async-io 1.0.0 → 1.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 3fbd77d42c8f025d30053dc7e421240f1f2c68fa
-  data.tar.gz: 402ee863245252e8e3f19723876301650c9e6439
+SHA256:
+  metadata.gz: bb235e6d1285f39304e2feaaff9a1d2b7d37d237600b205438509d3b96bb9f9e
+  data.tar.gz: a84f31c19838358f8cd486659acc2bb76d6ab4f87f1f6fcb16506e5e6649231f
 SHA512:
-  metadata.gz: dae197ce5e7a47b42b3ec929777ab4baae97182f6e5c3fda6953223c983f1d9cc0f4034c495c12aa6a5e742b520aa138b17633ed667989fc8e714dad6e8a670e
-  data.tar.gz: 3ccb61d3e991fd5d52beabca6e6da9ee834adc637803c42405bd101446ba3dbbc7927119391a14b09605557346715947c5234be66e61fd944332a3984cfbd762
+  metadata.gz: 2aac0ebf53a9a4535747dec63f2f1864d4c57f043cfb9b3c1498a0e7f647d8b42fbe2fb493810d8e13990d79b42576f227bf6131918e899b41b101bd1a5e6c30
+  data.tar.gz: df5224b997090982c11c3ed2c3b52386f2e86b6416bfb537d32140b189e101ac7e7f6504bc224fd4ef8e122f65429ef1c3bcb3c8d8a15983c1dfed661fabc65b

data/README.md

@@ -82,6 +82,8 @@ end
 ## See Also
 
 - [async](https://github.com/socketry/async) — Asynchronous event-driven reactor.
+- [async-process](https://github.com/socketry/async-process) — Asynchronous process spawning/waiting.
+- [async-websocket](https://github.com/socketry/async-websocket) — Asynchronous client and server websockets.
 - [async-dns](https://github.com/socketry/async-dns) — Asynchronous DNS resolver and server.
 - [async-rspec](https://github.com/socketry/async-rspec) — Shared contexts for running async specs.
 - [rubydns](https://github.com/ioquatix/rubydns) — A easy to use Ruby DNS server.

data/lib/async/io/endpoint.rb

@@ -26,7 +26,6 @@ module Async
 		Address = Addrinfo
 		
 		class Endpoint < Struct.new(:specification, :options)
-			include ::Socket::Constants
 			include Comparable
 			
 			class << self
@@ -36,23 +35,32 @@ module Async
 				end
 				
 				def tcp(*args, **options)
-					self.new(Address.tcp(*args), **options)
+					AddressEndpoint.new(Address.tcp(*args), **options)
 				end
 				
 				def udp(*args, **options)
-					self.new(Address.udp(*args), **options)
+					AddressEndpoint.new(Address.udp(*args), **options)
 				end
 				
 				def unix(*args, **options)
-					self.new(Address.unix(*args), **options)
+					AddressEndpoint.new(Address.unix(*args), **options)
 				end
 				
+				def ssl(*args, **options)
+					SecureEndpoint.new(Endpoint.tcp(*args, **options), **options)
+				end
+				
+				# Generate a list of endpoints from an array.
 				def each(specifications, &block)
+					return to_enum(:each, specifications) unless block_given?
+					
 					specifications.each do |specification|
 						if specification.is_a? self
 							yield specification
 						elsif specification.is_a? Array
 							yield self.send(*specification)
+						elsif specification.is_a? String
+							yield self.parse(specification)
 						else
 							yield self.new(specification)
 						end
@@ -71,17 +79,6 @@ module Async
 			# This is how addresses are internally converted, e.g. within `Socket#sendto`.
 			alias to_str to_sockaddr
 			
-			def address
-				@address ||= case specification
-					when Addrinfo
-						specification
-					when ::BasicSocket, BasicSocket
-						specification.local_address
-				else
-					raise ArgumentError, "Not sure how to convert #{specification} into address!"
-				end
-			end
-			
 			# SOCK_STREAM, SOCK_DGRAM, SOCK_RAW, etc.
 			def socket_type
 				address.socktype
@@ -97,38 +94,89 @@ module Async
 				address.protocol
 			end
 			
-			def bind(&block)
-				case specification
-				when Addrinfo
-					Socket.bind(specification, **options, &block)
-				when ::BasicSocket
-					yield Socket.new(specification)
-				when BasicSocket
-					yield specification
-				else
-					raise ArgumentError, "Not sure how to bind to #{specification}!"
-				end
+			def bind
+				yield specification
 			end
 			
 			def accept(&block)
-				backlog = self.options.fetch(:backlog, SOMAXCONN)
+				backlog = self.options.fetch(:backlog, Socket::SOMAXCONN)
 				
-				bind do |socket|
-					socket.listen(backlog)
-					socket.accept_each(&block)
+				bind do |server|
+					server.listen(backlog)
+					server.accept_each(&block)
 				end
 			end
 			
+			def connect
+				yield specification
+			end
+		end
+		
+		# This class will open and close the socket automatically.
+		class AddressEndpoint < Endpoint
+			def address
+				specification
+			end
+			
+			def bind(&block)
+				Socket.bind(specification, **options, &block)
+			end
+			
 			def connect(&block)
-				case specification
-				when Addrinfo
-					Socket.connect(specification, &block)
-				when ::BasicSocket
-					yield Async::IO.try_convert(specification)
-				when BasicSocket
-					yield specification
+				Socket.connect(specification, &block)
+			end
+		end
+		
+		# This class doesn't exert ownership over the specified socket.
+		class SocketEndpoint < Endpoint
+			def address
+				specification.local_address
+			end
+			
+			def bind(&block)
+				yield Socket.new(specification, **options)
+			end
+			
+			def connect(&block)
+				yield Async::IO.try_convert(specification)
+			end
+		end
+		
+		class SecureEndpoint < Endpoint
+			def params
+				options[:ssl_params]
+			end
+			
+			def context
+				if context = options[:ssl_context]
+					if params = self.params
+						context = context.dup
+						context.set_params(params)
+					end
 				else
-					raise ArgumentError, "Not sure how to connect to #{specification}!"
+					context = ::OpenSSL::SSL::SSLContext.new
+					
+					if params = self.params
+						context.set_params(params)
+					end
+				end
+				
+				return context
+			end
+			
+			def bind(&block)
+				specification.bind do |server|
+					yield SSLServer.new(server, context)
+				end
+			end
+			
+			def connect(&block)
+				specification.connect do |socket|
+					ssl_socket = SSLSocket.connect_socket(socket, context)
+					
+					ssl_socket.connect
+					
+					yield ssl_socket
 				end
 			end
 		end

data/lib/async/io/generic.rb

@@ -33,7 +33,7 @@ module Async
 				# @!macro [attach] wrap_blocking_method
 				#   @method $1
 				#   Invokes `$2` on the underlying {io}. If the operation would block, the current task is paused until the operation can succeed, at which point it's resumed and the operation is completed.
-				def wrap_blocking_method(new_name, method_name, invert: true, &block)
+				def wrap_blocking_method(new_name, method_name, invert: true)
 					define_method(new_name) do |*args|
 						async_send(method_name, *args)
 					end
@@ -94,17 +94,9 @@ module Async
 						@io.__send__(*args, exception: false)
 					end
 				end
-			else
-				def async_send(*args)
-					async do
-						@io.__send__(*args)
-					end
-				end
-			end
-			
-			def async
-				while true
-					begin
+				
+				def async
+					while true
 						result = yield
 						
