jruby-openssl 0.10.0-java → 0.10.5-java

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (46) hide show
  1. checksums.yaml +4 -4
  2. data/History.md +58 -0
  3. data/Mavenfile +45 -63
  4. data/README.md +6 -9
  5. data/Rakefile +4 -0
  6. data/lib/jopenssl.jar +0 -0
  7. data/lib/jopenssl/_compat23.rb +71 -0
  8. data/lib/jopenssl/load.rb +13 -7
  9. data/lib/jopenssl/version.rb +8 -3
  10. data/lib/jopenssl19/openssl/ssl-internal.rb +104 -0
  11. data/lib/jopenssl22/openssl/ssl.rb +16 -16
  12. data/lib/jopenssl23/openssl.rb +1 -1
  13. data/lib/jopenssl23/openssl/bn.rb +2 -1
  14. data/lib/jopenssl23/openssl/buffering.rb +39 -35
  15. data/lib/jopenssl23/openssl/config.rb +65 -64
  16. data/lib/jopenssl23/openssl/digest.rb +1 -1
  17. data/lib/jopenssl23/openssl/pkey.rb +22 -34
  18. data/lib/jopenssl23/openssl/ssl.rb +205 -124
  19. data/lib/jopenssl23/openssl/x509.rb +76 -1
  20. data/lib/openssl/bn.rb +1 -3
  21. data/lib/openssl/buffering.rb +1 -3
  22. data/lib/openssl/cipher.rb +1 -3
  23. data/lib/openssl/config.rb +10 -4
  24. data/lib/openssl/digest.rb +1 -3
  25. data/lib/openssl/pkcs12.rb +1 -3
  26. data/lib/openssl/pkcs5.rb +22 -0
  27. data/lib/openssl/ssl-internal.rb +1 -3
  28. data/lib/openssl/ssl.rb +1 -3
  29. data/lib/openssl/x509-internal.rb +1 -3
  30. data/lib/openssl/x509.rb +1 -3
  31. data/lib/org/bouncycastle/bcpkix-jdk15on/1.65/bcpkix-jdk15on-1.65.jar +0 -0
  32. data/lib/org/bouncycastle/bcprov-jdk15on/1.65/bcprov-jdk15on-1.65.jar +0 -0
  33. data/lib/org/bouncycastle/bctls-jdk15on/1.65/bctls-jdk15on-1.65.jar +0 -0
  34. data/pom.xml +94 -283
  35. metadata +16 -63
  36. data/integration/1.47/pom.xml +0 -15
  37. data/integration/1.48/pom.xml +0 -15
  38. data/integration/1.49/pom.xml +0 -15
  39. data/integration/1.50/pom.xml +0 -15
  40. data/integration/Mavenfile +0 -57
  41. data/integration/pom.xml +0 -122
  42. data/lib/jopenssl24.rb +0 -112
  43. data/lib/openssl/pkcs7.rb +0 -5
  44. data/lib/org/bouncycastle/bcpkix-jdk15on/1.59/bcpkix-jdk15on-1.59.jar +0 -0
  45. data/lib/org/bouncycastle/bcprov-jdk15on/1.59/bcprov-jdk15on-1.59.jar +0 -0
  46. data/lib/org/bouncycastle/bctls-jdk15on/1.59/bctls-jdk15on-1.59.jar +0 -0
@@ -24,7 +24,7 @@ module OpenSSL
24
24
 
25
25
  end # Digest
26
26
 
27
- # Returns a Digest subclass by +name+.
27
+ # Returns a Digest subclass by _name_
28
28
  #
29
29
  # require 'openssl'
30
30
  #
@@ -1,37 +1,25 @@
1
1
  # frozen_string_literal: false
2
- module OpenSSL
3
- module PKey
4
- if defined?(OpenSSL::PKey::DH)
2
+ #--
3
+ # Ruby/OpenSSL Project
4
+ # Copyright (C) 2017 Ruby/OpenSSL Project Authors
5
+ #++
5
6
 
