jruby-openssl 0.10.0-java → 0.10.5-java
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/History.md +58 -0
- data/Mavenfile +45 -63
- data/README.md +6 -9
- data/Rakefile +4 -0
- data/lib/jopenssl.jar +0 -0
- data/lib/jopenssl/_compat23.rb +71 -0
- data/lib/jopenssl/load.rb +13 -7
- data/lib/jopenssl/version.rb +8 -3
- data/lib/jopenssl19/openssl/ssl-internal.rb +104 -0
- data/lib/jopenssl22/openssl/ssl.rb +16 -16
- data/lib/jopenssl23/openssl.rb +1 -1
- data/lib/jopenssl23/openssl/bn.rb +2 -1
- data/lib/jopenssl23/openssl/buffering.rb +39 -35
- data/lib/jopenssl23/openssl/config.rb +65 -64
- data/lib/jopenssl23/openssl/digest.rb +1 -1
- data/lib/jopenssl23/openssl/pkey.rb +22 -34
- data/lib/jopenssl23/openssl/ssl.rb +205 -124
- data/lib/jopenssl23/openssl/x509.rb +76 -1
- data/lib/openssl/bn.rb +1 -3
- data/lib/openssl/buffering.rb +1 -3
- data/lib/openssl/cipher.rb +1 -3
- data/lib/openssl/config.rb +10 -4
- data/lib/openssl/digest.rb +1 -3
- data/lib/openssl/pkcs12.rb +1 -3
- data/lib/openssl/pkcs5.rb +22 -0
- data/lib/openssl/ssl-internal.rb +1 -3
- data/lib/openssl/ssl.rb +1 -3
- data/lib/openssl/x509-internal.rb +1 -3
- data/lib/openssl/x509.rb +1 -3
- data/lib/org/bouncycastle/bcpkix-jdk15on/1.65/bcpkix-jdk15on-1.65.jar +0 -0
- data/lib/org/bouncycastle/bcprov-jdk15on/1.65/bcprov-jdk15on-1.65.jar +0 -0
- data/lib/org/bouncycastle/bctls-jdk15on/1.65/bctls-jdk15on-1.65.jar +0 -0
- data/pom.xml +94 -283
- metadata +16 -63
- data/integration/1.47/pom.xml +0 -15
- data/integration/1.48/pom.xml +0 -15
- data/integration/1.49/pom.xml +0 -15
- data/integration/1.50/pom.xml +0 -15
- data/integration/Mavenfile +0 -57
- data/integration/pom.xml +0 -122
- data/lib/jopenssl24.rb +0 -112
- data/lib/openssl/pkcs7.rb +0 -5
- data/lib/org/bouncycastle/bcpkix-jdk15on/1.59/bcpkix-jdk15on-1.59.jar +0 -0
- data/lib/org/bouncycastle/bcprov-jdk15on/1.59/bcprov-jdk15on-1.59.jar +0 -0
- data/lib/org/bouncycastle/bctls-jdk15on/1.59/bctls-jdk15on-1.59.jar +0 -0
@@ -1,37 +1,25 @@
|
|
1
1
|
# frozen_string_literal: false
|
2
|
-
|
3
|
-
|
4
|
-
|
2
|
+
#--
|
3
|
+
# Ruby/OpenSSL Project
|
4
|
+
# Copyright (C) 2017 Ruby/OpenSSL Project Authors
|
5
|
+
#++
|
5
6
|
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
end
|
22
|
-
|
23
|
-
DEFAULT_TMP_DH_CALLBACK = lambda { |ctx, is_export, keylen|
|
24
|
-
warn "using default DH parameters." if $VERBOSE
|
25
|
-
case keylen
|
26
|
-
when 512 then OpenSSL::PKey::DH::DEFAULT_512
|
27
|
-
when 1024 then OpenSSL::PKey::DH::DEFAULT_1024
|
28
|
-
else
|
29
|
-
nil
|
30
|
-
end
|
31
|
-
}
|
32
|
-
|
33
|
-
else
|
34
|
-
DEFAULT_TMP_DH_CALLBACK = nil
|
35
|
-
end
|
7
|
+
module OpenSSL::PKey
|
8
|
+
if defined?(EC)
