jruby-openssl 0.10.0-java → 0.10.5-java
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/History.md +58 -0
- data/Mavenfile +45 -63
- data/README.md +6 -9
- data/Rakefile +4 -0
- data/lib/jopenssl.jar +0 -0
- data/lib/jopenssl/_compat23.rb +71 -0
- data/lib/jopenssl/load.rb +13 -7
- data/lib/jopenssl/version.rb +8 -3
- data/lib/jopenssl19/openssl/ssl-internal.rb +104 -0
- data/lib/jopenssl22/openssl/ssl.rb +16 -16
- data/lib/jopenssl23/openssl.rb +1 -1
- data/lib/jopenssl23/openssl/bn.rb +2 -1
- data/lib/jopenssl23/openssl/buffering.rb +39 -35
- data/lib/jopenssl23/openssl/config.rb +65 -64
- data/lib/jopenssl23/openssl/digest.rb +1 -1
- data/lib/jopenssl23/openssl/pkey.rb +22 -34
- data/lib/jopenssl23/openssl/ssl.rb +205 -124
- data/lib/jopenssl23/openssl/x509.rb +76 -1
- data/lib/openssl/bn.rb +1 -3
- data/lib/openssl/buffering.rb +1 -3
- data/lib/openssl/cipher.rb +1 -3
- data/lib/openssl/config.rb +10 -4
- data/lib/openssl/digest.rb +1 -3
- data/lib/openssl/pkcs12.rb +1 -3
- data/lib/openssl/pkcs5.rb +22 -0
- data/lib/openssl/ssl-internal.rb +1 -3
- data/lib/openssl/ssl.rb +1 -3
- data/lib/openssl/x509-internal.rb +1 -3
- data/lib/openssl/x509.rb +1 -3
- data/lib/org/bouncycastle/bcpkix-jdk15on/1.65/bcpkix-jdk15on-1.65.jar +0 -0
- data/lib/org/bouncycastle/bcprov-jdk15on/1.65/bcprov-jdk15on-1.65.jar +0 -0
- data/lib/org/bouncycastle/bctls-jdk15on/1.65/bctls-jdk15on-1.65.jar +0 -0
- data/pom.xml +94 -283
- metadata +16 -63
- data/integration/1.47/pom.xml +0 -15
- data/integration/1.48/pom.xml +0 -15
- data/integration/1.49/pom.xml +0 -15
- data/integration/1.50/pom.xml +0 -15
- data/integration/Mavenfile +0 -57
- data/integration/pom.xml +0 -122
- data/lib/jopenssl24.rb +0 -112
- data/lib/openssl/pkcs7.rb +0 -5
- data/lib/org/bouncycastle/bcpkix-jdk15on/1.59/bcpkix-jdk15on-1.59.jar +0 -0
- data/lib/org/bouncycastle/bcprov-jdk15on/1.59/bcprov-jdk15on-1.59.jar +0 -0
- data/lib/org/bouncycastle/bctls-jdk15on/1.59/bctls-jdk15on-1.59.jar +0 -0
@@ -1,37 +1,25 @@
|
|
1
1
|
# frozen_string_literal: false
|
2
|
-
|
3
|
-
|
4
|
-
|
2
|
+
#--
|
3
|
+
# Ruby/OpenSSL Project
|
4
|
+
# Copyright (C) 2017 Ruby/OpenSSL Project Authors
|
5
|
+
#++
|
5
6
|
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
end
|
22
|
-
|
23
|
-
DEFAULT_TMP_DH_CALLBACK = lambda { |ctx, is_export, keylen|
|
24
|
-
warn "using default DH parameters." if $VERBOSE
|
25
|
-
case keylen
|
26
|
-
when 512 then OpenSSL::PKey::DH::DEFAULT_512
|
27
|
-
when 1024 then OpenSSL::PKey::DH::DEFAULT_1024
|
28
|
-
else
|
29
|
-
nil
|
30
|
-
end
|
31
|
-
}
|
32
|
-
|
33
|
-
else
|
34
|
-
DEFAULT_TMP_DH_CALLBACK = nil
|
35
|
-
end
|
7
|
+
module OpenSSL::PKey
|
8
|
+
if defined?(EC)