6
- class DH
7
- DEFAULT_512 = new <<-_end_of_pem_
8
- -----BEGIN DH PARAMETERS-----
9
- MEYCQQD0zXHljRg/mJ9PYLACLv58Cd8VxBxxY7oEuCeURMiTqEhMym16rhhKgZG2
10
- zk2O9uUIBIxSj+NKMURHGaFKyIvLAgEC
11
- -----END DH PARAMETERS-----
12
- _end_of_pem_
13
-
14
- DEFAULT_1024 = new <<-_end_of_pem_
15
- -----BEGIN DH PARAMETERS-----
16
- MIGHAoGBAJ0lOVy0VIr/JebWn0zDwY2h+rqITFOpdNr6ugsgvkDXuucdcChhYExJ
17
- AV/ZD2AWPbrTqV76mGRgJg4EddgT1zG0jq3rnFdMj2XzkBYx3BVvfR0Arnby0RHR
18
- T4h7KZ/2zmjvV+eF8kBUHBJAojUlzxKj4QeO2x20FP9X5xmNUXeDAgEC
19
- -----END DH PARAMETERS-----
20
- _end_of_pem_
21
- end
22
-
23
- DEFAULT_TMP_DH_CALLBACK = lambda { |ctx, is_export, keylen|
24
- warn "using default DH parameters." if $VERBOSE
25
- case keylen
26
- when 512 then OpenSSL::PKey::DH::DEFAULT_512
27
- when 1024 then OpenSSL::PKey::DH::DEFAULT_1024
28
- else
29
- nil
30
- end
31
- }
32
-
33
- else
34
- DEFAULT_TMP_DH_CALLBACK = nil
35
- end
7
+ module OpenSSL::PKey
8
+ if defined?(EC)
9
+ class EC::Point
10
+ # :call-seq:
11
+ # point.to_bn([conversion_form]) -> OpenSSL::BN
12
+ #
13
+ # Returns the octet string representation of the EC point as an instance of
14
+ # OpenSSL::BN.
15
+ #
16
+ # If _conversion_form_ is not given, the _point_conversion_form_ attribute
17
+ # set to the group is used.
18
+ #
19
+ # See #to_octet_string for more information.
20
+ # def to_bn(conversion_form = group.point_conversion_form)
21
+ # OpenSSL::BN.new(to_octet_string(conversion_form), 2)
22
+ # end
23
+ end
36
24
  end
37
- end
25
+ end
@@ -16,71 +16,83 @@ require "io/nonblock"
16
16
  module OpenSSL
17
17
  module SSL
18
18
  class SSLContext
19
- DEFAULT_PARAMS = {
20
- :ssl_version => "SSLv23",
21
- :verify_mode => OpenSSL::SSL::VERIFY_PEER,
22
- :ciphers => %w{
23
- ECDHE-ECDSA-AES128-GCM-SHA256
24
- ECDHE-RSA-AES128-GCM-SHA256
25
- ECDHE-ECDSA-AES256-GCM-SHA384
26
- ECDHE-RSA-AES256-GCM-SHA384
27
- DHE-RSA-AES128-GCM-SHA256
28
- DHE-DSS-AES128-GCM-SHA256
29
- DHE-RSA-AES256-GCM-SHA384
30
- DHE-DSS-AES256-GCM-SHA384
31
- ECDHE-ECDSA-AES128-SHA256
32
- ECDHE-RSA-AES128-SHA256
33
- ECDHE-ECDSA-AES128-SHA
34
- ECDHE-RSA-AES128-SHA
35
- ECDHE-ECDSA-AES256-SHA384
36
- ECDHE-RSA-AES256-SHA384
37
- ECDHE-ECDSA-AES256-SHA
38
- ECDHE-RSA-AES256-SHA
39
- DHE-RSA-AES128-SHA256
40
- DHE-RSA-AES256-SHA256
41
- DHE-RSA-AES128-SHA
42
- DHE-RSA-AES256-SHA
43
- DHE-DSS-AES128-SHA256
44
- DHE-DSS-AES256-SHA256
45
- DHE-DSS-AES128-SHA
46
- DHE-DSS-AES256-SHA
47
- AES128-GCM-SHA256
48
- AES256-GCM-SHA384
49
- AES128-SHA256
50
- AES256-SHA256
51
- AES128-SHA
52
- AES256-SHA
53
- ECDHE-ECDSA-RC4-SHA
54
- ECDHE-RSA-RC4-SHA
55
- RC4-SHA
56
- }.join(":"),
57
- :options => -> {
58
- opts = OpenSSL::SSL::OP_ALL
59