 						case result
@@ -115,10 +107,42 @@ module Async
 						else
 							return result
 						end
-					rescue ::IO::WaitReadable
-						wait_readable
-					rescue ::IO::WaitWritable
-						wait_writable
+					end
+				end
+			elsif RUBY_VERSION >= "2.1"
+				def async_send(*args)
+					async do
+						@io.__send__(*args)
+					end
+				end
+				
+				def async
+					while true
+						begin
+							return yield
+						rescue ::IO::WaitReadable, ::IO::EAGAINWaitReadable
+							wait_readable
+						rescue ::IO::WaitWritable, ::IO::EAGAINWaitWritable
+							wait_writable
+						end
+					end
+				end
+			else
+				def async_send(*args)
+					async do
+						@io.__send__(*args)
+					end
+				end
+				
+				def async
+					while true
+						begin
+							return yield
+						rescue ::IO::WaitReadable
+							wait_readable
+						rescue ::IO::WaitWritable
+							wait_writable
+						end
 					end
 				end
 			end

data/lib/async/io/socket.rb

@@ -36,19 +36,23 @@ module Async
 		end
 		
 		module ServerSocket
-			def accept
+			def accept(task: Task.current)
 				peer, address = async_send(:accept_nonblock)
 				
+				wrapper = Socket.new(peer, self.reactor)
+				
 				if block_given?
-					wrapper = Socket.new(peer, self.reactor)
-					
-					begin
-						yield wrapper, address
-					ensure
-						wrapper.close
+					task.async do
+						task.annotate "incoming connection #{address}"
+						
+						begin
+							yield wrapper, address
+						ensure
+							wrapper.close
+						end
 					end
 				else
-					return Socket.new(peer, self.reactor), address
+					return wrapper, address
 				end
 			end
 			
@@ -56,14 +60,8 @@ module Async
 				task.annotate "accepting connections #{self.local_address.inspect}"
 				
 				while true
-					task.async(*self.accept) do |task, io, address|
-						task.annotate "incoming connection #{address}"
-						
-						begin
-							yield io, address
-						ensure
-							io.close
-						end
+					self.accept(task: task) do |io, address|
+						yield io, address
 					end
 				end
 			end
@@ -73,7 +71,6 @@ module Async
 			wraps ::Socket, :bind, :ipv6only!, :listen
 			
 			include ::Socket::Constants
-			
 			include ServerSocket
 			
 			def connect(*args)
@@ -85,7 +82,7 @@ module Async
 			end
 			
 			def self.build(*args, task: Task.current)
-				socket = ::Socket.new(*args)
+				socket = wrapped_klass.new(*args)
 				
 				yield socket
 				
@@ -102,10 +99,10 @@ module Async
 			# @param remote_address [Addrinfo] The remote address to connect to.
 			# @param local_address [Addrinfo] The local address to bind to before connecting.
 			# @option protcol [Integer] The socket protocol to use.
-			def self.connect(remote_address, local_address = nil, task: Task.current)
+			def self.connect(remote_address, local_address = nil, task: Task.current, **options)
 				task.annotate "connecting to #{remote_address.inspect}"
 				
-				wrapper = build(remote_address.afamily, remote_address.socktype, remote_address.protocol) do |socket|
+				wrapper = build(remote_address.afamily, remote_address.socktype, remote_address.protocol, **options) do |socket|
 					socket.setsockopt(::Socket::SOL_SOCKET, ::Socket::SO_REUSEADDR, true)
 					
 					if local_address
@@ -140,10 +137,10 @@ module Async
 			# @param local_address [Address] The local address to bind to.
 			# @option protocol [Integer] The socket protocol to use.
 			# @option reuse_port [Boolean] Allow this port to be bound in multiple processes.
-			def self.bind(local_address, protocol: 0, reuse_port: false, task: Task.current, &block)
+			def self.bind(local_address, protocol: 0, reuse_port: false, task: Task.current, **options, &block)
 				task.annotate "binding to #{local_address.inspect}"
 				
-				wrapper = build(local_address.afamily, local_address.socktype, protocol) do |socket|
+				wrapper = build(local_address.afamily, local_address.socktype, protocol, **options) do |socket|
 					socket.setsockopt(::Socket::SOL_SOCKET, ::Socket::SO_REUSEADDR, true)
 					socket.setsockopt(::Socket::SOL_SOCKET, ::Socket::SO_REUSEPORT, true) if reuse_port
 					socket.bind(local_address.to_sockaddr)

data/lib/async/io/ssl_socket.rb

@@ -0,0 +1,98 @@
+# Copyright, 2017, by Samuel G. D. Williams. <http://www.codeotaku.com>
+# 
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+# 
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+# 
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
+
+require_relative 'socket'
+
+require 'openssl'
+
+module Async
+	module IO
+		SSLError = OpenSSL::SSL::SSLError
+		
+		# Asynchronous TCP socket wrapper.
+		class SSLSocket < Generic
+			wraps ::OpenSSL::SSL::SSLSocket, :alpn_protocol, :cert, :cipher, :client_ca, :hostname=, :npn_protocol, :peer_cert, :peer_cert_chain, :pending, :post_connection_check, :session, :session=, :session_reused?, :ssl_version, :state
+			
+			wrap_blocking_method :accept, :accept_nonblock
+			wrap_blocking_method :connect, :connect_nonblock
+			
+			def local_address
+				@io.to_io.local_address
+			end
+			
+			def remote_address
+				@io.to_io.remote_address
+			end
+			
+			def self.connect_socket(socket, context)
+				io = wrapped_klass.new(socket.io, context)
+				
+				# This ensures that when the internal IO is closed, it also closes the internal socket:
+				io.sync_close = true
+				
+				return self.new(io, socket.reactor)
+			end
+		end
+		
+		class SSLServer
+			extend Forwardable
+			
+			def initialize(server, context)
+				@server = server
+				@context = context
+			end
+			
+			def_delegators :@server, :local_address, :setsockopt, :getsockopt
+			
+			attr :server
+			attr :context
+			
+			include ServerSocket
+			
+			def listen(*args)
+				@server.listen(*args)
+			end
+			
+			def accept(task: Task.current)
+				peer, address = @server.accept
+				
+				wrapper = SSLSocket.connect_socket(peer, @context)
+				
+				if block_given?
+					task.async do
+						task.annotate "accepting secure connection #{address}"
+						
+						begin
+							wrapper.accept
+							
+							yield wrapper, address
+						rescue SSLError
+							Async.logger.error($!.class) {$!}
+						ensure
+							wrapper.close
+						end
+					end
+				else
+					return wrapper, address
+				end
+			end
+		end
+	end
+end

data/lib/async/io/version.rb

@@ -20,6 +20,6 @@
 
 module Async
 	module IO
-		VERSION = "1.0.0"
+		VERSION = "1.1.0"
 	end
 end

data/spec/async/io/endpoint_spec.rb

@@ -33,7 +33,7 @@ RSpec.describe Async::IO::Endpoint do
 		end
 	end
 	
-	describe Async::IO::Endpoint.new(TCPServer.new('0.0.0.0', 1234)) do
+	describe Async::IO::SocketEndpoint.new(TCPServer.new('0.0.0.0', 1234)) do
 		it "should be a tcp binding" do
 			expect(subject.socket_type).to be == ::Socket::SOCK_STREAM
 		end

