:", &opts);
ossl_ssl_setup(self);
return ossl_start_ssl(self, SSL_connect, "SSL_connect", opts);
}
#export_keying_material(label, length) ⇒ String
Enables use of shared session key material in accordance with RFC 5705.
# File 'ext/openssl/ossl_ssl.c', line 2526
static VALUE
ossl_ssl_export_keying_material(int argc, VALUE *argv, VALUE self)
{
SSL *ssl;
VALUE str;
VALUE label;
VALUE length;
VALUE context;
unsigned char *p;
size_t len;
int use_ctx = 0;
unsigned char *ctx = NULL;
size_t ctx_len = 0;
int ret;
rb_scan_args(argc, argv, "21", &label, &length, &context);
StringValue(label);
GetSSL(self, ssl);
len = (size_t)NUM2LONG(length);
str = rb_str_new(0, len);
p = (unsigned char *)RSTRING_PTR(str);
if (!NIL_P(context)) {
use_ctx = 1;
StringValue(context);
ctx = (unsigned char *)RSTRING_PTR(context);
ctx_len = RSTRING_LEN(context);
}
ret = SSL_export_keying_material(ssl, p, len, (char *)RSTRING_PTR(label),
RSTRING_LENINT(label), ctx, ctx_len, use_ctx);
if (ret == 0 || ret == -1) {
ossl_raise(eSSLError, "SSL_export_keying_material");
}
return str;
}
#finished_message ⇒ "finished message"
Returns the last Finished message sent
# File 'ext/openssl/ossl_ssl.c', line 2406
static VALUE
ossl_ssl_get_finished(VALUE self)
{
SSL *ssl;
char sizer[1], *buf;
size_t len;
GetSSL(self, ssl);
len = SSL_get_finished(ssl, sizer, 0);
if (len == 0)
return Qnil;
buf = ALLOCA_N(char, len);
SSL_get_finished(ssl, buf, len);
return rb_str_new(buf, len);
}
#npn_protocol ⇒ String | nil
Returns the protocol string that was finally selected by the client during the handshake.
# File 'ext/openssl/ossl_ssl.c', line 2480
static VALUE
ossl_ssl_npn_protocol(VALUE self)
{
SSL *ssl;
const unsigned char *out;
unsigned int outlen;
GetSSL(self, ssl);
SSL_get0_next_proto_negotiated(ssl, &out, &outlen);
if (!outlen)
return Qnil;
else
return rb_str_new((const char *) out, outlen);
}
#peer_cert ⇒ cert?
The X509 certificate for this socket’s peer.
# File 'ext/openssl/ossl_ssl.c', line 2193
static VALUE
ossl_ssl_get_peer_cert(VALUE self)
{
SSL *ssl;
X509 *cert = NULL;
VALUE obj;
GetSSL(self, ssl);
cert = SSL_get_peer_certificate(ssl); /* Adds a ref => Safe to FREE. */
if (!cert) {
return Qnil;
}
obj = ossl_x509_new(cert);
X509_free(cert);
return obj;
}
#peer_cert_chain ⇒ Array, ...
The X509 certificate chain for this socket’s peer.
# File 'ext/openssl/ossl_ssl.c', line 2219
static VALUE
ossl_ssl_get_peer_cert_chain(VALUE self)
{
SSL *ssl;
STACK_OF(X509) *chain;
X509 *cert;
VALUE ary;
int i, num;
GetSSL(self, ssl);
chain = SSL_get_peer_cert_chain(ssl);
if(!chain) return Qnil;
num = sk_X509_num(chain);
ary = rb_ary_new2(num);
for (i = 0; i < num; i++){
cert = sk_X509_value(chain, i);
rb_ary_push(ary, ossl_x509_new(cert));
}
return ary;
}
#peer_finished_message ⇒ "peer finished message"
Returns the last Finished message received
# File 'ext/openssl/ossl_ssl.c', line 2431
static VALUE
ossl_ssl_get_peer_finished(VALUE self)
{
SSL *ssl;
char sizer[1], *buf;
size_t len;
GetSSL(self, ssl);
len = SSL_get_peer_finished(ssl, sizer, 0);
if (len == 0)
return Qnil;
buf = ALLOCA_N(char, len);
SSL_get_peer_finished(ssl, buf, len);
return rb_str_new(buf, len);
}
#pending ⇒ Integer
The number of bytes that are immediately available for reading.
# File 'ext/openssl/ossl_ssl.c', line 2306
static VALUE
ossl_ssl_pending(VALUE self)
{
SSL *ssl;
GetSSL(self, ssl);
return INT2NUM(SSL_pending(ssl));
}
#post_connection_check(hostname) ⇒ true
Perform hostname verification following RFC 6125.
This method MUST be called after calling #connect to ensure that the hostname of a remote peer has been verified.
# File 'ext/openssl/lib/openssl/ssl.rb', line 435
def post_connection_check(hostname) if peer_cert.nil? msg = "Peer verification enabled, but no certificate received." if using_anon_cipher? msg += " Anonymous cipher suite #{cipher[0]} was negotiated. " \ "Anonymous suites must be disabled to use peer verification." end raise SSLError, msg end unless OpenSSL::SSL.verify_certificate_identity(peer_cert, hostname) raise SSLError, "hostname \"#{hostname}\" does not match the server certificate" end return true end
#session_get_cb (private)
[ GitHub ]# File 'ext/openssl/lib/openssl/ssl.rb', line 508
def session_get_cb @context.session_get_cb end
#session_new_cb (private)
[ GitHub ]# File 'ext/openssl/lib/openssl/ssl.rb', line 504
def session_new_cb @context.session_new_cb end
#ssl_version ⇒ String
Returns a String representing the SSL/TLS version that was negotiated for the connection, for example “TLSv1.2”.