- opts &= ~OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS if defined?(OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS)
60
- opts |= OpenSSL::SSL::OP_NO_COMPRESSION if defined?(OpenSSL::SSL::OP_NO_COMPRESSION)
61
- opts |= OpenSSL::SSL::OP_NO_SSLv2 if defined?(OpenSSL::SSL::OP_NO_SSLv2)
62
- opts |= OpenSSL::SSL::OP_NO_SSLv3 if defined?(OpenSSL::SSL::OP_NO_SSLv3)
63
- opts
64
- }.call
65
- } unless const_defined? :DEFAULT_PARAMS # JRuby
19
+ unless const_defined? :DEFAULT_PARAMS # JRuby does it in Java
20
+ DEFAULT_PARAMS = { # :nodoc:
21
+ :min_version => OpenSSL::SSL::TLS1_VERSION,
22
+ :verify_mode => OpenSSL::SSL::VERIFY_PEER,
23
+ :verify_hostname => true,
24
+ :options => -> {
25
+ opts = OpenSSL::SSL::OP_ALL
26
+ opts &= ~OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS
27
+ opts |= OpenSSL::SSL::OP_NO_COMPRESSION
28
+ opts
29
+ }.call
30
+ }
31
+
32
+ if !(OpenSSL::OPENSSL_VERSION.start_with?("OpenSSL") &&
33
+ OpenSSL::OPENSSL_VERSION_NUMBER >= 0x10100000)
34
+ DEFAULT_PARAMS.merge!(
35
+ ciphers: %w{
36
+ ECDHE-ECDSA-AES128-GCM-SHA256
37
+ ECDHE-RSA-AES128-GCM-SHA256
38
+ ECDHE-ECDSA-AES256-GCM-SHA384
39
+ ECDHE-RSA-AES256-GCM-SHA384
40
+ DHE-RSA-AES128-GCM-SHA256
41
+ DHE-DSS-AES128-GCM-SHA256
42
+ DHE-RSA-AES256-GCM-SHA384
43
+ DHE-DSS-AES256-GCM-SHA384
44
+ ECDHE-ECDSA-AES128-SHA256
45
+ ECDHE-RSA-AES128-SHA256
46
+ ECDHE-ECDSA-AES128-SHA
47
+ ECDHE-RSA-AES128-SHA
48
+ ECDHE-ECDSA-AES256-SHA384
49
+ ECDHE-RSA-AES256-SHA384
50
+ ECDHE-ECDSA-AES256-SHA
51
+ ECDHE-RSA-AES256-SHA
52
+ DHE-RSA-AES128-SHA256
53
+ DHE-RSA-AES256-SHA256
54
+ DHE-RSA-AES128-SHA
55
+ DHE-RSA-AES256-SHA
56
+ DHE-DSS-AES128-SHA256
57
+ DHE-DSS-AES256-SHA256
58
+ DHE-DSS-AES128-SHA
59
+ DHE-DSS-AES256-SHA
60
+ AES128-GCM-SHA256
61
+ AES256-GCM-SHA384
62
+ AES128-SHA256
63
+ AES256-SHA256
64
+ AES128-SHA
65
+ AES256-SHA
66
+ }.join(":"),
67
+ )
68
+ end
69
+ end
70
+
71
+ if defined?(OpenSSL::PKey::DH)
72
+ DEFAULT_2048 = OpenSSL::PKey::DH.new <<-_end_of_pem_
73
+ -----BEGIN DH PARAMETERS-----
74
+ MIIBCAKCAQEA7E6kBrYiyvmKAMzQ7i8WvwVk9Y/+f8S7sCTN712KkK3cqd1jhJDY
75
+ JbrYeNV3kUIKhPxWHhObHKpD1R84UpL+s2b55+iMd6GmL7OYmNIT/FccKhTcveab
76
+ VBmZT86BZKYyf45hUF9FOuUM9xPzuK3Vd8oJQvfYMCd7LPC0taAEljQLR4Edf8E6
77
+ YoaOffgTf5qxiwkjnlVZQc3whgnEt9FpVMvQ9eknyeGB5KHfayAc3+hUAvI3/Cr3
78
+ 1bNveX5wInh5GDx1FGhKBZ+s1H+aedudCm7sCgRwv8lKWYGiHzObSma8A86KG+MD
79
+ 7Lo5JquQ3DlBodj3IDyPrxIv96lvRPFtAwIBAg==
80
+ -----END DH PARAMETERS-----
81
+ _end_of_pem_
82
+ private_constant :DEFAULT_2048
83
+
84
+ DEFAULT_TMP_DH_CALLBACK = lambda { |ctx, is_export, keylen| # :nodoc:
85
+ warn "using default DH parameters." if $VERBOSE
86
+ DEFAULT_2048
87
+ }
88
+ end
66
89
 