data/spec/async/io/ssl/gen_certs.sh

@@ -0,0 +1,31 @@
+#!/bin/sh
+
+get_subject() {
+  if [ "$1" = "trusted" ]
+  then
+    echo "/C=US/ST=California/L=San Francisco/O=Celluloid/OU=Socketry/CN=localhost"
+  else
+    echo "/C=XX/ST=Untrusted/L=Evilville/O=Evil Hacker/OU=Attack Department/CN=localhost"
+  fi
+}
+
+# Generate two CAs: one to be considered trusted, and one that's untrusted
+for type in trusted untrusted; do
+  rm -rf ./demoCA
+  mkdir -p ./demoCA
+  mkdir -p ./demoCA/certs
+  mkdir -p ./demoCA/crl
+  mkdir -p ./demoCA/newcerts
+  mkdir -p ./demoCA/private
+  touch ./demoCA/index.txt
+
+  openssl genrsa -out ${type}-ca.key 2048
+  openssl req -new -x509 -days 12500 -key ${type}-ca.key -out ${type}-ca.crt -subj "$(get_subject $type)"
+  openssl x509 -in ${type}-ca.crt -noout -next_serial -out ./demoCA/serial
+
+  openssl req -newkey rsa:2048 -keyout ${type}-cert.key -nodes -out ${type}-cert.req -subj "$(get_subject $type)"
+  openssl ca -days 12500 -cert ${type}-ca.crt -keyfile ${type}-ca.key -out ${type}-cert.crt -infiles ${type}-cert.req
+  rm ${type}-cert.req
+done
+
+rm -rf ./demoCA

data/spec/async/io/ssl/trusted-ca.crt

@@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIESjCCAzKgAwIBAgIJAPCsnL6/gRaRMA0GCSqGSIb3DQEBBQUAMHUxCzAJBgNV
+BAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNp
+c2NvMRIwEAYDVQQKEwlDZWxsdWxvaWQxETAPBgNVBAsTCFNvY2tldHJ5MRIwEAYD
+VQQDEwlsb2NhbGhvc3QwIBcNMTYwOTEwMTY0OTIwWhgPMjA1MDEyMDExNjQ5MjBa
+MHUxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1T
+YW4gRnJhbmNpc2NvMRIwEAYDVQQKEwlDZWxsdWxvaWQxETAPBgNVBAsTCFNvY2tl
+dHJ5MRIwEAYDVQQDEwlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQDAXdhY1LlZrTBTxecJzNvYYKXgp2ya6Qqvb8e+knhw7674kM5EB5Qw
+3dxt1msdgzfqlwBQUIJSUtsi2jwcVXlHs9c6gePkiZJMCNag5fyi/o2kQmlOQFR8
+N9uOhd4YThZRD7/Aoa04FMmIPeNYtVnkx8lbZO5MWN3RQ+ppovYhP/d/IWHUpXs1
+J/H4fZxucsDMKo5zX36VuEdFAyIgxZ8lw1/dp3BwAl+82Pcs+GSwPFawAcvVKkOt
+OwE9Edw8iNlKWjgcwGSfNHwJoyr10YK/f90CzdZbJGofEZbHxueAT1bftEqHf4zv
+vs5mp9TkkQh0UuQpwalp050In7lrkI9TAgMBAAGjgdowgdcwHQYDVR0OBBYEFGh2
+jJPd4xrU5D+QV4WiErIWUWbiMIGnBgNVHSMEgZ8wgZyAFGh2jJPd4xrU5D+QV4Wi
+ErIWUWbioXmkdzB1MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEW
+MBQGA1UEBxMNU2FuIEZyYW5jaXNjbzESMBAGA1UEChMJQ2VsbHVsb2lkMREwDwYD
+VQQLEwhTb2NrZXRyeTESMBAGA1UEAxMJbG9jYWxob3N0ggkA8Kycvr+BFpEwDAYD
+VR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAERiepnBTfYOto5yNXP2um6MI
+R8ly66ImTixYpn3PtToPrkQ4Smgp/B7E2P6uFkFyrx8d5yd+r42yZ07ZJXM/qXg1
+xggtpls+LeqQi4b6FXoJpSRmyG2cbd0oznOnR3ebrBHd/gP13H3sc0FQjrQ6ERJh
+kWffK2pka3Q9KGJc2ygCYTpG4wPNRqMohAT49CqwdrbOn43Nnt/tQKu6yluKCM0h
+1tOv9RFlAJhhbKyB9uFDPGD9TNbyk4wHCw9CviIg5Ao1MWUS9uBR+pMESpt9ewQz
+H/Y5nPIDYF9i2zekavtbgibjMEQ1N2Qs2y/2Y5A5YiihfN8iWwBMW4QJx8QLBg==
+-----END CERTIFICATE-----

data/spec/async/io/ssl/trusted-ca.key

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEogIBAAKCAQEAwF3YWNS5Wa0wU8XnCczb2GCl4KdsmukKr2/HvpJ4cO+u+JDO
+RAeUMN3cbdZrHYM36pcAUFCCUlLbIto8HFV5R7PXOoHj5ImSTAjWoOX8ov6NpEJp
+TkBUfDfbjoXeGE4WUQ+/wKGtOBTJiD3jWLVZ5MfJW2TuTFjd0UPqaaL2IT/3fyFh
+1KV7NSfx+H2cbnLAzCqOc19+lbhHRQMiIMWfJcNf3adwcAJfvNj3LPhksDxWsAHL
+1SpDrTsBPRHcPIjZSlo4HMBknzR8CaMq9dGCv3/dAs3WWyRqHxGWx8bngE9W37RK
+h3+M777OZqfU5JEIdFLkKcGpadOdCJ+5a5CPUwIDAQABAoIBACmvrISDhK8UQtbE
+mi6bgEDBoPCwF27ydWhTNtvrbcI7jpU6/Bft9IUqbuw2fPvmRaXGl0DQUY15exdw
+Z3pUY3XQWSHKqBIMZfGoMKqpbDf+Jb+kzKEye5x3llKqW9i0g02JtioOXzU5+/pU
+PwIoOpTDXrU5iBJvZ5JDv3ao4+GMVDKOlxsmMqW0rq4gDm48tZTyQpXlvAx+adXb
+YF8n1KQ6Nx6lDinCVz9MjBdQ3vNrN/VMaVIIl0knG2oMmNRvf9xDasLYGkuLbj+E
+0O2WjzgopBsj7Qq59u7w262qvYqfMkVx1lGUHmITVAXso+b5l/RThbw3MoJYedLy
+GPzC1eECgYEA+wcRjIPNkEd/+UoiaHx3EKi6faKtwq2DStkXjODYk/viVwhG+5bV
+blXf0gjv79jleYn1LAu0FoolYVMur5aHzdJBvjWZl6Uq649xe6CwaGKZikWiMe6I
+4TRkSqxKjahJcEb4VUjAWL/pruBXOUkF1SQ9GRkIdXCwfzYhA0BTeCsCgYEAxC1Q
+OhVxiSi4XiacKEJkmbiDN6O7inoGp3rcE6wBBQipDwTRLJZBXauwzRslpzMWMvo0
+TjHnWn6A3e/fKCjUAu3jWq2GrS+UE7kMXSDdPW2Fl8fzAKGxY1XAwPng4EpdRd5Y
+5LVGin10wZ/mOURF0jEy2XRaMeP1E3MtRePJyXkCgYB4SonZSOu/wNONdT4JzeMM
+g55iSAt2J8mrm15Srwh52ZE73YaOV1hNeC86Kfg4ejp0xGxNQAp7ZpXFDqRnlf3b
+3m6MpIjGh2qK2QErmfQPAXjMLtQrkz/ak02gDvHm8gbHG+syixtJLCXiHDUQCXMX
+ETeKCFnqVSbuvtSRB0k4YwKBgGjq+x81XLVIS+I+sAFwELGN1s+pB6H1xR1JPe5f
+bWQtz4yyvNQlv+vC6RmozShw0AyPd+3iDqN9SJppsWWfAFRYueFDMOXqrj0mGJCu
+BOTXcD1OuI277Ez+DcqnWTdbTisR0WTv9jwXAJyVUeGKu/TATzuxWJOaIPY4ARyB
+yOexAoGAL75WiMSKtvZUAqTchEJxmhOuhHSaLF+b2VNnI4NCHK1aVrvH5jErPNIO
+NTSj4GBr8wjaC0Zhvu6EAIlK9xMM7R41ZEQG/3HuRMcjf8kUkGmfJ2KjS5alC5Yh
+BSV4gGcDsQ0nZEgSHZ8hSwzBrwXtd1jMNs4cMVPgiwb/BWOecQw=
+-----END RSA PRIVATE KEY-----