# File 'ext/openssl/ossl_ssl.c', line 2249
static VALUE
ossl_ssl_get_version(VALUE self)
{
SSL *ssl;
GetSSL(self, ssl);
return rb_str_new2(SSL_get_version(ssl));
}
#state ⇒ String
A description of the current connection state. This is for diagnostic purposes only.
# File 'ext/openssl/ossl_ssl.c', line 2284
static VALUE
ossl_ssl_get_state(VALUE self)
{
SSL *ssl;
VALUE ret;
GetSSL(self, ssl);
ret = rb_str_new2(SSL_state_string(ssl));
if (ruby_verbose) {
rb_str_cat2(ret, ": ");
rb_str_cat2(ret, SSL_state_string_long(ssl));
}
return ret;
}
#stop ⇒ nil (private)
Sends “close notify” to the peer and tries to shut down the ::OpenSSL::SSL connection gracefully.
# File 'ext/openssl/ossl_ssl.c', line 2136
static VALUE
ossl_ssl_stop(VALUE self)
{
SSL *ssl;
int ret;
GetSSL(self, ssl);
if (!ssl_started(ssl))
return Qnil;
ret = SSL_shutdown(ssl);
if (ret == 1) /* Have already received close_notify */
return Qnil;
if (ret == 0) /* Sent close_notify, but we don't wait for reply */
return Qnil;
/*
* XXX: Something happened. Possibly it failed because the underlying socket
* is not writable/readable, since it is in non-blocking mode. We should do
* some proper error handling using SSL_get_error() and maybe retry, but we
* can't block here. Give up for now.
*/
ossl_clear_error();
return Qnil;
}
#sysclose ⇒ nil
Sends “close notify” to the peer and tries to shut down the ::OpenSSL::SSL connection gracefully.
If sync_close is set to true, the underlying ::IO is also closed.
# File 'ext/openssl/lib/openssl/ssl.rb', line 422
def sysclose return if closed? stop io.close if sync_close end
#sysread(length) ⇒ String
#sysread(length, buffer) ⇒ buffer
String
#sysread(length, buffer) ⇒ buffer
Reads length bytes from the ::OpenSSL::SSL connection. If a pre-allocated buffer is provided the data will be written into it.
# File 'ext/openssl/ossl_ssl.c', line 2020
static VALUE
ossl_ssl_read(int argc, VALUE *argv, VALUE self)
{
return ossl_ssl_read_internal(argc, argv, self, 0);
}
#sysread_nonblock(length) ⇒ String (private)
#sysread_nonblock(length, buffer) ⇒ buffer
#sysread_nonblock(length[, buffer [, opts]) ⇒ buffer
String (private)
#sysread_nonblock(length, buffer) ⇒ buffer
#sysread_nonblock(length[, buffer [, opts]) ⇒ buffer
A non-blocking version of #sysread. Raises an SSLError if reading would block. If “exception: false” is passed, this method returns a symbol of :wait_readable, :wait_writable, or nil, rather than raising an exception.
Reads length bytes from the ::OpenSSL::SSL connection. If a pre-allocated buffer is provided the data will be written into it.
# File 'ext/openssl/ossl_ssl.c', line 2039
static VALUE
ossl_ssl_read_nonblock(int argc, VALUE *argv, VALUE self)
{
return ossl_ssl_read_internal(argc, argv, self, 1);
}
#syswrite(string) ⇒ Integer
Writes string to the ::OpenSSL::SSL connection.
# File 'ext/openssl/ossl_ssl.c', line 2106
static VALUE
ossl_ssl_write(VALUE self, VALUE str)
{
return ossl_ssl_write_internal(self, str, Qfalse);
}
#syswrite_nonblock(string) ⇒ Integer (private)
Writes string to the ::OpenSSL::SSL connection in a non-blocking manner. Raises an SSLError if writing would block.
# File 'ext/openssl/ossl_ssl.c', line 2119
static VALUE
ossl_ssl_write_nonblock(int argc, VALUE *argv, VALUE self)
{
VALUE str, opts;
rb_scan_args(argc, argv, "1:", &str, &opts);
return ossl_ssl_write_internal(self, str, opts);
}
#tmp_dh_callback (private)
[ GitHub ]# File 'ext/openssl/lib/openssl/ssl.rb', line 500
def tmp_dh_callback @context.tmp_dh_callback || OpenSSL::SSL::SSLContext::DEFAULT_TMP_DH_CALLBACK end
#tmp_key ⇒ PKey?
Returns the ephemeral key used in case of forward secrecy cipher.
# File 'ext/openssl/ossl_ssl.c', line 2569
static VALUE
ossl_ssl_tmp_key(VALUE self)
{
SSL *ssl;
EVP_PKEY *key;
GetSSL(self, ssl);
if (!SSL_get_server_tmp_key(ssl, &key))
return Qnil;
return ossl_pkey_new(key);
}
#verify_result ⇒ Integer
Returns the result of the peer certificates verification. See verify(1) for error values and descriptions.
If no peer certificate was presented X509_V_OK is returned.
# File 'ext/openssl/ossl_ssl.c', line 2389
static VALUE
ossl_ssl_get_verify_result(VALUE self)
{
SSL *ssl;
GetSSL(self, ssl);
return LONG2NUM(SSL_get_verify_result(ssl));
}