67
90
  begin
68
- DEFAULT_CERT_STORE = OpenSSL::X509::Store.new
91
+ DEFAULT_CERT_STORE = OpenSSL::X509::Store.new # :nodoc:
69
92
  DEFAULT_CERT_STORE.set_default_paths
70
- if defined?(OpenSSL::X509::V_FLAG_CRL_CHECK_ALL)
71
- DEFAULT_CERT_STORE.flags = OpenSSL::X509::V_FLAG_CRL_CHECK_ALL
72
- end
93
+ DEFAULT_CERT_STORE.flags = OpenSSL::X509::V_FLAG_CRL_CHECK_ALL
73
94
  end unless const_defined? :DEFAULT_CERT_STORE # JRuby
74
95
 
75
- INIT_VARS = ["cert", "key", "client_ca", "ca_file", "ca_path",
76
- "timeout", "verify_mode", "verify_depth", "renegotiation_cb",
77
- "verify_callback", "cert_store", "extra_chain_cert",
78
- "client_cert_cb", "session_id_context", "tmp_dh_callback",
79
- "session_get_cb", "session_new_cb", "session_remove_cb",
80
- "tmp_ecdh_callback", "servername_cb", "npn_protocols",
81
- "alpn_protocols", "alpn_select_cb",
82
- "npn_select_cb"].map { |x| "@#{x}" }
83
-
84
96
  # A callback invoked when DH parameters are required.
85
97
  #
86
98
  # The callback is invoked with the Session for the key exchange, an
@@ -92,45 +104,130 @@ module OpenSSL
92
104
 
93
105
  attr_accessor :tmp_dh_callback
94
106
 
95
- if ExtConfig::HAVE_TLSEXT_HOST_NAME
96
- # A callback invoked at connect time to distinguish between multiple
97
- # server names.
98
- #
99
- # The callback is invoked with an SSLSocket and a server name. The
100
- # callback must return an SSLContext for the server name or nil.
101
- attr_accessor :servername_cb
102
- end
107
+ # A callback invoked at connect time to distinguish between multiple
108
+ # server names.
109
+ #
110
+ # The callback is invoked with an SSLSocket and a server name. The
111
+ # callback must return an SSLContext for the server name or nil.
112
+ attr_accessor :servername_cb
103
113
 