|
9
|
+
class EC::Point
|
10
|
+
# :call-seq:
|
11
|
+
# point.to_bn([conversion_form]) -> OpenSSL::BN
|
12
|
+
#
|
13
|
+
# Returns the octet string representation of the EC point as an instance of
|
14
|
+
# OpenSSL::BN.
|
15
|
+
#
|
16
|
+
# If _conversion_form_ is not given, the _point_conversion_form_ attribute
|
17
|
+
# set to the group is used.
|
18
|
+
#
|
19
|
+
# See #to_octet_string for more information.
|
20
|
+
# def to_bn(conversion_form = group.point_conversion_form)
|
21
|
+
# OpenSSL::BN.new(to_octet_string(conversion_form), 2)
|
22
|
+
# end
|
23
|
+
end
|
36
24
|
end
|
37
|
-
end
|
25
|
+
end
|
@@ -16,71 +16,83 @@ require "io/nonblock"
|
|
16
16
|
module OpenSSL
|
17
17
|
module SSL
|
18
18
|
class SSLContext
|
19
|
-
DEFAULT_PARAMS
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
|
41
|
-
|
42
|
-
|
43
|
-
|
44
|
-
|
45
|
-
|
46
|
-
|
47
|
-
|
48
|
-
|
49
|
-
|
50
|
-
|
51
|
-
|
52
|
-
|
53
|
-
|
54
|
-
|
55
|
-
|
56
|
-
|
57
|
-
|
58
|
-
|
59
|
-
|
60
|
-
|
61
|
-
|
62
|
-
|
63
|
-
|
64
|
-
|
65
|
-
|
19
|
+
unless const_defined? :DEFAULT_PARAMS # JRuby does it in Java
|
20
|
+
DEFAULT_PARAMS = { # :nodoc:
|
21
|
+
:min_version => OpenSSL::SSL::TLS1_VERSION,
|
22
|
+
:verify_mode => OpenSSL::SSL::VERIFY_PEER,
|
23
|
+
:verify_hostname => true,
|
24
|
+
:options => -> {
|
25
|
+
opts = OpenSSL::SSL::OP_ALL
|
26
|
+
opts &= ~OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS
|
27
|
+
opts |= OpenSSL::SSL::OP_NO_COMPRESSION
|
28
|
+
opts
|
29
|
+
}.call
|
30
|
+
}
|
31
|
+
|
32
|
+
if !(OpenSSL::OPENSSL_VERSION.start_with?("OpenSSL") &&
|
33
|
+
OpenSSL::OPENSSL_VERSION_NUMBER >= 0x10100000)
|
34
|
+
DEFAULT_PARAMS.merge!(
|
35
|
+
ciphers: %w{
|
36
|
+
ECDHE-ECDSA-AES128-GCM-SHA256
|
37
|
+
ECDHE-RSA-AES128-GCM-SHA256
|
38
|
+
ECDHE-ECDSA-AES256-GCM-SHA384
|
39
|
+
ECDHE-RSA-AES256-GCM-SHA384
