ruby-tls 2.1.0 → 2.1.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +3 -3
- data/lib/ruby-tls/ssl.rb +19 -3
- data/lib/ruby-tls/version.rb +1 -1
- metadata +4 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: a60db39059fb7d735d7aa9201631628a65cf1291
|
|
4
|
+
data.tar.gz: dd41be2f38c92d9fedf92aec30620bead91c5c9d
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: f088fbbd7c397ec37dd60efd2a8722b933673b0e21a31003dc67e6f159567e964af3f0fcd568930be60da39546120de6dd8195c59ad3be7ff35f07eaf495260b
|
|
7
|
+
data.tar.gz: b9293b184946062a3eef3a778c65d269bf28cd7ead8b4e1fe8fca9bfac1aa213adef0c8e20e1d7370e7d2a5036bb54c735697066bc1da45baedf68425bbfb1bc
|
data/README.md
CHANGED
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
|
|
3
3
|
Ruby-TLS decouples the management of encrypted communications, putting you in charge of the transport layer. It can be used as an alternative to Ruby's SSLSocket.
|
|
4
4
|
|
|
5
|
-
[](https://travis-ci.org/cotag/ruby-tls)
|
|
6
6
|
|
|
7
7
|
|
|
8
8
|
## Install the gem
|
|
@@ -35,7 +35,8 @@ class transport
|
|
|
35
35
|
cert_chain: '/file/path.crt',
|
|
36
36
|
ciphers: 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES128-SHA:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!CAMELLIA:@STRENGTH' # (default)
|
|
37
37
|
# protocols: ["h2", "http/1.1"], # Can be used where OpenSSL >= 1.0.2 (Application Level Protocol negotiation)
|
|
38
|
-
# fallback: "http/1.1" # Optional fallback to a default protocol when either client or server doesn't support ALPN
|
|
38
|
+
# fallback: "http/1.1", # Optional fallback to a default protocol when either client or server doesn't support ALPN
|
|
39
|
+
# client_ca: '/file/path.pem'
|
|
39
40
|
}
|
|
40
41
|
@ssl_layer = RubyTls::SSL::Box.new(is_server, callback_obj, options)
|
|
41
42
|
end
|
|
@@ -99,4 +100,3 @@ connection.send('client request')
|
|
|
99
100
|
## License and copyright
|
|
100
101
|
|
|
101
102
|
MIT
|
|
102
|
-
|
data/lib/ruby-tls/ssl.rb
CHANGED
|
@@ -139,13 +139,15 @@ module RubyTls
|
|
|
139
139
|
SSL_CTX_ctrl(ssl_ctx, SSL_CTRL_SET_SESS_CACHE_SIZE, op, nil)
|
|
140
140
|
end
|
|
141
141
|
|
|
142
|
-
attach_function :SSL_CTX_use_PrivateKey_file, [:ssl_ctx, :string, :int], :int
|
|
142
|
+
attach_function :SSL_CTX_use_PrivateKey_file, [:ssl_ctx, :string, :int], :int, :blocking => true
|
|
143
143
|
attach_function :SSL_CTX_use_PrivateKey, [:ssl_ctx, :pointer], :int
|
|
144
144
|
attach_function :ERR_print_errors_fp, [:pointer], :void # Pointer == File Handle
|
|
145
|
-
attach_function :SSL_CTX_use_certificate_chain_file, [:ssl_ctx, :string], :int
|
|
145
|
+
attach_function :SSL_CTX_use_certificate_chain_file, [:ssl_ctx, :string], :int, :blocking => true
|
|
146
146
|
attach_function :SSL_CTX_use_certificate, [:ssl_ctx, :x509], :int
|
|
147
147
|
attach_function :SSL_CTX_set_cipher_list, [:ssl_ctx, :string], :int
|
|
148
148
|
attach_function :SSL_CTX_set_session_id_context, [:ssl_ctx, :string, :buffer_length], :int
|
|
149
|
+
attach_function :SSL_load_client_CA_file, [:string], :pointer
|
|
150
|
+
attach_function :SSL_CTX_set_client_CA_list, [:ssl_ctx, :pointer], :void
|
|
149
151
|
|
|
150
152
|
# OpenSSL before 1.0.2 do not have these methods
|
|
151
153
|
begin
|
|
@@ -286,7 +288,8 @@ keystr
|
|
|
286
288
|
SSL_FILETYPE_PEM = 1
|
|
287
289
|
|
|
288
290
|
class Context
|
|
289
|
-
|
|
291
|
+
# Based on information from https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
|
|
292
|
+
CIPHERS = 'EECDH+AESGCM:EDH+AESGCM:ECDHE-RSA-AES128-GCM-SHA256:AES256+EECDH:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4'.freeze
|
|
290
293
|
SESSION = 'ruby-tls'.freeze
|
|
291
294
|
|
|
292
295
|
|
|
@@ -321,6 +324,7 @@ keystr
|
|
|
321
324
|
if @is_server
|
|
322
325
|
set_private_key(options[:private_key] || SSL::DEFAULT_PRIVATE)
|
|
323
326
|
set_certificate(options[:cert_chain] || SSL::DEFAULT_CERT)
|
|
327
|
+
set_client_ca(options[:client_ca])
|
|
324
328
|
end
|
|
325
329
|
|
|
326
330
|
SSL.SSL_CTX_set_cipher_list(@ssl_ctx, options[:ciphers] || CIPHERS)
|
|
@@ -405,6 +409,18 @@ keystr
|
|
|
405
409
|
raise 'invalid certificate or file not found'
|
|
406
410
|
end
|
|
407
411
|
end
|
|
412
|
+
|
|
413
|
+
def set_client_ca(ca)
|
|
414
|
+
return unless ca
|
|
415
|
+
|
|
416
|
+
if File.file?(ca) && (ca_ptr = SSL.SSL_load_client_CA_file(ca))
|
|
417
|
+
# there is no error checking provided by SSL_CTX_set_client_CA_list
|
|
418
|
+
SSL.SSL_CTX_set_client_CA_list(@ssl_ctx, ca_ptr)
|
|
419
|
+
else
|
|
420
|
+
cleanup
|
|
421
|
+
raise 'invalid ca certificate or file not found'
|
|
422
|
+
end
|
|
423
|
+
end
|
|
408
424
|
end
|
|
409
425
|
|
|
410
426
|
|
data/lib/ruby-tls/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: ruby-tls
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.1.
|
|
4
|
+
version: 2.1.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Stephen von Takach
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2016-06-19 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: ffi-compiler
|
|
@@ -66,8 +66,7 @@ dependencies:
|
|
|
66
66
|
- - ">="
|
|
67
67
|
- !ruby/object:Gem::Version
|
|
68
68
|
version: '0'
|
|
69
|
-
description:
|
|
70
|
-
Allows transport layers outside Ruby TCP be secured.
|
|
69
|
+
description: " Allows transport layers outside Ruby TCP be secured.\n"
|
|
71
70
|
email:
|
|
72
71
|
- steve@cotag.me
|
|
73
72
|
executables: []
|
|
@@ -105,7 +104,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
105
104
|
version: '0'
|
|
106
105
|
requirements: []
|
|
107
106
|
rubyforge_project:
|
|
108
|
-
rubygems_version: 2.
|
|
107
|
+
rubygems_version: 2.5.1
|
|
109
108
|
signing_key:
|
|
110
109
|
specification_version: 4
|
|
111
110
|
summary: Abstract TLS for Ruby
|