104
114
  # call-seq:
105
- # SSLContext.new => ctx
106
- # SSLContext.new(:TLSv1) => ctx
107
- # SSLContext.new("SSLv23_client") => ctx
115
+ # SSLContext.new -> ctx
116
+ # SSLContext.new(:TLSv1) -> ctx
117
+ # SSLContext.new("SSLv23") -> ctx
118
+ #
119
+ # Creates a new SSL context.
108
120
  #
109
- # You can get a list of valid methods with OpenSSL::SSL::SSLContext::METHODS
110
- def initialize(version = nil)
111
- INIT_VARS.each { |v| instance_variable_set v, nil }
112
- self.options = self.options | OpenSSL::SSL::OP_ALL
113
- self.ssl_version = version if version
114
- end unless defined? JRUBY_VERSION # JRuby
121
+ # If an argument is given, #ssl_version= is called with the value. Note
122
+ # that this form is deprecated. New applications should use #min_version=
123
+ # and #max_version= as necessary.
124
+ # def initialize(version = nil)
125
+ # self.options |= OpenSSL::SSL::OP_ALL
126
+ # self.ssl_version = version if version
127
+ # end
115
128
 
116
129
  ##
117
- # Sets the parameters for this SSL context to the values in +params+.
118
- # The keys in +params+ must be assignment methods on SSLContext.
130
+ # call-seq:
131
+ # ctx.set_params(params = {}) -> params
132
+ #
133
+ # Sets saner defaults optimized for the use with HTTP-like protocols.
134
+ #
135
+ # If a Hash _params_ is given, the parameters are overridden with it.
136
+ # The keys in _params_ must be assignment methods on SSLContext.
119
137
  #
120
138
  # If the verify_mode is not VERIFY_NONE and ca_file, ca_path and
121
139
  # cert_store are not set then the system default certificate store is
122
140
  # used.
123
-
124
141
  def set_params(params={})
125
142
  params = DEFAULT_PARAMS.merge(params)
126
- params.each{|name, value| self.__send__("#{name}=", value) }
143
+ # TODO JRuby: need to support SSLContext#options (since Ruby 2.5)
144
+ #self.options = params.delete(:options) # set before min_version/max_version
145
+ params.each { |name, value| self.__send__("#{name}=", value) }
127
146
  if self.verify_mode != OpenSSL::SSL::VERIFY_NONE
128
147
  unless self.ca_file or self.ca_path or self.cert_store
129
148
  self.cert_store = DEFAULT_CERT_STORE
130
149
  end
131
150
  end
132
151
  return params
133
- end unless method_defined? :set_params # JRuby
152
+ end unless method_defined? :set_params
153
+
154
+ # call-seq:
155
+ # ctx.min_version = OpenSSL::SSL::TLS1_2_VERSION
156
+ # ctx.min_version = :TLS1_2
157
+ # ctx.min_version = nil
158
+ #
159
+ # Sets the lower bound on the supported SSL/TLS protocol version. The
160
+ # version may be specified by an integer constant named
161
+ # OpenSSL::SSL::*_VERSION, a Symbol, or +nil+ which means "any version".