data/spec/async/io/ssl/trusted-cert.crt

@@ -0,0 +1,83 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            f0:ac:9c:be:bf:81:16:92
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, ST=California, L=San Francisco, O=Celluloid, OU=Socketry, CN=localhost
+        Validity
+            Not Before: Sep 10 16:49:21 2016 GMT
+            Not After : Dec  1 16:49:21 2050 GMT
+        Subject: C=US, ST=California, O=Celluloid, OU=Socketry, CN=localhost
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:b9:1f:61:e1:42:d2:4c:12:be:51:f1:7c:52:c8:
+                    67:a4:48:38:29:df:44:20:a2:6e:13:90:e6:5a:7f:
+                    88:c8:1d:5e:c3:11:58:06:a2:0c:30:fc:d6:a0:dd:
+                    3a:0d:dd:05:1f:76:47:51:e7:49:28:f4:90:09:65:
+                    1e:93:bb:c5:f8:07:16:48:00:67:72:13:1a:a6:cc:
+                    11:74:40:e1:ba:0c:ba:ef:7e:82:37:2a:62:3d:69:
+                    cd:2f:f0:9a:a1:61:b6:f6:a4:fc:90:51:d1:81:5e:
+                    11:2f:55:1d:8a:30:31:3a:d3:99:7e:a9:ad:4c:52:
+                    6d:be:3e:28:cf:92:a1:cc:42:1d:04:39:95:97:38:
+                    2a:57:91:06:e7:cd:80:23:5c:76:7b:dc:77:a1:52:
+                    2a:1b:85:c1:57:44:37:97:aa:17:45:e8:3f:d0:11:
+                    53:07:00:06:2d:60:d3:a9:84:4c:97:4b:33:c4:77:
+                    2e:a1:79:af:8a:30:1a:67:61:17:1f:f7:0e:40:4b:
+                    8d:84:92:cd:22:57:30:85:65:b7:b0:2e:ac:a1:55:
+                    d5:96:7f:a9:7f:24:dd:ba:88:37:46:6a:91:42:37:
+                    e1:7d:e6:5c:2e:2b:33:1b:7e:b2:15:70:78:fe:61:
+                    71:d2:bc:cd:84:49:8d:9d:98:c5:c3:95:68:b6:34:
+                    d4:d3
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints:
+                CA:FALSE
+            Netscape Comment:
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier:
+                AA:1B:00:42:93:AA:8F:15:5D:D7:B4:18:45:10:1E:75:45:C8:26:96
+            X509v3 Authority Key Identifier:
+                keyid:68:76:8C:93:DD:E3:1A:D4:E4:3F:90:57:85:A2:12:B2:16:51:66:E2
+
+    Signature Algorithm: sha1WithRSAEncryption
+        ab:3a:40:58:9f:04:fd:17:2d:bd:6c:e2:58:36:27:aa:30:68:
+        8b:17:9d:29:60:a1:a5:ac:36:a3:11:df:ee:c9:8f:c6:c3:ae:
+        7d:a0:2f:9c:f0:38:d6:1a:25:a7:2e:7a:98:ed:0f:67:9b:cb:
+        7b:b1:4c:58:eb:b3:c5:80:86:10:43:f2:43:57:39:92:de:82:
+        c3:4d:02:66:56:80:a1:98:bb:d1:a6:a4:25:54:0c:ab:45:1d:
+        eb:70:52:ac:07:a2:6c:13:68:3a:80:f4:2c:04:11:c7:40:85:
+        5c:46:71:d0:71:db:1f:35:33:8b:82:c6:09:b1:c5:96:12:ac:
+        e8:9e:a5:38:98:ac:3b:a6:86:64:95:87:36:d9:f8:9d:0a:bb:
+        70:d8:c2:39:70:f3:8b:d1:56:fc:c0:28:e1:22:82:0a:e9:7e:
+        c6:6f:52:37:98:6f:48:56:e7:0f:49:48:9c:03:0d:c0:34:93:
+        3c:b4:66:b2:b5:88:96:c7:31:27:02:b0:78:f7:12:81:31:c2:
+        e3:c6:8c:cf:f5:f6:cb:23:16:ed:b0:df:d9:e9:cb:2d:8b:6f:
+        9e:d4:78:c6:73:a0:c1:13:48:32:65:39:fe:a3:f9:53:ee:6e:
+        4b:73:0a:12:58:64:e5:9f:a2:67:65:fd:7a:1a:30:3a:ed:28:
+        f2:b2:b8:31
+-----BEGIN CERTIFICATE-----
+MIID0jCCArqgAwIBAgIJAPCsnL6/gRaSMA0GCSqGSIb3DQEBBQUAMHUxCzAJBgNV
+BAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNp
+c2NvMRIwEAYDVQQKEwlDZWxsdWxvaWQxETAPBgNVBAsTCFNvY2tldHJ5MRIwEAYD
+VQQDEwlsb2NhbGhvc3QwIBcNMTYwOTEwMTY0OTIxWhgPMjA1MDEyMDExNjQ5MjFa
+MF0xCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRIwEAYDVQQKEwlD
+ZWxsdWxvaWQxETAPBgNVBAsTCFNvY2tldHJ5MRIwEAYDVQQDEwlsb2NhbGhvc3Qw
+ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5H2HhQtJMEr5R8XxSyGek
+SDgp30Qgom4TkOZaf4jIHV7DEVgGogww/Nag3ToN3QUfdkdR50ko9JAJZR6Tu8X4
+BxZIAGdyExqmzBF0QOG6DLrvfoI3KmI9ac0v8JqhYbb2pPyQUdGBXhEvVR2KMDE6
+05l+qa1MUm2+PijPkqHMQh0EOZWXOCpXkQbnzYAjXHZ73HehUiobhcFXRDeXqhdF
+6D/QEVMHAAYtYNOphEyXSzPEdy6hea+KMBpnYRcf9w5AS42Eks0iVzCFZbewLqyh
+VdWWf6l/JN26iDdGapFCN+F95lwuKzMbfrIVcHj+YXHSvM2ESY2dmMXDlWi2NNTT
+AgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2Vu
+ZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBSqGwBCk6qPFV3XtBhFEB51Rcgm
+ljAfBgNVHSMEGDAWgBRodoyT3eMa1OQ/kFeFohKyFlFm4jANBgkqhkiG9w0BAQUF
+AAOCAQEAqzpAWJ8E/RctvWziWDYnqjBoixedKWChpaw2oxHf7smPxsOufaAvnPA4
+1holpy56mO0PZ5vLe7FMWOuzxYCGEEPyQ1c5kt6Cw00CZlaAoZi70aakJVQMq0Ud
+63BSrAeibBNoOoD0LAQRx0CFXEZx0HHbHzUzi4LGCbHFlhKs6J6lOJisO6aGZJWH
+Ntn4nQq7cNjCOXDzi9FW/MAo4SKCCul+xm9SN5hvSFbnD0lInAMNwDSTPLRmsrWI
+lscxJwKwePcSgTHC48aMz/X2yyMW7bDf2enLLYtvntR4xnOgwRNIMmU5/qP5U+5u
+S3MKElhk5Z+iZ2X9ehowOu0o8rK4MQ==
+-----END CERTIFICATE-----