|
40
|
+
DHE-RSA-AES128-GCM-SHA256
|
41
|
+
DHE-DSS-AES128-GCM-SHA256
|
42
|
+
DHE-RSA-AES256-GCM-SHA384
|
43
|
+
DHE-DSS-AES256-GCM-SHA384
|
44
|
+
ECDHE-ECDSA-AES128-SHA256
|
45
|
+
ECDHE-RSA-AES128-SHA256
|
46
|
+
ECDHE-ECDSA-AES128-SHA
|
47
|
+
ECDHE-RSA-AES128-SHA
|
48
|
+
ECDHE-ECDSA-AES256-SHA384
|
49
|
+
ECDHE-RSA-AES256-SHA384
|
50
|
+
ECDHE-ECDSA-AES256-SHA
|
51
|
+
ECDHE-RSA-AES256-SHA
|
52
|
+
DHE-RSA-AES128-SHA256
|
53
|
+
DHE-RSA-AES256-SHA256
|
54
|
+
DHE-RSA-AES128-SHA
|
55
|
+
DHE-RSA-AES256-SHA
|
56
|
+
DHE-DSS-AES128-SHA256
|
57
|
+
DHE-DSS-AES256-SHA256
|
58
|
+
DHE-DSS-AES128-SHA
|
59
|
+
DHE-DSS-AES256-SHA
|
60
|
+
AES128-GCM-SHA256
|
61
|
+
AES256-GCM-SHA384
|
62
|
+
AES128-SHA256
|
63
|
+
AES256-SHA256
|
64
|
+
AES128-SHA
|
65
|
+
AES256-SHA
|
66
|
+
}.join(":"),
|
67
|
+
)
|
68
|
+
end
|
69
|
+
end
|
70
|
+
|
71
|
+
if defined?(OpenSSL::PKey::DH)
|
72
|
+
DEFAULT_2048 = OpenSSL::PKey::DH.new <<-_end_of_pem_
|
73
|
+
-----BEGIN DH PARAMETERS-----
|
74
|
+
MIIBCAKCAQEA7E6kBrYiyvmKAMzQ7i8WvwVk9Y/+f8S7sCTN712KkK3cqd1jhJDY
|
75
|
+
JbrYeNV3kUIKhPxWHhObHKpD1R84UpL+s2b55+iMd6GmL7OYmNIT/FccKhTcveab
|
76
|
+
VBmZT86BZKYyf45hUF9FOuUM9xPzuK3Vd8oJQvfYMCd7LPC0taAEljQLR4Edf8E6
|
77
|
+
YoaOffgTf5qxiwkjnlVZQc3whgnEt9FpVMvQ9eknyeGB5KHfayAc3+hUAvI3/Cr3
|
78
|
+
1bNveX5wInh5GDx1FGhKBZ+s1H+aedudCm7sCgRwv8lKWYGiHzObSma8A86KG+MD
|
79
|
+
7Lo5JquQ3DlBodj3IDyPrxIv96lvRPFtAwIBAg==
|
80
|
+
-----END DH PARAMETERS-----
|
81
|
+
_end_of_pem_
|
82
|
+
private_constant :DEFAULT_2048
|
83
|
+
|
84
|
+
DEFAULT_TMP_DH_CALLBACK = lambda { |ctx, is_export, keylen| # :nodoc:
|
85
|
+
warn "using default DH parameters." if $VERBOSE
|
86
|
+
DEFAULT_2048
|
87
|
+
}
|
88
|
+
end
|
66
89
|
|
67
90
|
begin
|
68
|
-
DEFAULT_CERT_STORE = OpenSSL::X509::Store.new
|
91
|
+
DEFAULT_CERT_STORE = OpenSSL::X509::Store.new # :nodoc:
|
69
92
|
DEFAULT_CERT_STORE.set_default_paths
|
70
|
-
|
71
|
-
DEFAULT_CERT_STORE.flags = OpenSSL::X509::V_FLAG_CRL_CHECK_ALL
|
72
|
-
end
|
93
|
+
DEFAULT_CERT_STORE.flags = OpenSSL::X509::V_FLAG_CRL_CHECK_ALL
|
73
94
|
end unless const_defined? :DEFAULT_CERT_STORE # JRuby
|
74
95
|
|
75
|
-
INIT_VARS = ["cert", "key", "client_ca", "ca_file", "ca_path",
|
76
|
-
"timeout", "verify_mode", "verify_depth", "renegotiation_cb",
|
77
|
-
"verify_callback", "cert_store", "extra_chain_cert",
|
78
|
-
"client_cert_cb", "session_id_context", "tmp_dh_callback",
|
79
|
-
"session_get_cb", "session_new_cb", "session_remove_cb",
|
80
|
-
"tmp_ecdh_callback", "servername_cb", "npn_protocols",
|
81
|
-
"alpn_protocols", "alpn_select_cb",
|
82
|
-
"npn_select_cb"].map { |x| "@#{x}" }
|
83
|
-
|
84
96
|
# A callback invoked when DH parameters are required.
|
85
97
|
#
|
86
98
|
# The callback is invoked with the Session for the key exchange, an
|
@@ -92,45 +104,130 @@ module OpenSSL
|
|
92
104
|
|
93
105
|
attr_accessor :tmp_dh_callback
|
94
106
|
|
95
|
-
|
96
|
-
|
97
|
-
|
98
|
-
|
99
|
-
|
100
|
-
|
101
|
-
attr_accessor :servername_cb
|
102
|
-
end
|
107
|
+
# A callback invoked at connect time to distinguish between multiple
|
108
|
+
# server names.
|
109
|
+
#
|
110
|
+
# The callback is invoked with an SSLSocket and a server name. The
|
111
|
+
# callback must return an SSLContext for the server name or nil.
|
112
|
+
attr_accessor :servername_cb
|
103
113
|
|
104
114
|
# call-seq:
|
105
|
-
# SSLContext.new
|
106
|
-
# SSLContext.new(:TLSv1)
|
107
|
-
# SSLContext.new("
|
115
|
+
# SSLContext.new -> ctx
|
116
|
+
# SSLContext.new(:TLSv1) -> ctx
|
117
|
+
# SSLContext.new("SSLv23") -> ctx
|
118
|
+
#
|
119
|
+
# Creates a new SSL context.
|
108
120
|
#
|
109
|
-
#
|
110
|
-
|
111
|
-
|
112
|
-
|
113
|
-
|
114
|
-
|
121
|
+
# If an argument is given, #ssl_version= is called with the value. Note
|
122
|
+
# that this form is deprecated. New applications should use #min_version=
|
123
|
+
# and #max_version= as necessary.
|
124
|
+
# def initialize(version = nil)
|
125
|
+
# self.options |= OpenSSL::SSL::OP_ALL
|
126
|
+
# self.ssl_version = version if version
|
127
|
+
# end
|
115
128
|
|
116
129
|
##
|
117
|
-
#
|
118
|
-
#
|
130
|
+
# call-seq:
|
131
|
+
# ctx.set_params(params = {}) -> params
|
132
|
+
#
|
133
|
+
# Sets saner defaults optimized for the use with HTTP-like protocols.
|
134
|
+
#
|
135
|
+
# If a Hash _params_ is given, the parameters are overridden with it.
|
136
|
+
# The keys in _params_ must be assignment methods on SSLContext.
|
119
137
|
#
|
120
138
|
# If the verify_mode is not VERIFY_NONE and ca_file, ca_path and
|
121
139
|
# cert_store are not set then the system default certificate store is
|
122
140
|
# used.
|
123
|
-
|
124
141
|
def set_params(params={})
|
125
142
|
params = DEFAULT_PARAMS.merge(params)
|
126
|
-
|
143
|
+
# TODO JRuby: need to support SSLContext#options (since Ruby 2.5)
|
144
|
+
#self.options = params.delete(:options) # set before min_version/max_version
|
145
|
+
params.each { |name, value| self.__send__("#{name}=", value) }
|
127
146
|
if self.verify_mode != OpenSSL::SSL::VERIFY_NONE
|
128
147
|
unless self.ca_file or self.ca_path or self.cert_store
|
129
148
|
self.cert_store = DEFAULT_CERT_STORE
|
130
149
|
end
|
131
150
|
end
|
132
151
|
return params
|
133
|
-
end unless method_defined? :set_params
|
152
|
+
end unless method_defined? :set_params
|
153
|
+
|
154
|
+
# call-seq:
|
155
|
+
# ctx.min_version = OpenSSL::SSL::TLS1_2_VERSION
|
156
|
+
# ctx.min_version = :TLS1_2
|
157
|
+
# ctx.min_version = nil
|
158
|
+
#
|
159
|
+
# Sets the lower bound on the supported SSL/TLS protocol version. The
|
160
|
+
# version may be specified by an integer constant named
|
161
|
+
# OpenSSL::SSL::*_VERSION, a Symbol, or +nil+ which means "any version".
|
162
|
+
#
|
163
|
+
# Be careful that you don't overwrite OpenSSL::SSL::OP_NO_{SSL,TLS}v*
|
164
|
+
# options by #options= once you have called #min_version= or
|
165
|
+
# #max_version=.
|
166
|
+
#
|
167
|
+
# === Example
|
168
|
+
# ctx = OpenSSL::SSL::SSLContext.new
|
169
|
+
# ctx.min_version = OpenSSL::SSL::TLS1_1_VERSION
|
170
|
+
# ctx.max_version = OpenSSL::SSL::TLS1_2_VERSION
|
171
|
+
#
|
172
|
+
# sock = OpenSSL::SSL::SSLSocket.new(tcp_sock, ctx)
|
173
|
+
# sock.connect # Initiates a connection using either TLS 1.1 or TLS 1.2
|
174
|
+
def min_version=(version)
|
175
|
+
set_minmax_proto_version(version, @max_proto_version ||= nil)