|
9
|
+
class EC::Point
|
10
|
+
# :call-seq:
|
11
|
+
# point.to_bn([conversion_form]) -> OpenSSL::BN
|
12
|
+
#
|
13
|
+
# Returns the octet string representation of the EC point as an instance of
|
14
|
+
# OpenSSL::BN.
|
15
|
+
#
|
16
|
+
# If _conversion_form_ is not given, the _point_conversion_form_ attribute
|
17
|
+
# set to the group is used.
|
18
|
+
#
|
19
|
+
# See #to_octet_string for more information.
|
20
|
+
# def to_bn(conversion_form = group.point_conversion_form)
|
21
|
+
# OpenSSL::BN.new(to_octet_string(conversion_form), 2)
|
22
|
+
# end
|
23
|
+
end
|
36
24
|
end
|
37
|
-
end
|
25
|
+
end
|
@@ -16,71 +16,83 @@ require "io/nonblock"
|
|
16
16
|
module OpenSSL
|
17
17
|
module SSL
|
18
18
|
class SSLContext
|
19
|
-
DEFAULT_PARAMS
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
|
41
|
-
|
42
|
-
|
43
|
-
|
44
|
-
|
45
|
-
|
46
|
-
|
47
|
-
|
48
|
-
|
49
|
-
|
50
|
-
|
51
|
-
|
52
|
-
|
53
|
-
|
54
|
-
|
55
|
-
|
56
|
-
|
57
|
-
|
58
|
-
|
59
|
-
|
60
|
-
|
61
|
-
|
62
|
-
|
63
|
-
|
64
|
-
|
65
|
-
|
19
|
+
unless const_defined? :DEFAULT_PARAMS # JRuby does it in Java
|
20
|
+
DEFAULT_PARAMS = { # :nodoc:
|
21
|
+
:min_version => OpenSSL::SSL::TLS1_VERSION,
|
22
|
+
:verify_mode => OpenSSL::SSL::VERIFY_PEER,
|
23
|
+
:verify_hostname => true,
|
24
|
+
:options => -> {
|
25
|
+
opts = OpenSSL::SSL::OP_ALL
|
26
|
+
opts &= ~OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS
|
27
|
+
opts |= OpenSSL::SSL::OP_NO_COMPRESSION
|
28
|
+
opts
|
29
|
+
}.call
|
30
|
+
}
|
31
|
+
|
32
|
+
if !(OpenSSL::OPENSSL_VERSION.start_with?("OpenSSL") &&
|
33
|
+
OpenSSL::OPENSSL_VERSION_NUMBER >= 0x10100000)
|
34
|
+
DEFAULT_PARAMS.merge!(
|
35
|
+
ciphers: %w{
|
36
|
+
ECDHE-ECDSA-AES128-GCM-SHA256
|
37
|
+
ECDHE-RSA-AES128-GCM-SHA256
|
38
|
+
ECDHE-ECDSA-AES256-GCM-SHA384
|
39
|
+
ECDHE-RSA-AES256-GCM-SHA384