data/spec/async/io/ssl/trusted-cert.key

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEogIBAAKCAQEAuR9h4ULSTBK+UfF8UshnpEg4Kd9EIKJuE5DmWn+IyB1ewxFY
+BqIMMPzWoN06Dd0FH3ZHUedJKPSQCWUek7vF+AcWSABnchMapswRdEDhugy6736C
+NypiPWnNL/CaoWG29qT8kFHRgV4RL1UdijAxOtOZfqmtTFJtvj4oz5KhzEIdBDmV
+lzgqV5EG582AI1x2e9x3oVIqG4XBV0Q3l6oXReg/0BFTBwAGLWDTqYRMl0szxHcu
+oXmvijAaZ2EXH/cOQEuNhJLNIlcwhWW3sC6soVXVln+pfyTduog3RmqRQjfhfeZc
+LiszG36yFXB4/mFx0rzNhEmNnZjFw5VotjTU0wIDAQABAoIBACqtrn4lTqBVLeVs
+W/Il26cHM1OL8oPnjqMaI9E3V8xy4Pbt17Jnx5G/qKebeRfbHaQ8O4MJZFd50n8n
+/d2nS6O71oow9ahZ+Sn9IAUCNEgVST+Pleur7MwlyTVFLhEImwrPzJ5lDnzZt/KG
+l/HU3HSoddm6uoY+9qgGYphAQOb67kYEJv+e5b8lTn0dXC7ZoG0MhqVlDh+wyHnD
+KcvtycVfGCOFVnUXbeuahLwPAvximNs/TIrHmDSIyuns31/I9OyWUMWwzgWIRw4q
+AaVA3j4OOaw8sfuWj0eQ1w/R1x5gAn+gMvqKRWKvCR/Ulmg5YRRqamc8aJsrvORl
+TGI4J1kCgYEA7JWjN7Tj0v2Qd1tkCJm+o0mz2MqNl4/QaJ3VgEM0VuaJ1qdsd7jI
+0/JhXbNKxr0mnmE+UqI5t/zQ0xWpsPqY1i+Y0B+SkGTpQpQBBGYZg064fufJOnYe
+RPp2WADvmS5ZZZzujbILlwztctPzt4dPmGY8JlSKtdOQR4qeXI39n0cCgYEAyFCX
+D6jb1R9tbd/g4UdWKoLyQPkZvSVnpAMgRmZO/V3YnaxfOBTDEKF/t7oUVL41xvM4
+/5xuzJkhi7DxV0ImRr7+DDuUxO0r1vXDhQdzsq9wuxlZW+9hiPCYFpkMLR/Lj2MQ
+zhUnQJ0FhFY/gDOnrQkEw9O2Gky61vh1LdCtHBUCgYBbmiijJg/cHr9z51fZGKY+
+lQfklbCzEUTxbMNAsUSvrP2LtjGCPXLM1ZkrbYMzZgNw6Vf3KMbOXT4BrO6SDsVk
+kPNLCh52eAv08ldee6W/OJio0lgQobFgpdVyh5I9rjuA431eMaTZLHE3t6cy1VpV
+OKhrcupuMmc3vA1K6tNbewKBgCnkgNMrk14NBou2CIfUrXaSkCt6bSGbkwNADB3t
+A5QFbmn7RKar4Oe3fshjyCC47vI+p6r9gkaTt+pJBRAkq3CcPPE9/Kz6lPKNz2gg
+2NeDzWWztXZ+p71F4+jF9T/yqFXCeB9BWUYwEJlOmFUteGG9wxtZSXpSlbijmY4N
+WEbJAoGAZnARe+/aW767Yej2shBwF8gwEvoKZMjl+VdsHCR9E2MsyRh/KsFSLp8a
+O4axayeRI1ROSFd/6AX3ch1zHxHNomab1z1zBPuAnVrdoxnsiSWvMIg5RfAAPiBP
++N5kBedH6VmkGymOR03Tr3VYcyY9sHrCZfsD44880inh4Z/T3lA=
+-----END RSA PRIVATE KEY-----

data/spec/async/io/ssl/untrusted-ca.crt

@@ -0,0 +1,26 @@
+-----BEGIN CERTIFICATE-----
+MIIEXDCCA0SgAwIBAgIJAJ0IEx1+1dDLMA0GCSqGSIb3DQEBBQUAMHsxCzAJBgNV
+BAYTAlhYMRIwEAYDVQQIEwlVbnRydXN0ZWQxEjAQBgNVBAcTCUV2aWx2aWxsZTEU
+MBIGA1UEChMLRXZpbCBIYWNrZXIxGjAYBgNVBAsTEUF0dGFjayBEZXBhcnRtZW50
+MRIwEAYDVQQDEwlsb2NhbGhvc3QwIBcNMTYwOTEwMTY0OTMzWhgPMjA1MDEyMDEx
+NjQ5MzNaMHsxCzAJBgNVBAYTAlhYMRIwEAYDVQQIEwlVbnRydXN0ZWQxEjAQBgNV
+BAcTCUV2aWx2aWxsZTEUMBIGA1UEChMLRXZpbCBIYWNrZXIxGjAYBgNVBAsTEUF0
+dGFjayBEZXBhcnRtZW50MRIwEAYDVQQDEwlsb2NhbGhvc3QwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQCyKMLmY2mCc1A/18g+EsKNmiHysMianeGx2Zs2
+O2J3FYO//C4qkiGENjqoGmILbH12ARjZT2K30/yr9x62oxUHe27OB07uFcgAkRER
+GW2zTwl8ElrbvhXJTL8Y6WW4kKWzwT0lQR3Ag/swQmIXnAYQ1WXA/furQOGruUrw
+yBJZHUDHXTcnHpB5l/EDWKYXaIqNPAwA6ZjZ7GYFGZamrrGfdHSjCiGZON2mWSKx
+45NHWZnI1WA3uyvSjz61GNiSOwiDUWhgMqyqUzyspDEsZoJLcJ+LJxrT+/aAE6uq
+xv+ChnGRUV6OX+OIrcysmJOcyzHGYnQAIGTNc8HZRqJ6/kC9AgMBAAGjgeAwgd0w
+HQYDVR0OBBYEFLDHtNv69Ad0jKRLK15D6UxjUrOyMIGtBgNVHSMEgaUwgaKAFLDH
+tNv69Ad0jKRLK15D6UxjUrOyoX+kfTB7MQswCQYDVQQGEwJYWDESMBAGA1UECBMJ
+VW50cnVzdGVkMRIwEAYDVQQHEwlFdmlsdmlsbGUxFDASBgNVBAoTC0V2aWwgSGFj
+a2VyMRowGAYDVQQLExFBdHRhY2sgRGVwYXJ0bWVudDESMBAGA1UEAxMJbG9jYWxo
+b3N0ggkAnQgTHX7V0MswDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEA
+msrLcoUQp0RT8PkOmB580e8QxZljRJVgtHJrQszFLyPtGW9bhIBsf3M72+BjPPvx
+6QUO303y1bkcu/suG6WGa4gm59FGMOOvxSQKNC0q2SwmjDyZG3zNLvC3xE0olEte
+y3zcxoN+8kvh9QDij2g51J97yqbwZ8v9midBYZ28d7Nq+I/9w6GxfEHHvBV/ACJx
+AaoRS++oGS8DGyHoFWqoQ5f1c7vk0QhyG5a7YKT7jk30IKkwVte1pQCk8VOpF06K
+TSA/WB/OlLThcZdcQlTw3YrrvCr95oqBDV+9AFXfaJkM+h/2AENtkJvhW3Y/jw7T
+f71xbWagZXclIxthRIt+DQ==
+-----END CERTIFICATE-----

