In Files

  • drb/ssl.rb

DRb::DRbSSLSocket::SSLConfig

Constants

DEFAULT

Public Class Methods

new(config) click to toggle source
 
               # File drb/ssl.rb, line 27
def initialize(config)
  @config  = config
  @cert    = config[:SSLCertificate]
  @pkey    = config[:SSLPrivateKey]
  @ssl_ctx = nil
end
            

Public Instance Methods

[](key) click to toggle source
 
               # File drb/ssl.rb, line 34
def [](key);
  @config[key] || DEFAULT[key]
end
            
accept(tcp) click to toggle source
 
               # File drb/ssl.rb, line 45
def accept(tcp)
  ssl = OpenSSL::SSL::SSLSocket.new(tcp, @ssl_ctx)
  ssl.sync = true
  ssl.accept
  ssl
end
            
connect(tcp) click to toggle source
 
               # File drb/ssl.rb, line 38
def connect(tcp)
  ssl = ::OpenSSL::SSL::SSLSocket.new(tcp, @ssl_ctx)
  ssl.sync = true
  ssl.connect
  ssl
end
            
setup_certificate() click to toggle source
 
               # File drb/ssl.rb, line 52
def setup_certificate
  if @cert && @pkey
    return
  end

  rsa = OpenSSL::PKey::RSA.new(512){|p, n|
    next unless self[:verbose]
    case p
    when 0; $stderr.putc "."  # BN_generate_prime
    when 1; $stderr.putc "+"  # BN_generate_prime
    when 2; $stderr.putc "*"  # searching good prime,
                              # n = #of try,
                              # but also data from BN_generate_prime
    when 3; $stderr.putc "\n" # found good prime, n==0 - p, n==1 - q,
                              # but also data from BN_generate_prime
    else;   $stderr.putc "*"  # BN_generate_prime
    end
  }

  cert = OpenSSL::X509::Certificate.new
  cert.version = 3
  cert.serial = 0
  name = OpenSSL::X509::Name.new(self[:SSLCertName])
  cert.subject = name
  cert.issuer = name
  cert.not_before = Time.now
  cert.not_after = Time.now + (365*24*60*60)
  cert.public_key = rsa.public_key

  ef = OpenSSL::X509::ExtensionFactory.new(nil,cert)
  cert.extensions = [
    ef.create_extension("basicConstraints","CA:FALSE"),
    ef.create_extension("subjectKeyIdentifier", "hash") ]
  ef.issuer_certificate = cert
  cert.add_extension(ef.create_extension("authorityKeyIdentifier",
                                         "keyid:always,issuer:always"))
  if comment = self[:SSLCertComment]
    cert.add_extension(ef.create_extension("nsComment", comment))
  end
  cert.sign(rsa, OpenSSL::Digest::SHA1.new)

  @cert = cert
  @pkey = rsa
end
            
setup_ssl_context() click to toggle source
 
               # File drb/ssl.rb, line 97
def setup_ssl_context
  ctx = ::OpenSSL::SSL::SSLContext.new
  ctx.cert            = @cert
  ctx.key             = @pkey
  ctx.client_ca       = self[:SSLClientCA]
  ctx.ca_path         = self[:SSLCACertificatePath]
  ctx.ca_file         = self[:SSLCACertificateFile]
  ctx.verify_mode     = self[:SSLVerifyMode]
  ctx.verify_depth    = self[:SSLVerifyDepth]
  ctx.verify_callback = self[:SSLVerifyCallback]
  ctx.cert_store      = self[:SSLCertificateStore]
  @ssl_ctx = ctx
end
            

Commenting is here to help enhance the documentation. For example, code samples, or clarification of the documentation.

If you have questions about Ruby or the documentation, please post to one of the Ruby mailing lists. You will get better, faster, help that way.

If you wish to post a correction of the docs, please do so, but also file bug report so that it can be corrected for the next release. Thank you.

If you want to help improve the Ruby documentation, please visit Documenting-ruby.org.

blog comments powered by Disqus