|
40
|
+
DHE-RSA-AES128-GCM-SHA256
|
41
|
+
DHE-DSS-AES128-GCM-SHA256
|
42
|
+
DHE-RSA-AES256-GCM-SHA384
|
43
|
+
DHE-DSS-AES256-GCM-SHA384
|
44
|
+
ECDHE-ECDSA-AES128-SHA256
|
45
|
+
ECDHE-RSA-AES128-SHA256
|
46
|
+
ECDHE-ECDSA-AES128-SHA
|
47
|
+
ECDHE-RSA-AES128-SHA
|
48
|
+
ECDHE-ECDSA-AES256-SHA384
|
49
|
+
ECDHE-RSA-AES256-SHA384
|
50
|
+
ECDHE-ECDSA-AES256-SHA
|
51
|
+
ECDHE-RSA-AES256-SHA
|
52
|
+
DHE-RSA-AES128-SHA256
|
53
|
+
DHE-RSA-AES256-SHA256
|
54
|
+
DHE-RSA-AES128-SHA
|
55
|
+
DHE-RSA-AES256-SHA
|
56
|
+
DHE-DSS-AES128-SHA256
|
57
|
+
DHE-DSS-AES256-SHA256
|
58
|
+
DHE-DSS-AES128-SHA
|
59
|
+
DHE-DSS-AES256-SHA
|
60
|
+
AES128-GCM-SHA256
|
61
|
+
AES256-GCM-SHA384
|
62
|
+
AES128-SHA256
|
63
|
+
AES256-SHA256
|
64
|
+
AES128-SHA
|
65
|
+
AES256-SHA
|
66
|
+
}.join(":"),
|
67
|
+
)
|
68
|
+
end
|
69
|
+
end
|
70
|
+
|
71
|
+
if defined?(OpenSSL::PKey::DH)
|
72
|
+
DEFAULT_2048 = OpenSSL::PKey::DH.new <<-_end_of_pem_
|
73
|
+
-----BEGIN DH PARAMETERS-----
|
74
|
+
MIIBCAKCAQEA7E6kBrYiyvmKAMzQ7i8WvwVk9Y/+f8S7sCTN712KkK3cqd1jhJDY
|
75
|
+
JbrYeNV3kUIKhPxWHhObHKpD1R84UpL+s2b55+iMd6GmL7OYmNIT/FccKhTcveab
|
76
|
+
VBmZT86BZKYyf45hUF9FOuUM9xPzuK3Vd8oJQvfYMCd7LPC0taAEljQLR4Edf8E6
|
77
|
+
YoaOffgTf5qxiwkjnlVZQc3whgnEt9FpVMvQ9eknyeGB5KHfayAc3+hUAvI3/Cr3
|
78
|
+
1bNveX5wInh5GDx1FGhKBZ+s1H+aedudCm7sCgRwv8lKWYGiHzObSma8A86KG+MD
|
79
|
+
7Lo5JquQ3DlBodj3IDyPrxIv96lvRPFtAwIBAg==
|
80
|
+
-----END DH PARAMETERS-----
|
81
|
+
_end_of_pem_
|
82
|
+
private_constant :DEFAULT_2048
|
83
|
+
|
84
|
+
DEFAULT_TMP_DH_CALLBACK = lambda { |ctx, is_export, keylen| # :nodoc:
|
85
|
+
warn "using default DH parameters." if $VERBOSE
|
86
|
+
DEFAULT_2048
|
87
|
+
}
|
88
|
+
end
|
66
89
|
|
67
90
|
begin
|
68
|
-
DEFAULT_CERT_STORE = OpenSSL::X509::Store.new
|
91
|
+
DEFAULT_CERT_STORE = OpenSSL::X509::Store.new # :nodoc:
|
69
92
|
DEFAULT_CERT_STORE.set_default_paths
|
70
|
-
|
71
|
-
DEFAULT_CERT_STORE.flags = OpenSSL::X509::V_FLAG_CRL_CHECK_ALL
|
72
|
-
end
|
93
|
+
DEFAULT_CERT_STORE.flags = OpenSSL::X509::V_FLAG_CRL_CHECK_ALL
|
73
94
|
end unless const_defined? :DEFAULT_CERT_STORE # JRuby
|
74
95
|
|
75
|
-
INIT_VARS = ["cert", "key", "client_ca", "ca_file", "ca_path",
|
76
|
-
"timeout", "verify_mode", "verify_depth", "renegotiation_cb",
|
77
|
-
"verify_callback", "cert_store", "extra_chain_cert",
|
78
|
-
"client_cert_cb", "session_id_context", "tmp_dh_callback",
|
79
|
-
"session_get_cb", "session_new_cb", "session_remove_cb",
|
80
|
-
"tmp_ecdh_callback", "servername_cb", "npn_protocols",
|
81
|
-
"alpn_protocols", "alpn_select_cb",
|
82
|
-
"npn_select_cb"].map { |x| "@#{x}" }
|
83
|
-
|
84
96
|
# A callback invoked when DH parameters are required.
|
85
97
|
#
|
86
98
|
# The callback is invoked with the Session for the key exchange, an
|
@@ -92,45 +104,130 @@ module OpenSSL
|
|
92
104
|
|
93
105
|
attr_accessor :tmp_dh_callback
|
94
106
|
|
95
|
-
|
96
|
-
|
97
|
-
|
98
|
-
|
99
|
-
|
100
|
-
|
101
|
-
attr_accessor :servername_cb
|
102
|
-
end
|
107
|
+
# A callback invoked at connect time to distinguish between multiple
|
108
|
+
# server names.
|
109
|
+
#
|
110
|
+
# The callback is invoked with an SSLSocket and a server name. The
|
111
|
+
# callback must return an SSLContext for the server name or nil.
|
112
|
+
attr_accessor :servername_cb
|
103
113
|
|
104
114
|
# call-seq:
|
105
|
-
# SSLContext.new
|
106
|
-
# SSLContext.new(:TLSv1)
|
107
|
-
# SSLContext.new("
|
115
|
+
# SSLContext.new -> ctx
|
116
|
+
# SSLContext.new(:TLSv1) -> ctx
|
117
|
+
# SSLContext.new("SSLv23") -> ctx
|
118
|
+
#
|
119
|
+
# Creates a new SSL context.
|
108
120
|
#
|
109
|
-
#
|
110
|
-
|
111
|
-
|
112
|
-
|
113
|
-
|
114
|
-
|
121
|
+
# If an argument is given, #ssl_version= is called with the value. Note
|
122
|
+
# that this form is deprecated. New applications should use #min_version=
|
123
|
+
# and #max_version= as necessary.
|
124
|
+
# def initialize(version = nil)
|
125
|
+
# self.options |= OpenSSL::SSL::OP_ALL
|
126
|
+
# self.ssl_version = version if version
|
127
|
+
# end
|
115
128
|
|
116
129
|
##
|
117
|
-
#
|
118
|
-
#
|
130
|
+
# call-seq:
|
131
|
+
# ctx.set_params(params = {}) -> params
|
132
|
+
#
|
133
|
+
# Sets saner defaults optimized for the use with HTTP-like protocols.
|
134
|
+
#
|
135
|
+
# If a Hash _params_ is given, the parameters are overridden with it.
|
136
|
+
# The keys in _params_ must be assignment methods on SSLContext.
|
119
137
|
#
|
120
138
|
# If the verify_mode is not VERIFY_NONE and ca_file, ca_path and
|
121
139
|
# cert_store are not set then the system default certificate store is
|
122
140
|
# used.
|
123
|
-
|
124
141
|
def set_params(params={})
|
125
142
|
params = DEFAULT_PARAMS.merge(params)
|
126
|
-
|
143
|
+
# TODO JRuby: need to support SSLContext#options (since Ruby 2.5)
|
144
|
+
#self.options = params.delete(:options) # set before min_version/max_version
|
145
|
+
params.each { |name, value| self.__send__("#{name}=", value) }
|
127
146
|
if self.verify_mode != OpenSSL::SSL::VERIFY_NONE
|
128
147
|
unless self.ca_file or self.ca_path or self.cert_store
|
129
148
|
self.cert_store = DEFAULT_CERT_STORE
|
130
149
|
end
|
131
150
|
end
|
132
151
|
return params
|
133
|
-
end unless method_defined? :set_params
|
152
|
+
end unless method_defined? :set_params
|
153
|
+
|
154
|
+
# call-seq:
|
155
|
+
# ctx.min_version = OpenSSL::SSL::TLS1_2_VERSION
|
156
|
+
# ctx.min_version = :TLS1_2
|
157
|
+
# ctx.min_version = nil
|
158
|
+
#
|
159
|
+
# Sets the lower bound on the supported SSL/TLS protocol version. The
|
160
|
+
# version may be specified by an integer constant named
|
161
|
+
# OpenSSL::SSL::*_VERSION, a Symbol, or +nil+ which means "any version".
|
162
|
+
#
|
163
|
+
# Be careful that you don't overwrite OpenSSL::SSL::OP_NO_{SSL,TLS}v*
|
164
|
+
# options by #options= once you have called #min_version= or
|
165
|
+
# #max_version=.
|
166
|
+
#
|
167
|
+
# === Example
|
168
|
+
# ctx = OpenSSL::SSL::SSLContext.new
|
169
|
+
# ctx.min_version = OpenSSL::SSL::TLS1_1_VERSION
|
170
|
+
# ctx.max_version = OpenSSL::SSL::TLS1_2_VERSION
|
171
|
+
#
|
172
|
+
# sock = OpenSSL::SSL::SSLSocket.new(tcp_sock, ctx)
|
173
|
+
# sock.connect # Initiates a connection using either TLS 1.1 or TLS 1.2
|
174
|
+
def min_version=(version)
|
175
|
+
set_minmax_proto_version(version, @max_proto_version ||= nil)