data/spec/async/io/ssl/untrusted-ca.key

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAsijC5mNpgnNQP9fIPhLCjZoh8rDImp3hsdmbNjtidxWDv/wu
+KpIhhDY6qBpiC2x9dgEY2U9it9P8q/cetqMVB3tuzgdO7hXIAJERERlts08JfBJa
+274VyUy/GOlluJCls8E9JUEdwIP7MEJiF5wGENVlwP37q0Dhq7lK8MgSWR1Ax103
+Jx6QeZfxA1imF2iKjTwMAOmY2exmBRmWpq6xn3R0owohmTjdplkiseOTR1mZyNVg
+N7sr0o8+tRjYkjsIg1FoYDKsqlM8rKQxLGaCS3Cfiyca0/v2gBOrqsb/goZxkVFe
+jl/jiK3MrJiTnMsxxmJ0ACBkzXPB2Uaiev5AvQIDAQABAoIBAG+8jthN+yt8xRT1
+cbo0q96Bj88VPwtx/846i1UNE6laTgJH2HCMrAauuEUcHufJSDqNX5dTabefdbYo
+zBOB3ruNl6YSAVfjQ0fPs+OEjj/KT0mIfYGaCzHwN14Za9nAppxBkubdmxpV7GGN
+ENZ73XYLUMEkygXTMHYyRSUUZiWK3jEuU6oPk5krzYbvf86c6BEtyMe9/T6625qM
+BPVhFD6EEyZpp1SBcwvqzHqvZ1nc0mQ7fQhstlFmiBplzHPp8woEWd6NPhduyyAb
+aTkZuy3TSOJ26FaA92wYR3KrAaQdxusNvEkRBxIVJDMRBWQawRi2v6mRKJWnrMe2
+A1InbWUCgYEA3iX8OTuf/6KsEFthAwd0Ndo8TC/q/BRnHrlUi9y9eT2jKfk4kWdh
+ge+VkdAoT1A07r8P+HOlbxTB7gBJEIzqjZ91WsG9wa5VP4N2kGDgFHRq/OgyWpDa
+P5zB3sTWQLgzKlEJM3OgvfxX7IdsE+Uh7KkkrEI4q59U7VKz2x5HvRcCgYEAzU7C
+ARAQsftN6x1wNIQs6qNBQiIU6N0plYOdVXgop3DOlZ4MZZ+iYi0zj1pS35ucmQtd
+xZBkWH83F8ME1zz5Sn2SDL3L7coBP8EFD7kqHLNzFhQuSfQ2KYf1iBhRZLduseRx
+NElB4H0UxRUHYCoPl73YFtOEsXIhoVO29vhL3UsCgYEAtxl177JuaOSqj3zR1A5T
+wYNUCbPBKe6jJBa7UeAqJ4EfOBxbfLVKEC/qBtocL2s7hcDjJ/Qh2hGw2jtP/Z04
+Qmy47IodnkLTrtrrYYsHhrSB7lxwDGeyC5Zn0PZKZeOtAGb0f30BczZHPgRMl4VX
+VdoACR832HUmKcntxmAJ3xcCgYEAgcWjiWpvMyEnClNsRjW58oJI0JWcY+jPzSsJ
+OyodgGEko5voOCAkUyxBJ/6u3ZqN7IsrtaJkWy/mUgW6PJbU+InQ1G7vxRlnmrXW
+Di87eDLRrwYIkERmK/A9ec3tPN1ZgeZky+j2VACcLUryg41yl7avLRZ8DHGY4lF5
+GDiwM2sCgYBbooN99DdxduI8ERICkqlDO0v8WM682xsX/6fljnNosyx++sH6hLuJ
+mSpNt59mIi5eOJ9eHPiB/qw+FuZevU0wQgsOgyQ6t/AtLFQLmt6HOERUkgWOGipq
+FEiawsFJfJtucyOzfhZGdjzXSzarLyHjjWpg206LiFFOP0whNnhE7g==
+-----END RSA PRIVATE KEY-----