|
176
|
+
@min_proto_version = version
|
177
|
+
end
|
178
|
+
|
179
|
+
# call-seq:
|
180
|
+
# ctx.max_version = OpenSSL::SSL::TLS1_2_VERSION
|
181
|
+
# ctx.max_version = :TLS1_2
|
182
|
+
# ctx.max_version = nil
|
183
|
+
#
|
184
|
+
# Sets the upper bound of the supported SSL/TLS protocol version. See
|
185
|
+
# #min_version= for the possible values.
|
186
|
+
def max_version=(version)
|
187
|
+
set_minmax_proto_version(@min_proto_version ||= nil, version)
|
188
|
+
@max_proto_version = version
|
189
|
+
end
|
190
|
+
|
191
|
+
# call-seq:
|
192
|
+
# ctx.ssl_version = :TLSv1
|
193
|
+
# ctx.ssl_version = "SSLv23"
|
194
|
+
#
|
195
|
+
# Sets the SSL/TLS protocol version for the context. This forces
|
196
|
+
# connections to use only the specified protocol version. This is
|
197
|
+
# deprecated and only provided for backwards compatibility. Use
|
198
|
+
# #min_version= and #max_version= instead.
|
199
|
+
#
|
200
|
+
# === History
|
201
|
+
# As the name hints, this used to call the SSL_CTX_set_ssl_version()
|
202
|
+
# function which sets the SSL method used for connections created from
|
203
|
+
# the context. As of Ruby/OpenSSL 2.1, this accessor method is
|
204
|
+
# implemented to call #min_version= and #max_version= instead.
|
205
|
+
def ssl_version=(meth)
|
206
|
+
meth = meth.to_s if meth.is_a?(Symbol)
|
207
|
+
if /(?<type>_client|_server)\z/ =~ meth
|
208
|
+
meth = $`
|
209
|
+
if $VERBOSE
|
210
|
+
warn "#{caller(1, 1)[0]}: method type #{type.inspect} is ignored"
|
211
|
+
end
|
212
|
+
end
|
213
|
+
version = METHODS_MAP[meth.intern] or
|
214
|
+
raise ArgumentError, "unknown SSL method `%s'" % meth
|
215
|
+
set_minmax_proto_version(version, version)
|
216
|
+
@min_proto_version = @max_proto_version = version
|
217
|
+
end unless method_defined? :ssl_version=
|
218
|
+
|
219
|
+
METHODS_MAP = {
|
220
|
+
SSLv23: 0,
|
221
|
+
SSLv2: OpenSSL::SSL::SSL2_VERSION,
|
222
|
+
SSLv3: OpenSSL::SSL::SSL3_VERSION,
|
223
|
+
TLSv1: OpenSSL::SSL::TLS1_VERSION,
|
224
|
+
TLSv1_1: OpenSSL::SSL::TLS1_1_VERSION,
|
225
|
+
TLSv1_2: OpenSSL::SSL::TLS1_2_VERSION,
|
226
|
+
}.freeze
|
227
|
+
private_constant :METHODS_MAP
|
228
|
+
|
229
|
+
# METHODS setup from native (JRuby)
|
230
|
+
# deprecate_constant :METHODS
|
134
231
|
end
|
135
232
|
|
136
233
|
module SocketForwarder
|
@@ -246,8 +343,8 @@ module OpenSSL
|
|
246
343
|
return false if domain_component.start_with?("xn--") && san_component != "*"
|
247
344
|
|
248
345
|
parts[0].length + parts[1].length < domain_component.length &&
|
249
|
-
|
250
|
-
|
346
|
+
domain_component.start_with?(parts[0]) &&
|
347
|
+
domain_component.end_with?(parts[1])