|
176
|
+
@min_proto_version = version
|
177
|
+
end
|
178
|
+
|
179
|
+
# call-seq:
|
180
|
+
# ctx.max_version = OpenSSL::SSL::TLS1_2_VERSION
|
181
|
+
# ctx.max_version = :TLS1_2
|
182
|
+
# ctx.max_version = nil
|
183
|
+
#
|
184
|
+
# Sets the upper bound of the supported SSL/TLS protocol version. See
|
185
|
+
# #min_version= for the possible values.
|
186
|
+
def max_version=(version)
|
187
|
+
set_minmax_proto_version(@min_proto_version ||= nil, version)
|
188
|
+
@max_proto_version = version
|
189
|
+
end
|
190
|
+
|
191
|
+
# call-seq:
|
192
|
+
# ctx.ssl_version = :TLSv1
|
193
|
+
# ctx.ssl_version = "SSLv23"
|
194
|
+
#
|
195
|
+
# Sets the SSL/TLS protocol version for the context. This forces
|
196
|
+
# connections to use only the specified protocol version. This is
|
197
|
+
# deprecated and only provided for backwards compatibility. Use
|
198
|
+
# #min_version= and #max_version= instead.
|
199
|
+
#
|
200
|
+
# === History
|
201
|
+
# As the name hints, this used to call the SSL_CTX_set_ssl_version()
|
202
|
+
# function which sets the SSL method used for connections created from
|
203
|
+
# the context. As of Ruby/OpenSSL 2.1, this accessor method is
|
204
|
+
# implemented to call #min_version= and #max_version= instead.
|
205
|
+
def ssl_version=(meth)
|
206
|
+
meth = meth.to_s if meth.is_a?(Symbol)
|
207
|
+
if /(?<type>_client|_server)\z/ =~ meth
|
208
|
+
meth = $`
|
209
|
+
if $VERBOSE
|
210
|
+
warn "#{caller(1, 1)[0]}: method type #{type.inspect} is ignored"
|
211
|
+
end
|
212
|
+
end
|
213
|
+
version = METHODS_MAP[meth.intern] or
|
214
|
+
raise ArgumentError, "unknown SSL method `%s'" % meth
|
215
|
+
set_minmax_proto_version(version, version)
|
216
|
+
@min_proto_version = @max_proto_version = version
|
217
|
+
end unless method_defined? :ssl_version=
|
218
|
+
|
219
|
+
METHODS_MAP = {
|
220
|
+
SSLv23: 0,
|
221
|
+
SSLv2: OpenSSL::SSL::SSL2_VERSION,
|
222
|
+
SSLv3: OpenSSL::SSL::SSL3_VERSION,
|
223
|
+
TLSv1: OpenSSL::SSL::TLS1_VERSION,
|
224
|
+
TLSv1_1: OpenSSL::SSL::TLS1_1_VERSION,
|
225
|
+
TLSv1_2: OpenSSL::SSL::TLS1_2_VERSION,
|
226
|
+
}.freeze
|
227
|
+
private_constant :METHODS_MAP
|
228
|
+
|
229
|
+
# METHODS setup from native (JRuby)
|
230
|
+
# deprecate_constant :METHODS
|
134
231
|
end
|
135
232
|
|
136
233
|
module SocketForwarder
|
@@ -246,8 +343,8 @@ module OpenSSL
|
|
246
343
|
return false if domain_component.start_with?("xn--") && san_component != "*"
|
247
344
|
|
248
345
|
parts[0].length + parts[1].length < domain_component.length &&
|
249
|
-
|
250
|
-
|
346
|
+
domain_component.start_with?(parts[0]) &&
|
347
|
+
domain_component.end_with?(parts[1])