data/spec/async/io/ssl/untrusted-cert.crt

@@ -0,0 +1,83 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            9d:08:13:1d:7e:d5:d0:cc
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=XX, ST=Untrusted, L=Evilville, O=Evil Hacker, OU=Attack Department, CN=localhost
+        Validity
+            Not Before: Sep 10 16:49:33 2016 GMT
+            Not After : Dec  1 16:49:33 2050 GMT
+        Subject: C=XX, ST=Untrusted, O=Evil Hacker, OU=Attack Department, CN=localhost
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:9b:6b:27:d0:31:39:bc:3b:57:27:70:c2:ec:78:
+                    dc:52:e9:8b:98:d9:ef:c0:8c:c6:cb:c1:8d:48:5c:
+                    6e:17:8c:8d:bd:68:be:ad:77:40:e1:d2:bb:c1:20:
+                    54:a6:7f:d5:d8:4b:5b:af:ac:a9:c7:8b:76:2b:da:
+                    31:b9:13:0f:6f:19:69:fe:1b:60:ee:59:5a:0e:cb:
+                    0b:e7:88:4e:89:1b:75:4c:0d:ef:21:c2:7a:38:bf:
+                    95:96:5b:8e:eb:90:ca:8a:2c:09:1d:4c:bd:e5:e8:
+                    4d:82:06:64:99:51:4c:2f:07:69:80:f6:87:a4:4c:
+                    74:9c:d8:92:0d:fa:8c:d2:64:95:c5:a2:b3:9d:b4:
+                    01:2d:03:68:94:3d:42:31:e0:cc:9f:0b:fe:d1:3c:
+                    79:ed:8b:96:80:32:df:f1:e1:96:e2:3a:32:94:f7:
+                    d4:05:40:5d:f7:17:b1:52:39:e6:7c:6b:92:be:30:
+                    2e:88:b8:55:d1:df:fe:45:dd:93:c6:94:47:28:57:
+                    e2:31:be:26:33:f7:e1:8a:d6:3a:a8:9d:c2:c5:5b:
+                    51:0b:c2:21:20:68:72:eb:b6:0c:b0:58:13:e8:e4:
+                    bd:1f:91:53:c8:3e:07:d4:16:37:70:f9:e1:07:d3:
+                    56:18:39:de:9d:00:e6:f8:d5:32:71:67:df:7b:dc:
+                    96:bb
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints:
+                CA:FALSE
+            Netscape Comment:
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier:
+                42:B1:92:1D:66:1A:E4:DC:49:3E:65:4B:79:3B:8C:E3:0E:96:0B:87
+            X509v3 Authority Key Identifier:
+                keyid:B0:C7:B4:DB:FA:F4:07:74:8C:A4:4B:2B:5E:43:E9:4C:63:52:B3:B2
+
+    Signature Algorithm: sha1WithRSAEncryption
+        a1:ed:c0:3f:02:4b:e4:77:2a:2c:98:b4:5f:3f:ed:a2:c8:a4:
+        91:5b:8e:7d:c2:83:3a:07:1d:e6:31:56:18:ef:bd:d8:53:ae:
+        a2:e8:b0:c3:f1:1f:43:5f:d9:23:56:10:a6:ff:df:42:b0:4f:
+        94:d5:38:28:21:b4:5e:14:f6:96:ca:89:0c:8d:11:57:1c:83:
+        1d:9b:bf:14:54:f3:50:60:f2:57:c0:41:37:47:7b:0d:46:f9:
+        21:65:65:05:12:58:34:a8:8e:38:14:8b:5a:e7:b3:c9:f4:6f:
+        3f:85:8c:3d:cd:87:d7:3e:76:e7:02:f0:11:4b:c5:af:61:e5:
+        7f:ec:1d:92:e6:70:8a:b2:1f:36:5b:25:29:bd:92:39:9a:e2:
+        d8:cf:95:f1:20:ac:68:61:fb:b2:28:3e:b4:01:52:d8:27:a6:
+        ef:81:14:27:af:8a:4f:05:fe:c8:02:86:6e:66:a3:c4:e5:c8:
+        0f:f6:91:6b:da:db:2c:f6:11:6c:bb:29:0c:e3:3d:87:b4:64:
+        ab:4a:5f:19:d3:75:11:68:ef:37:a5:f0:b2:2a:45:2e:d9:06:
+        d4:86:7e:44:56:15:53:3c:08:5e:8a:fd:be:46:e0:f4:4a:01:
+        d3:9f:bb:82:a5:ac:0d:6a:d4:b3:bc:11:eb:df:47:a2:14:5e:
+        3c:66:0f:5d
+-----BEGIN CERTIFICATE-----
+MIID4jCCAsqgAwIBAgIJAJ0IEx1+1dDMMA0GCSqGSIb3DQEBBQUAMHsxCzAJBgNV
+BAYTAlhYMRIwEAYDVQQIEwlVbnRydXN0ZWQxEjAQBgNVBAcTCUV2aWx2aWxsZTEU
+MBIGA1UEChMLRXZpbCBIYWNrZXIxGjAYBgNVBAsTEUF0dGFjayBEZXBhcnRtZW50
+MRIwEAYDVQQDEwlsb2NhbGhvc3QwIBcNMTYwOTEwMTY0OTMzWhgPMjA1MDEyMDEx
+NjQ5MzNaMGcxCzAJBgNVBAYTAlhYMRIwEAYDVQQIEwlVbnRydXN0ZWQxFDASBgNV
+BAoTC0V2aWwgSGFja2VyMRowGAYDVQQLExFBdHRhY2sgRGVwYXJ0bWVudDESMBAG
+A1UEAxMJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+m2sn0DE5vDtXJ3DC7HjcUumLmNnvwIzGy8GNSFxuF4yNvWi+rXdA4dK7wSBUpn/V
+2Etbr6ypx4t2K9oxuRMPbxlp/htg7llaDssL54hOiRt1TA3vIcJ6OL+VlluO65DK
+iiwJHUy95ehNggZkmVFMLwdpgPaHpEx0nNiSDfqM0mSVxaKznbQBLQNolD1CMeDM
+nwv+0Tx57YuWgDLf8eGW4joylPfUBUBd9xexUjnmfGuSvjAuiLhV0d/+Rd2TxpRH
+KFfiMb4mM/fhitY6qJ3CxVtRC8IhIGhy67YMsFgT6OS9H5FTyD4H1BY3cPnhB9NW
+GDnenQDm+NUycWffe9yWuwIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIB
+DQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUQrGS
+HWYa5NxJPmVLeTuM4w6WC4cwHwYDVR0jBBgwFoAUsMe02/r0B3SMpEsrXkPpTGNS
+s7IwDQYJKoZIhvcNAQEFBQADggEBAKHtwD8CS+R3KiyYtF8/7aLIpJFbjn3CgzoH
+HeYxVhjvvdhTrqLosMPxH0Nf2SNWEKb/30KwT5TVOCghtF4U9pbKiQyNEVccgx2b
+vxRU81Bg8lfAQTdHew1G+SFlZQUSWDSojjgUi1rns8n0bz+FjD3Nh9c+ducC8BFL
+xa9h5X/sHZLmcIqyHzZbJSm9kjma4tjPlfEgrGhh+7IoPrQBUtgnpu+BFCevik8F
+/sgChm5mo8TlyA/2kWva2yz2EWy7KQzjPYe0ZKtKXxnTdRFo7zel8LIqRS7ZBtSG
+fkRWFVM8CF6K/b5G4PRKAdOfu4KlrA1q1LO8EevfR6IUXjxmD10=
+-----END CERTIFICATE-----

data/spec/async/io/ssl/untrusted-cert.key

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEogIBAAKCAQEAm2sn0DE5vDtXJ3DC7HjcUumLmNnvwIzGy8GNSFxuF4yNvWi+
+rXdA4dK7wSBUpn/V2Etbr6ypx4t2K9oxuRMPbxlp/htg7llaDssL54hOiRt1TA3v
+IcJ6OL+VlluO65DKiiwJHUy95ehNggZkmVFMLwdpgPaHpEx0nNiSDfqM0mSVxaKz
+nbQBLQNolD1CMeDMnwv+0Tx57YuWgDLf8eGW4joylPfUBUBd9xexUjnmfGuSvjAu
+iLhV0d/+Rd2TxpRHKFfiMb4mM/fhitY6qJ3CxVtRC8IhIGhy67YMsFgT6OS9H5FT
+yD4H1BY3cPnhB9NWGDnenQDm+NUycWffe9yWuwIDAQABAoIBAAXqs25SoW8QF0ZS
+HamhBEpHx9++1EjRUzQonzdVBX/yAudmGHREKP0v56P3liFslniQjeIHQcNuBMaw
+nNn95sWFAysAYdVRI4OSqVZcMxk3KWUG1sbDP6HvcUNzIuLG9V8DRCmQZV5eVK0R
+jzzjAnJ75sFZIVrY6kuaVx0fH8NWr8d3NMEOivsXXfZy3QPFNrNiH46BB1dT9kMV
+2+TOvS0G59jWWy/+fhRNQNjLIXiHt5zrZRA+u/f25r0UAWff7vp5l0k3ljQOB1rx
+Gg3OfkjI3xdWwK3h3RH31rUBs/JTNhWKMbUCMTTSqWdJTrwCXAFq3jt4G92fPCI8
+HJ5Ei2ECgYEAzRAWLJUPTEc1o7uCje65MSSrRxbjtrlFXWe7in+FS+ragsAxbHZ+
+tCFRhtQyPtAWRpNZDeX9rLBki8VI8+PUsOUA6EnXdXzaCY087tJrge6LZP+zeDgk
+LWSaVlX2GZmoIJ6jBjHmPLdimpz2zRsk9Duk58pI+Z39lDnp3xF73AsCgYEAwgYy
+ubGai3uSWt/TsTjEpceoV6AFDXQqj8rIFhInjjJdCDNbLfXOEjSmV9bJJCsIBWgy
+jOvOB/gLBb4rgdWuxlfNaDnlUDNZAT2uICLji7Zfer/WbibnHGZ9OHjqwVxaofed
+1dOBiBv/NZzXDt1H4M6j+v7Nv2pTSEm7ERnrLhECgYByfFG08D+LOZJz6CMadLZF
+/o/1b40Qnd1hKaHl0A4udV8rcnvlbz6L+LIYkW2/7dMR8f/dJ5N6Dz0DX9C8AW3k
+mOXpyhgViu/8NzNWrnnBH9oJOE0NiGKCSVF1dCai4kugcpDXy5IcQdI2Of38QvRd
+utL1adVWL2O8lpzAonVBQwKBgFF7juQDXXcEj2NQqrO7toI0xlL+ZgDPb2xx6fOy
+7h++sOlXwAweNcvZhp5PGqvw0m6K4ufhw+X+2oov4k+lcL/lceM6pT44QkHOKIlg
+fZVYIuMHG8Oo3NhFhoMn7NcFtR5eQk/hgn2p3FUkqACbF6umvKEVT0z7Fzy9ki1N
+aEIxAoGAHXvJ0Sc63asb8jw9Z9mPXK3Ke2z4zgxKmx6NGIEqM771U6+RWX1lVs1V
+wrvNP3whwhc12ZSeDxiVDQsIFepsghIJOcc26muY7n9cyR8Y+DsV2OsTeeXk+AAC
+CKlz+DopSb4TNMYy3TiYTg8g7VUyrsssZ6TSYetLXJbqh/AEK78=
+-----END RSA PRIVATE KEY-----

