Methods
Public Class
Public Instance
Constants
| TLS_OPTIONS | = | { alpn_protocols: %w[h2 http/1.1].freeze } |
rubocop:disable Style/MutableConstant |
Attributes
| ssl_session | [W] |
Public Class methods
new(_, _, options)
[show source]
# File lib/httpx/io/ssl.rb 19 def initialize(_, _, options) 20 super 21 22 @ssl_session = nil 23 ctx_options = TLS_OPTIONS.merge(options.ssl) 24 @sni_hostname = ctx_options.delete(:hostname) || @hostname 25 26 if @keep_open && @io.is_a?(OpenSSL::SSL::SSLSocket) 27 # externally initiated ssl socket 28 @ctx = @io.context 29 @state = :negotiated 30 else 31 @ctx = OpenSSL::SSL::SSLContext.new 32 @ctx.set_params(ctx_options) unless ctx_options.empty? 33 unless @ctx.session_cache_mode.nil? # a dummy method on JRuby 34 @ctx.session_cache_mode = 35 OpenSSL::SSL::SSLContext::SESSION_CACHE_CLIENT | OpenSSL::SSL::SSLContext::SESSION_CACHE_NO_INTERNAL_STORE 36 end 37 38 yield(self) if block_given? 39 end 40 41 @verify_hostname = @ctx.verify_hostname 42 end
Public Instance methods
can_verify_peer?()
[show source]
# File lib/httpx/io/ssl.rb 75 def can_verify_peer? 76 @ctx.verify_mode == OpenSSL::SSL::VERIFY_PEER 77 end
connect()
[show source]
# File lib/httpx/io/ssl.rb 97 def connect 98 return if @state == :negotiated 99 100 unless @state == :connected 101 super 102 return unless @state == :connected 103 end 104 105 # @type ivar @io: OpenSSL::SSL::SSLSocket 106 107 unless @io.is_a?(OpenSSL::SSL::SSLSocket) 108 if (hostname_is_ip = (@ip == @sni_hostname)) && @ctx.verify_hostname 109 # IPv6 address would be "[::1]", must turn to "0000:0000:0000:0000:0000:0000:0000:0001" for cert SAN check 110 @sni_hostname = @ip.to_string 111 # IP addresses in SNI is not valid per RFC 6066, section 3. 112 @ctx.verify_hostname = false 113 end 114 115 ssl = OpenSSL::SSL::SSLSocket.new(@io, @ctx) 116 117 ssl.hostname = @sni_hostname unless hostname_is_ip 118 ssl.session = @ssl_session unless ssl_session_expired? 119 ssl.sync_close = true 120 121 @io = ssl 122 end 123 try_ssl_connect 124 end
connected?()
[show source]
# File lib/httpx/io/ssl.rb 87 def connected? 88 @state == :negotiated 89 end
protocol()
[show source]
# File lib/httpx/io/ssl.rb 53 def protocol 54 # @type ivar @io: OpenSSL::SSL::SSLSocket 55 @io.alpn_protocol || super 56 rescue StandardError 57 super 58 end
session_new_cb(&pr)
[show source]
# File lib/httpx/io/ssl.rb 45 def session_new_cb(&pr) 46 @ctx.session_new_cb = proc { |_, sess| pr.call(sess) } 47 end
ssl_session_expired?()
[show source]
# File lib/httpx/io/ssl.rb 91 def ssl_session_expired? 92 ssl_session = @ssl_session 93 94 ssl_session.nil? || Process.clock_gettime(Process::CLOCK_REALTIME) >= (ssl_session.time.to_f + ssl_session.timeout) 95 end
try_ssl_connect()
[show source]
# File lib/httpx/io/ssl.rb 126 def try_ssl_connect 127 # @type ivar @io: OpenSSL::SSL::SSLSocket 128 ret = @io.connect_nonblock(exception: false) 129 log(level: 3, color: :cyan) { "TLS CONNECT: #{ret}..." } 130 case ret 131 when :wait_readable 132 @interests = :r 133 return 134 when :wait_writable 135 @interests = :w 136 return 137 end 138 @io.post_connection_check(@sni_hostname) if @ctx.verify_mode != OpenSSL::SSL::VERIFY_NONE && @verify_hostname 139 transition(:negotiated) 140 @interests = :w 141 end
verify_hostname(host)
[show source]
# File lib/httpx/io/ssl.rb 79 def verify_hostname(host) 80 return false if @ctx.verify_mode == OpenSSL::SSL::VERIFY_NONE 81 # @type ivar @io: OpenSSL::SSL::SSLSocket 82 return false if !@io.respond_to?(:peer_cert) || (peer_cert = @io.peer_cert).nil? 83 84 OpenSSL::SSL.verify_certificate_identity(peer_cert, host) 85 end