|
251
348
|
end
|
252
349
|
module_function :verify_wildcard
|
253
350
|
|
@@ -255,42 +352,18 @@ module OpenSSL
|
|
255
352
|
include Buffering
|
256
353
|
include SocketForwarder
|
257
354
|
|
258
|
-
#
|
259
|
-
# def initialize(io, ctx = nil); raise NotImplementedError; end
|
260
|
-
# else
|
261
|
-
# if ExtConfig::HAVE_TLSEXT_HOST_NAME
|
262
|
-
# attr_accessor :hostname
|
263
|
-
# end
|
355
|
+
# attr_reader :hostname
|
264
356
|
#
|
265
|
-
#
|
266
|
-
#
|
267
|
-
#
|
357
|
+
# # The underlying IO object.
|
358
|
+
# attr_reader :io
|
359
|
+
# alias :to_io :io
|
268
360
|
#
|
269
|
-
#
|
270
|
-
#
|
271
|
-
# # SSLSocket.new(io, ctx) => aSSLSocket
|
272
|
-
# #
|
273
|
-
# # Creates a new SSL socket from +io+ which must be a real ruby object (not an
|
274
|
-
# # IO-like object that responds to read/write).
|
275
|
-
# #
|
276
|
-
# # If +ctx+ is provided the SSL Sockets initial params will be taken from
|
277
|
-
# # the context.
|
278
|
-
# #
|
279
|
-
# # The OpenSSL::Buffering module provides additional IO methods.
|
280
|
-
# #
|
281
|
-
# # This method will freeze the SSLContext if one is provided;
|
282
|
-
# # however, session management is still allowed in the frozen SSLContext.
|
361
|
+
# # The SSLContext object used in this connection.
|
362
|
+
# attr_reader :context
|
283
363
|
#
|
284
|
-
#
|
285
|
-
#
|
286
|
-
#
|
287
|
-
# @sync_close = false
|
288
|
-
# @hostname = nil
|
289
|
-
# @io.nonblock = true if @io.respond_to?(:nonblock=)
|
290
|
-
# context.setup
|
291
|
-
# super()
|
292
|
-
# end
|
293
|
-
# end
|
364
|
+
# # Whether to close the underlying socket as well, when the SSL/TLS
|
365
|
+
# # connection is shut down. This defaults to +false+.
|
366
|
+
# attr_accessor :sync_close
|
294
367
|
|
295
368
|
# call-seq:
|
296
369
|
# ssl.sysclose => nil
|
@@ -303,10 +376,12 @@ module OpenSSL
|
|
303
376
|
return if closed?
|
304
377
|
stop
|
305
378
|
io.close if sync_close
|
306
|
-
end unless method_defined? :sysclose
|
379
|
+
end unless method_defined? :sysclose
|
307
380
|
|
308
|
-
|
309
|
-
#
|
381
|
+
# call-seq:
|
382
|
+
# ssl.post_connection_check(hostname) -> true
|
383
|
+
#
|
384
|
+
# Perform hostname verification following RFC 6125.
|
310
385
|
#
|
311
386
|
# This method MUST be called after calling #connect to ensure that the
|
312
387
|
# hostname of a remote peer has been verified.
|
@@ -314,7 +389,8 @@ module OpenSSL
|
|
314
389
|
if peer_cert.nil?
|
315
390
|
msg = "Peer verification enabled, but no certificate received."
|
316
391
|
if using_anon_cipher?
|
317
|
-
msg += " Anonymous cipher suite #{cipher[0]} was negotiated.
|
392
|
+
msg += " Anonymous cipher suite #{cipher[0]} was negotiated. " \
|
393
|
+
"Anonymous suites must be disabled to use peer verification."
|
318
394
|
end
|
319
395
|
raise SSLError, msg
|
320
396
|
end
|
@@ -325,6 +401,11 @@ module OpenSSL
|
|
325
401
|
return true
|
326
402
|
end
|
327
403
|
|
404
|
+
# call-seq:
|
405
|
+
# ssl.session -> aSession
|
406
|
+
#
|
407
|
+
# Returns the SSLSession object currently used, or nil if the session is
|
408
|
+
# not established.
|
328
409
|
def session
|
329
410
|
SSL::Session.new(self)
|
330
411
|
rescue SSL::Session::SessionError
|
@@ -344,7 +425,7 @@ module OpenSSL
|
|
344
425
|
end
|
345
426
|
|
346
427
|
def tmp_dh_callback
|
347
|
-
@context.tmp_dh_callback || OpenSSL::
|
428
|
+
@context.tmp_dh_callback || OpenSSL::SSL::SSLContext::DEFAULT_TMP_DH_CALLBACK
|
348
429
|
end
|
349
430
|
|
350
431
|
def tmp_ecdh_callback
|
@@ -368,8 +449,8 @@ module OpenSSL
|
|
368
449
|
attr_accessor :start_immediately
|
369
450
|
|
370
451
|
# Creates a new instance of SSLServer.
|
371
|
-
# *
|
372
|
-
# *
|
452
|
+
# * _srv_ is an instance of TCPServer.
|
453
|
+
# * _ctx_ is an instance of OpenSSL::SSL::SSLContext.
|
373
454
|
def initialize(svr, ctx)
|
374
455
|
@svr = svr
|
375
456
|
@ctx = ctx
|