Use SSLContext to set up the parameters for a TLS (former SSL) connection. Both client and server TLS connections are supported, SSLSocket and SSLServer may be used in conjunction with an instance of SSLContext to set up connections.
Namespace
- MODULE OpenSSL::SSL::SocketForwarder
- CLASS OpenSSL::SSL::SSLContext
- CLASS OpenSSL::SSL::SSLError
- CLASS OpenSSL::SSL::SSLErrorWaitReadable
- CLASS OpenSSL::SSL::SSLErrorWaitWritable
- CLASS OpenSSL::SSL::SSLServer
- CLASS OpenSSL::SSL::SSLSocket
- CLASS OpenSSL::SSL::Session
Methods
Constants
| OP_ALL | = | ULONG2NUM(SSL_OP_ALL) |
| OP_ALLOW_CLIENT_RENEGOTIATION | = | ULONG2NUM(SSL_OP_ALLOW_CLIENT_RENEGOTIATION) |
| OP_ALLOW_NO_DHE_KEX | = | ULONG2NUM(SSL_OP_ALLOW_NO_DHE_KEX) |
| OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION | = | ULONG2NUM(SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION) |
| OP_CIPHER_SERVER_PREFERENCE | = | ULONG2NUM(SSL_OP_CIPHER_SERVER_PREFERENCE) |
| OP_CISCO_ANYCONNECT | = | ULONG2NUM(SSL_OP_CISCO_ANYCONNECT) |
| OP_CLEANSE_PLAINTEXT | = | ULONG2NUM(SSL_OP_CLEANSE_PLAINTEXT) |
| OP_COOKIE_EXCHANGE | = | ULONG2NUM(SSL_OP_COOKIE_EXCHANGE) |
| OP_CRYPTOPRO_TLSEXT_BUG | = | ULONG2NUM(SSL_OP_CRYPTOPRO_TLSEXT_BUG) |
| OP_DISABLE_TLSEXT_CA_NAMES | = | ULONG2NUM(SSL_OP_DISABLE_TLSEXT_CA_NAMES) |
| OP_DONT_INSERT_EMPTY_FRAGMENTS | = | ULONG2NUM(SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS) |
| OP_ENABLE_KTLS | = | ULONG2NUM(SSL_OP_ENABLE_KTLS) |
| OP_ENABLE_MIDDLEBOX_COMPAT | = | ULONG2NUM(SSL_OP_ENABLE_MIDDLEBOX_COMPAT) |
| OP_EPHEMERAL_RSA | = | ULONG2NUM(SSL_OP_EPHEMERAL_RSA) |
Deprecated in |
||
| OP_IGNORE_UNEXPECTED_EOF | = | ULONG2NUM(SSL_OP_IGNORE_UNEXPECTED_EOF) |
| OP_LEGACY_SERVER_CONNECT | = | ULONG2NUM(SSL_OP_LEGACY_SERVER_CONNECT) |
| OP_MICROSOFT_BIG_SSLV3_BUFFER | = | ULONG2NUM(SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER) |
Deprecated in |
||
| OP_MICROSOFT_SESS_ID_BUG | = | ULONG2NUM(SSL_OP_MICROSOFT_SESS_ID_BUG) |
Deprecated in |
||
| OP_MSIE_SSLV2_RSA_PADDING | = | ULONG2NUM(SSL_OP_MSIE_SSLV2_RSA_PADDING) |
Deprecated in |
||
| OP_NETSCAPE_CA_DN_BUG | = | ULONG2NUM(SSL_OP_NETSCAPE_CA_DN_BUG) |
Deprecated in |
||
| OP_NETSCAPE_CHALLENGE_BUG | = | ULONG2NUM(SSL_OP_NETSCAPE_CHALLENGE_BUG) |
Deprecated in |
||
| OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG | = | ULONG2NUM(SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG) |
Deprecated in |
||
| OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG | = | ULONG2NUM(SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG) |
Deprecated in |
||
| OP_NO_ANTI_REPLAY | = | ULONG2NUM(SSL_OP_NO_ANTI_REPLAY) |
| OP_NO_COMPRESSION | = | ULONG2NUM(SSL_OP_NO_COMPRESSION) |
| OP_NO_ENCRYPT_THEN_MAC | = | ULONG2NUM(SSL_OP_NO_ENCRYPT_THEN_MAC) |
| OP_NO_QUERY_MTU | = | ULONG2NUM(SSL_OP_NO_QUERY_MTU) |
| OP_NO_RENEGOTIATION | = | ULONG2NUM(SSL_OP_NO_RENEGOTIATION) |
| OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION | = | ULONG2NUM(SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION) |
| OP_NO_SSLv2 | = | ULONG2NUM(SSL_OP_NO_SSLv2) |
Deprecated in |
||
| OP_NO_SSLv3 | = | ULONG2NUM(SSL_OP_NO_SSLv3) |
| OP_NO_TICKET | = | ULONG2NUM(SSL_OP_NO_TICKET) |
| OP_NO_TLSv1 | = | ULONG2NUM(SSL_OP_NO_TLSv1) |
| OP_NO_TLSv1_1 | = | ULONG2NUM(SSL_OP_NO_TLSv1_1) |
| OP_NO_TLSv1_2 | = | ULONG2NUM(SSL_OP_NO_TLSv1_2) |
| OP_NO_TLSv1_3 | = | ULONG2NUM(SSL_OP_NO_TLSv1_3) |
| OP_PKCS1_CHECK_1 | = | ULONG2NUM(SSL_OP_PKCS1_CHECK_1) |
Deprecated in |
||
| OP_PKCS1_CHECK_2 | = | ULONG2NUM(SSL_OP_PKCS1_CHECK_2) |
Deprecated in |
||
| OP_PRIORITIZE_CHACHA | = | ULONG2NUM(SSL_OP_PRIORITIZE_CHACHA) |
| OP_SAFARI_ECDHE_ECDSA_BUG | = | ULONG2NUM(SSL_OP_SAFARI_ECDHE_ECDSA_BUG) |
| OP_SINGLE_DH_USE | = | ULONG2NUM(SSL_OP_SINGLE_DH_USE) |
Deprecated in |
||
| OP_SINGLE_ECDH_USE | = | ULONG2NUM(SSL_OP_SINGLE_ECDH_USE) |
Deprecated in |
||
| OP_SSLEAY_080_CLIENT_DH_BUG | = | ULONG2NUM(SSL_OP_SSLEAY_080_CLIENT_DH_BUG) |
Deprecated in |
||
| OP_SSLREF2_REUSE_CERT_TYPE_BUG | = | ULONG2NUM(SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG) |
Deprecated in |
||
| OP_TLSEXT_PADDING | = | ULONG2NUM(SSL_OP_TLSEXT_PADDING) |
| OP_TLS_BLOCK_PADDING_BUG | = | ULONG2NUM(SSL_OP_TLS_BLOCK_PADDING_BUG) |
Deprecated in |
||
| OP_TLS_D5_BUG | = | ULONG2NUM(SSL_OP_TLS_D5_BUG) |
Deprecated in |
||
| OP_TLS_ROLLBACK_BUG | = | ULONG2NUM(SSL_OP_TLS_ROLLBACK_BUG) |
| SSL2_VERSION | = | INT2NUM(SSL2_VERSION) |
|
||
| SSL3_VERSION | = | INT2NUM(SSL3_VERSION) |
|
||
| TLS1_1_VERSION | = | INT2NUM(TLS1_1_VERSION) |
TLS 1.1 |
||
| TLS1_2_VERSION | = | INT2NUM(TLS1_2_VERSION) |
TLS 1.2 |
||
| TLS1_3_VERSION | = | INT2NUM(TLS1_3_VERSION) |
TLS 1.3 |
||
| TLS1_VERSION | = | INT2NUM(TLS1_VERSION) |
TLS 1.0 |
||
| VERIFY_CLIENT_ONCE | = | INT2NUM(SSL_VERIFY_CLIENT_ONCE) |
| VERIFY_FAIL_IF_NO_PEER_CERT | = | INT2NUM(SSL_VERIFY_FAIL_IF_NO_PEER_CERT) |
| VERIFY_NONE | = | INT2NUM(SSL_VERIFY_NONE) |
| VERIFY_PEER | = | INT2NUM(SSL_VERIFY_PEER) |
Class Public methods
verify_certificate_identity(cert, hostname) Link
# File ruby/ext/openssl/lib/openssl/ssl.rb, line 276 def verify_certificate_identity(cert, hostname) should_verify_common_name = true cert.extensions.each{|ext| next if ext.oid != "subjectAltName" ostr = OpenSSL::ASN1.decode(ext.to_der).value.last sequence = OpenSSL::ASN1.decode(ostr.value) sequence.value.each{|san| case san.tag when 2 # dNSName in GeneralName (RFC5280) should_verify_common_name = false return true if verify_hostname(hostname, san.value) when 7 # iPAddress in GeneralName (RFC5280) should_verify_common_name = false if san.value.size == 4 || san.value.size == 16 begin return true if san.value == IPAddr.new(hostname).hton rescue IPAddr::InvalidAddressError end end end } } if should_verify_common_name cert.subject.to_a.each{|oid, value| if oid == "CN" return true if verify_hostname(hostname, value) end } end return false end