data/spec/async/io/ssl_socket_spec.rb

@@ -0,0 +1,98 @@
+# Copyright, 2017, by Samuel G. D. Williams. <http://www.codeotaku.com>
+# 
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+# 
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+# 
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
+
+require 'async/io/ssl_socket'
+
+RSpec.describe Async::Reactor do
+	include_context Async::RSpec::Leaks
+	
+	let(:ssl_client_params) do
+		{
+			ca_file: File.expand_path(certificate_authority_key_file, __dir__)
+		}
+	end
+
+	let(:ssl_server_params) do
+		{
+			cert: OpenSSL::X509::Certificate.new(File.read(server_cert_file)),
+			key: OpenSSL::PKey::RSA.new(File.read(server_key_file))
+		}
+	end
+	
+	# Shared port for localhost network tests.
+	let(:endpoint) {Async::IO::Endpoint.tcp("localhost", 6779, reuse_port: true)}
+	let(:server_endpoint) {Async::IO::SecureEndpoint.new(endpoint, ssl_params: ssl_server_params)}
+	let(:client_endpoint) {Async::IO::SecureEndpoint.new(endpoint, ssl_params: ssl_client_params)}
+	
+	let(:data) {"The quick brown fox jumped over the lazy dog."}
+	
+	around(:each) do |example|
+		# Accept a single incoming connection and then finish.
+		subject.async do |task|
+			server_endpoint.bind do |server|
+				server.listen(10)
+				
+				server.accept do |peer, address|
+					data = peer.read(512)
+					peer.write(data)
+				end rescue nil
+			end
+		end
+		
+		result = example.run
+		
+		if result.is_a? Exception
+			result 
+		else
+			subject.run
+		end
+	end
+	
+	describe "#connect" do
+		context "with a trusted certificate" do
+			let(:certificate_authority_key_file) {File.expand_path("ssl/trusted-ca.crt", __dir__)}
+			let(:server_cert_file) {File.expand_path("ssl/trusted-cert.crt", __dir__)}
+			let(:server_key_file) {File.expand_path("ssl/trusted-cert.key", __dir__)}
+			
+			it "should start server and send data" do
+				subject.async do
+					client_endpoint.connect do |client|
+						client.write(data)
+						expect(client.read(512)).to be == data
+					end
+				end
+			end
+		end
+
+		context "with an untrusted certificate" do
+			let(:certificate_authority_key_file) {File.expand_path("ssl/trusted-ca.crt", __dir__)}
+			let(:server_cert_file) {File.expand_path("ssl/untrusted-cert.crt", __dir__)}
+			let(:server_key_file) {File.expand_path("ssl/untrusted-cert.key", __dir__)}
+			
+			it "should fail to connect" do
+				subject.async do
+					expect do
+						client_endpoint.connect
+					end.to raise_error(OpenSSL::SSL::SSLError)
+				end
+			end
+		end
+	end
+end

data/spec/async/io/tcp_socket_spec.rb

@@ -24,7 +24,7 @@ RSpec.describe Async::Reactor do
 	include_context Async::RSpec::Leaks
 	
 	# Shared port for localhost network tests.
-	let(:server_address) {Async::IO::Address.tcp("localhost", 6779)}
+	let(:server_address) {Async::IO::Address.tcp("localhost", 6788)}
 	let(:data) {"The quick brown fox jumped over the lazy dog."}
 	
 	around(:each) do |example|

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: async-io
 version: !ruby/object:Gem::Version
-  version: 1.0.0
+  version: 1.1.0
 platform: ruby
 authors:
 - Samuel Williams
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-07-30 00:00:00.000000000 Z
+date: 2018-02-01 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: async
@@ -100,6 +100,7 @@ files:
 - lib/async/io/generic.rb
 - lib/async/io/protocol/line.rb
 - lib/async/io/socket.rb
+- lib/async/io/ssl_socket.rb
 - lib/async/io/stream.rb
 - lib/async/io/tcp_socket.rb
 - lib/async/io/udp_socket.rb
@@ -112,6 +113,16 @@ files:
 - spec/async/io/generic_spec.rb
 - spec/async/io/protocol/line_spec.rb
 - spec/async/io/socket_spec.rb
+- spec/async/io/ssl/gen_certs.sh
+- spec/async/io/ssl/trusted-ca.crt
+- spec/async/io/ssl/trusted-ca.key
+- spec/async/io/ssl/trusted-cert.crt
+- spec/async/io/ssl/trusted-cert.key
+- spec/async/io/ssl/untrusted-ca.crt
+- spec/async/io/ssl/untrusted-ca.key
+- spec/async/io/ssl/untrusted-cert.crt
+- spec/async/io/ssl/untrusted-cert.key
+- spec/async/io/ssl_socket_spec.rb
 - spec/async/io/stream_spec.rb
 - spec/async/io/tcp_socket_spec.rb
 - spec/async/io/udp_socket_spec.rb
@@ -137,7 +148,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.6.10
+rubygems_version: 2.7.2
 signing_key: 
 specification_version: 4
 summary: Provides support for asynchonous TCP, UDP, UNIX and SSL sockets.
@@ -148,6 +159,16 @@ test_files:
 - spec/async/io/generic_spec.rb
 - spec/async/io/protocol/line_spec.rb
 - spec/async/io/socket_spec.rb
+- spec/async/io/ssl/gen_certs.sh
+- spec/async/io/ssl/trusted-ca.crt
+- spec/async/io/ssl/trusted-ca.key
+- spec/async/io/ssl/trusted-cert.crt
+- spec/async/io/ssl/trusted-cert.key
+- spec/async/io/ssl/untrusted-ca.crt
+- spec/async/io/ssl/untrusted-ca.key
+- spec/async/io/ssl/untrusted-cert.crt
+- spec/async/io/ssl/untrusted-cert.key
+- spec/async/io/ssl_socket_spec.rb
 - spec/async/io/stream_spec.rb
 - spec/async/io/tcp_socket_spec.rb
 - spec/async/io/udp_socket_spec.rb