162
+ #
163
+ # Be careful that you don't overwrite OpenSSL::SSL::OP_NO_{SSL,TLS}v*
164
+ # options by #options= once you have called #min_version= or
165
+ # #max_version=.
166
+ #
167
+ # === Example
168
+ # ctx = OpenSSL::SSL::SSLContext.new
169
+ # ctx.min_version = OpenSSL::SSL::TLS1_1_VERSION
170
+ # ctx.max_version = OpenSSL::SSL::TLS1_2_VERSION
171
+ #
172
+ # sock = OpenSSL::SSL::SSLSocket.new(tcp_sock, ctx)
173
+ # sock.connect # Initiates a connection using either TLS 1.1 or TLS 1.2
174
+ def min_version=(version)
175
+ set_minmax_proto_version(version, @max_proto_version ||= nil)
176
+ @min_proto_version = version
177
+ end
178
+
179
+ # call-seq:
180
+ # ctx.max_version = OpenSSL::SSL::TLS1_2_VERSION
181
+ # ctx.max_version = :TLS1_2
182
+ # ctx.max_version = nil
183
+ #
184
+ # Sets the upper bound of the supported SSL/TLS protocol version. See
185
+ # #min_version= for the possible values.
186
+ def max_version=(version)
187
+ set_minmax_proto_version(@min_proto_version ||= nil, version)
188
+ @max_proto_version = version
189
+ end
190
+
191
+ # call-seq:
192
+ # ctx.ssl_version = :TLSv1
193
+ # ctx.ssl_version = "SSLv23"
194
+ #
195
+ # Sets the SSL/TLS protocol version for the context. This forces
196
+ # connections to use only the specified protocol version. This is
197
+ # deprecated and only provided for backwards compatibility. Use
198
+ # #min_version= and #max_version= instead.
199
+ #
200
+ # === History
201
+ # As the name hints, this used to call the SSL_CTX_set_ssl_version()
202
+ # function which sets the SSL method used for connections created from
203
+ # the context. As of Ruby/OpenSSL 2.1, this accessor method is
204
+ # implemented to call #min_version= and #max_version= instead.
205
+ def ssl_version=(meth)
206
+ meth = meth.to_s if meth.is_a?(Symbol)
207
+ if /(?<type>_client|_server)\z/ =~ meth
208
+ meth = $`
209
+ if $VERBOSE
210
+ warn "#{caller(1, 1)[0]}: method type #{type.inspect} is ignored"
211
+ end
212
+ end
213
+ version = METHODS_MAP[meth.intern] or
214
+ raise ArgumentError, "unknown SSL method `%s'" % meth
215
+ set_minmax_proto_version(version, version)
216
+ @min_proto_version = @max_proto_version = version
217
+ end unless method_defined? :ssl_version=
218
+
219
+ METHODS_MAP = {
220
+ SSLv23: 0,
221
+ SSLv2: OpenSSL::SSL::SSL2_VERSION,
222
+ SSLv3: OpenSSL::SSL::SSL3_VERSION,
223
+ TLSv1: OpenSSL::SSL::TLS1_VERSION,
224
+ TLSv1_1: OpenSSL::SSL::TLS1_1_VERSION,
225
+ TLSv1_2: OpenSSL::SSL::TLS1_2_VERSION,
226
+ }.freeze
227
+ private_constant :METHODS_MAP
228
+
229
+ # METHODS setup from native (JRuby)
230
+ # deprecate_constant :METHODS
134
231
  end
135
232
 