|
251
348
|
end
|
252
349
|
module_function :verify_wildcard
|
253
350
|
|
@@ -255,42 +352,18 @@ module OpenSSL
|
|
255
352
|
include Buffering
|
256
353
|
include SocketForwarder
|
257
354
|
|
258
|
-
#
|
259
|
-
# def initialize(io, ctx = nil); raise NotImplementedError; end
|
260
|
-
# else
|
261
|
-
# if ExtConfig::HAVE_TLSEXT_HOST_NAME
|
262
|
-
# attr_accessor :hostname
|
263
|
-
# end
|
355
|
+
# attr_reader :hostname
|
264
356
|
#
|
265
|
-
#
|
266
|
-
#
|
267
|
-
#
|
357
|
+
# # The underlying IO object.
|
358
|
+
# attr_reader :io
|
359
|
+
# alias :to_io :io
|
268
360
|
#
|
269
|
-
#
|
270
|
-
#
|
271
|
-
# # SSLSocket.new(io, ctx) => aSSLSocket
|
272
|
-
# #
|
273
|
-
# # Creates a new SSL socket from +io+ which must be a real ruby object (not an
|
274
|
-
# # IO-like object that responds to read/write).
|
275
|
-
# #
|
276
|
-
# # If +ctx+ is provided the SSL Sockets initial params will be taken from
|
277
|
-
# # the context.
|
278
|
-
# #
|
279
|
-
# # The OpenSSL::Buffering module provides additional IO methods.
|
280
|
-
# #
|
281
|
-
# # This method will freeze the SSLContext if one is provided;
|
282
|
-
# # however, session management is still allowed in the frozen SSLContext.
|
361
|
+
# # The SSLContext object used in this connection.
|
362
|
+
# attr_reader :context
|
283
363
|
#
|
284
|
-
#
|
285
|
-
#
|
286
|
-
#
|
287
|
-
# @sync_close = false
|
288
|
-
# @hostname = nil
|
289
|
-
# @io.nonblock = true if @io.respond_to?(:nonblock=)
|
290
|
-
# context.setup
|
291
|
-
# super()
|
292
|
-
# end
|
293
|
-
# end
|
364
|
+
# # Whether to close the underlying socket as well, when the SSL/TLS
|
365
|
+
# # connection is shut down. This defaults to +false+.
|
366
|
+
# attr_accessor :sync_close
|
294
367
|
|
295
368
|
# call-seq:
|
296
369
|
# ssl.sysclose => nil
|
@@ -303,10 +376,12 @@ module OpenSSL
|
|
303
376
|
return if closed?
|
304
377
|
stop
|
305
378
|
io.close if sync_close
|
306
|
-
end unless method_defined? :sysclose
|
379
|
+
end unless method_defined? :sysclose
|
307
380
|
|
308
|
-
|
309
|
-
#
|
381
|
+
# call-seq:
|
382
|
+
# ssl.post_connection_check(hostname) -> true
|
383
|
+
#
|
384
|
+
# Perform hostname verification following RFC 6125.
|
310
385
|
#
|
311
386
|
# This method MUST be called after calling #connect to ensure that the
|
312
387
|
# hostname of a remote peer has been verified.
|
@@ -314,7 +389,8 @@ module OpenSSL
|
|
314
389
|
if peer_cert.nil?
|
315
390
|
msg = "Peer verification enabled, but no certificate received."
|
316
391
|
if using_anon_cipher?
|
317
|
-
msg += " Anonymous cipher suite #{cipher[0]} was negotiated.
|
392
|
+
msg += " Anonymous cipher suite #{cipher[0]} was negotiated. " \
|
393
|
+
"Anonymous suites must be disabled to use peer verification."
|
318
394
|
end
|
319
395
|
raise SSLError, msg
|
320
396
|
end
|
@@ -325,6 +401,11 @@ module OpenSSL
|
|
325
401
|
return true
|
326
402
|
end
|
327
403
|
|
404
|
+
# call-seq:
|
405
|
+
# ssl.session -> aSession
|
406
|
+
#
|
407
|
+
# Returns the SSLSession object currently used, or nil if the session is
|
408
|
+
# not established.
|
328
409
|
def session
|
329
410
|
SSL::Session.new(self)
|
330
411
|
rescue SSL::Session::SessionError
|
@@ -344,7 +425,7 @@ module OpenSSL
|
|
344
425
|
end
|
345
426
|
|
346
427
|
def tmp_dh_callback
|
347
|
-
@context.tmp_dh_callback || OpenSSL::
|
428
|
+
@context.tmp_dh_callback || OpenSSL::SSL::SSLContext::DEFAULT_TMP_DH_CALLBACK
|
348
429
|
end
|
349
430
|
|
350
431
|
def tmp_ecdh_callback
|
@@ -368,8 +449,8 @@ module OpenSSL
|
|
368
449
|
attr_accessor :start_immediately
|
369
450
|
|
370
451
|
# Creates a new instance of SSLServer.
|
371
|
-
# *
|
372
|
-
# *
|
452
|
+
# * _srv_ is an instance of TCPServer.
|
453
|
+
# * _ctx_ is an instance of OpenSSL::SSL::SSLContext.
|
373
454
|
def initialize(svr, ctx)
|
374
455
|
@svr = svr
|
375
456
|
@ctx = ctx
|