ruby-tls 2.1.0 → 2.1.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +3 -3
- data/lib/ruby-tls/ssl.rb +19 -3
- data/lib/ruby-tls/version.rb +1 -1
- metadata +4 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: a60db39059fb7d735d7aa9201631628a65cf1291
|
|
4
|
+
data.tar.gz: dd41be2f38c92d9fedf92aec30620bead91c5c9d
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: f088fbbd7c397ec37dd60efd2a8722b933673b0e21a31003dc67e6f159567e964af3f0fcd568930be60da39546120de6dd8195c59ad3be7ff35f07eaf495260b
|
|
7
|
+
data.tar.gz: b9293b184946062a3eef3a778c65d269bf28cd7ead8b4e1fe8fca9bfac1aa213adef0c8e20e1d7370e7d2a5036bb54c735697066bc1da45baedf68425bbfb1bc
|
data/README.md
CHANGED
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
|
|
3
3
|
Ruby-TLS decouples the management of encrypted communications, putting you in charge of the transport layer. It can be used as an alternative to Ruby's SSLSocket.
|
|
4
4
|
|
|
5
|
-
[](https://travis-ci.org/cotag/ruby-tls)
|
|
6
6
|
|
|
7
7
|
|
|
8
8
|
## Install the gem
|
|
@@ -35,7 +35,8 @@ class transport
|
|
|
35
35
|
cert_chain: '/file/path.crt',
|
|
36
36
|
ciphers: 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES128-SHA:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!CAMELLIA:@STRENGTH' # (default)
|
|
37
37
|
# protocols: ["h2", "http/1.1"], # Can be used where OpenSSL >= 1.0.2 (Application Level Protocol negotiation)
|
|
38
|
-
# fallback: "http/1.1" # Optional fallback to a default protocol when either client or server doesn't support ALPN
|
|
38
|
+
# fallback: "http/1.1", # Optional fallback to a default protocol when either client or server doesn't support ALPN
|
|
39
|
+
# client_ca: '/file/path.pem'
|
|
39
40
|
}
|
|
40
41
|
@ssl_layer = RubyTls::SSL::Box.new(is_server, callback_obj, options)
|
|
41
42
|
end
|
|
@@ -99,4 +100,3 @@ connection.send('client request')
|
|
|
99
100
|
## License and copyright
|
|
100
101
|
|
|
101
102
|
MIT
|
|
102
|
-
|
data/lib/ruby-tls/ssl.rb
CHANGED
|
@@ -139,13 +139,15 @@ module RubyTls
|
|
|
139
139
|
SSL_CTX_ctrl(ssl_ctx, SSL_CTRL_SET_SESS_CACHE_SIZE, op, nil)
|
|
140
140
|
end
|
|
141
141
|
|
|
142
|
-
attach_function :SSL_CTX_use_PrivateKey_file, [:ssl_ctx, :string, :int], :int
|
|
142
|
+
attach_function :SSL_CTX_use_PrivateKey_file, [:ssl_ctx, :string, :int], :int, :blocking => true
|
|
143
143
|
attach_function :SSL_CTX_use_PrivateKey, [:ssl_ctx, :pointer], :int
|
|
144
144
|
attach_function :ERR_print_errors_fp, [:pointer], :void # Pointer == File Handle
|
|
145
|
-
attach_function :SSL_CTX_use_certificate_chain_file, [:ssl_ctx, :string], :int
|
|
145
|
+
attach_function :SSL_CTX_use_certificate_chain_file, [:ssl_ctx, :string], :int, :blocking => true
|
|
146
146
|
attach_function :SSL_CTX_use_certificate, [:ssl_ctx, :x509], :int
|
|
147
147
|
attach_function :SSL_CTX_set_cipher_list, [:ssl_ctx, :string], :int
|
|
148
148
|
attach_function :SSL_CTX_set_session_id_context, [:ssl_ctx, :string, :buffer_length], :int
|
|
149
|
+
attach_function :SSL_load_client_CA_file, [:string], :pointer
|
|
150
|
+
attach_function :SSL_CTX_set_client_CA_list, [:ssl_ctx, :pointer], :void
|
|
149
151
|
|
|
150
152
|
# OpenSSL before 1.0.2 do not have these methods
|
|
151
153
|
begin
|
|
@@ -286,7 +288,8 @@ keystr
|
|
|
286
288
|
SSL_FILETYPE_PEM = 1
|
|
287
289
|
|
|
288
290
|
class Context
|
|
289
|
-
|
|
291
|
+
# Based on information from https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
|
|
292
|
+
CIPHERS = 'EECDH+AESGCM:EDH+AESGCM:ECDHE-RSA-AES128-GCM-SHA256:AES256+EECDH:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4'.freeze
|
|
290
293
|
SESSION = 'ruby-tls'.freeze
|
|
291
294
|
|
|
292
295
|
|
|
@@ -321,6 +324,7 @@ keystr
|
|
|
321
324
|
if @is_server
|
|
322
325
|
set_private_key(options[:private_key] || SSL::DEFAULT_PRIVATE)
|
|
323
326
|
set_certificate(options[:cert_chain] || SSL::DEFAULT_CERT)
|
|
327
|
+
set_client_ca(options[:client_ca])
|
|
324
328
|
end
|
|
325
329
|
|
|
326
330
|
SSL.SSL_CTX_set_cipher_list(@ssl_ctx, options[:ciphers] || CIPHERS)
|
|
@@ -405,6 +409,18 @@ keystr
|
|
|
405
409
|
raise 'invalid certificate or file not found'
|
|
406
410
|
end
|
|
407
411
|
end
|
|
412
|
+
|
|
413
|
+
def set_client_ca(ca)
|
|
414
|
+
return unless ca
|
|
415
|
+
|
|
416
|
+
if File.file?(ca) && (ca_ptr = SSL.SSL_load_client_CA_file(ca))
|
|
417
|
+
# there is no error checking provided by SSL_CTX_set_client_CA_list
|
|
418
|
+
SSL.SSL_CTX_set_client_CA_list(@ssl_ctx, ca_ptr)
|
|
419
|
+
else
|
|
420
|
+
cleanup
|
|
421
|
+
raise 'invalid ca certificate or file not found'
|
|
422
|
+
end
|
|
423
|
+
end
|
|
408
424
|
end
|
|
409
425
|
|
|
410
426
|
|
data/lib/ruby-tls/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: ruby-tls
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.1.
|
|
4
|
+
version: 2.1.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Stephen von Takach
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2016-06-19 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: ffi-compiler
|
|
@@ -66,8 +66,7 @@ dependencies:
|
|
|
66
66
|
- - ">="
|
|
67
67
|
- !ruby/object:Gem::Version
|
|
68
68
|
version: '0'
|
|
69
|
-
description:
|
|
70
|
-
Allows transport layers outside Ruby TCP be secured.
|
|
69
|
+
description: " Allows transport layers outside Ruby TCP be secured.\n"
|
|
71
70
|
email:
|
|
72
71
|
- steve@cotag.me
|
|
73
72
|
executables: []
|
|
@@ -105,7 +104,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
105
104
|
version: '0'
|
|
106
105
|
requirements: []
|
|
107
106
|
rubyforge_project:
|
|
108
|
-
rubygems_version: 2.
|
|
107
|
+
rubygems_version: 2.5.1
|
|
109
108
|
signing_key:
|
|
110
109
|
specification_version: 4
|
|
111
110
|
summary: Abstract TLS for Ruby
|