136
233
  module SocketForwarder
@@ -246,8 +343,8 @@ module OpenSSL
246
343
  return false if domain_component.start_with?("xn--") && san_component != "*"
247
344
 
248
345
  parts[0].length + parts[1].length < domain_component.length &&
249
- domain_component.start_with?(parts[0]) &&
250
- domain_component.end_with?(parts[1])
346
+ domain_component.start_with?(parts[0]) &&
347
+ domain_component.end_with?(parts[1])
251
348
  end
252
349
  module_function :verify_wildcard
253
350
 
@@ -255,42 +352,18 @@ module OpenSSL
255
352
  include Buffering
256
353
  include SocketForwarder
257
354
 
258
- # if ExtConfig::OPENSSL_NO_SOCK
259
- # def initialize(io, ctx = nil); raise NotImplementedError; end
260
- # else
261
- # if ExtConfig::HAVE_TLSEXT_HOST_NAME
262
- # attr_accessor :hostname
263
- # end
355
+ # attr_reader :hostname
264
356
  #
265
- # attr_reader :io, :context
266
- # attr_accessor :sync_close
267
- # alias :to_io :io
357
+ # # The underlying IO object.
358
+ # attr_reader :io
359
+ # alias :to_io :io
268
360
  #
269
- # # call-seq:
270
- # # SSLSocket.new(io) => aSSLSocket
271
- # # SSLSocket.new(io, ctx) => aSSLSocket
272
- # #
273
- # # Creates a new SSL socket from +io+ which must be a real ruby object (not an
274
- # # IO-like object that responds to read/write).
275
- # #
276
- # # If +ctx+ is provided the SSL Sockets initial params will be taken from
277
- # # the context.
278
- # #
279
- # # The OpenSSL::Buffering module provides additional IO methods.
280
- # #
281
- # # This method will freeze the SSLContext if one is provided;
282
- # # however, session management is still allowed in the frozen SSLContext.
361
+ # # The SSLContext object used in this connection.
362
+ # attr_reader :context
283
363
  #
284
- # def initialize(io, context = OpenSSL::SSL::SSLContext.new)
285
- # @io = io
286
- # @context = context
287
- # @sync_close = false
288
- # @hostname = nil
289
- # @io.nonblock = true if @io.respond_to?(:nonblock=)
290
- # context.setup
291
- # super()
292
- # end
293
- # end
364
+ # # Whether to close the underlying socket as well, when the SSL/TLS
365
+ # # connection is shut down. This defaults to +false+.
366
+ # attr_accessor :sync_close
294
367
 
295
368
  # call-seq:
296
369
  # ssl.sysclose => nil
@@ -303,10 +376,12 @@ module OpenSSL
303
376
  return if closed?
304
377
  stop
305
378
  io.close if sync_close
306
- end unless method_defined? :sysclose # JRuby
379
+ end unless method_defined? :sysclose
307
380
 
308
- ##
309
- # Perform hostname verification after an SSL connection is established
381
+ # call-seq:
382
+ # ssl.post_connection_check(hostname) -> true
383
+ #
384
+ # Perform hostname verification following RFC 6125.
310
385
  #
311
386
  # This method MUST be called after calling #connect to ensure that the
312
387
  # hostname of a remote peer has been verified.
@@ -314,7 +389,8 @@ module OpenSSL
314
389
  if peer_cert.nil?
315
390
  msg = "Peer verification enabled, but no certificate received."
316
391
  if using_anon_cipher?
317
- msg += " Anonymous cipher suite #{cipher[0]} was negotiated. Anonymous suites must be disabled to use peer verification."
392
+ msg += " Anonymous cipher suite #{cipher[0]} was negotiated. " \
393
+ "Anonymous suites must be disabled to use peer verification."
318
394
  end
319
395
  raise SSLError, msg
320
396
  end
@@ -325,6 +401,11 @@ module OpenSSL
325
401
  return true
326
402
  end
327
403
 
404
+ # call-seq:
405
+ # ssl.session -> aSession
406
+ #
407
+ # Returns the SSLSession object currently used, or nil if the session is
408
+ # not established.
328
409
  def session
329
410
  SSL::Session.new(self)
330
411
  rescue SSL::Session::SessionError
@@ -344,7 +425,7 @@ module OpenSSL
344
425
  end
345
426
 
346
427
  def tmp_dh_callback
347
- @context.tmp_dh_callback || OpenSSL::PKey::DEFAULT_TMP_DH_CALLBACK
428
+ @context.tmp_dh_callback || OpenSSL::SSL::SSLContext::DEFAULT_TMP_DH_CALLBACK
348
429
  end
349
430
 
350
431
  def tmp_ecdh_callback
@@ -368,8 +449,8 @@ module OpenSSL
368
449
  attr_accessor :start_immediately
369
450
 
370
451
  # Creates a new instance of SSLServer.
371
- # * +srv+ is an instance of TCPServer.
372
- # * +ctx+ is an instance of OpenSSL::SSL::SSLContext.
452
+ # * _srv_ is an instance of TCPServer.
453
+ # * _ctx_ is an instance of OpenSSL::SSL::SSLContext.
373
454
  def initialize(svr, ctx)
374
455
  @svr = svr
375
456
  @ctx = ctx