class HTTPX::SSL

  1. lib/httpx/io/ssl.rb
  2. lib/httpx/plugins/proxy/ssh.rb
  3. show all
Superclass: TCP

Constants

TLS_OPTIONS = { alpn_protocols: %w[h2 http/1.1].freeze }  

rubocop:disable Style/MutableConstant

Attributes

ssl_session [W]

Public Class methods

new(_, _, options)
[show source] 
   # File lib/httpx/io/ssl.rb
19 def initialize(_, _, options)
20   super
21 
22   @ssl_session = nil
23   ctx_options = TLS_OPTIONS.merge(options.ssl)
24   @sni_hostname = ctx_options.delete(:hostname) || @hostname
25 
26   if @keep_open && @io.is_a?(OpenSSL::SSL::SSLSocket)
27     # externally initiated ssl socket
28     @ctx = @io.context
29     @state = :negotiated
30   else
31     @ctx = OpenSSL::SSL::SSLContext.new
32     @ctx.set_params(ctx_options) unless ctx_options.empty?
33     unless @ctx.session_cache_mode.nil? # a dummy method on JRuby
34       @ctx.session_cache_mode =
35         OpenSSL::SSL::SSLContext::SESSION_CACHE_CLIENT | OpenSSL::SSL::SSLContext::SESSION_CACHE_NO_INTERNAL_STORE
36     end
37 
38     yield(self) if block_given?
39   end
40 
41   @verify_hostname = @ctx.verify_hostname
42 end

Public Instance methods

can_verify_peer?()
[show source] 
   # File lib/httpx/io/ssl.rb
73 def can_verify_peer?
74   @ctx.verify_mode == OpenSSL::SSL::VERIFY_PEER
75 end
connect()
[show source] 
    # File lib/httpx/io/ssl.rb
 92 def connect
 93   return if @state == :negotiated
 94 
 95   unless @state == :connected
 96     super
 97     return unless @state == :connected
 98   end
 99 
100   unless @io.is_a?(OpenSSL::SSL::SSLSocket)
101     if (hostname_is_ip = (@ip == @sni_hostname))
102       # IPv6 address would be "[::1]", must turn to "0000:0000:0000:0000:0000:0000:0000:0001" for cert SAN check
103       @sni_hostname = @ip.to_string
104       # IP addresses in SNI is not valid per RFC 6066, section 3.
105       @ctx.verify_hostname = false
106     end
107 
108     @io = OpenSSL::SSL::SSLSocket.new(@io, @ctx)
109 
110     @io.hostname = @sni_hostname unless hostname_is_ip
111     @io.session = @ssl_session unless ssl_session_expired?
112     @io.sync_close = true
113   end
114   try_ssl_connect
115 end
connected?()
[show source] 
   # File lib/httpx/io/ssl.rb
84 def connected?
85   @state == :negotiated
86 end
protocol()
[show source] 
   # File lib/httpx/io/ssl.rb
53 def protocol
54   @io.alpn_protocol || super
55 rescue StandardError
56   super
57 end
session_new_cb(&pr)
[show source] 
   # File lib/httpx/io/ssl.rb
45 def session_new_cb(&pr)
46   @ctx.session_new_cb = proc { |_, sess| pr.call(sess) }
47 end
ssl_session_expired?()
[show source] 
   # File lib/httpx/io/ssl.rb
88 def ssl_session_expired?
89   @ssl_session.nil? || Process.clock_gettime(Process::CLOCK_REALTIME) >= (@ssl_session.time.to_f + @ssl_session.timeout)
90 end
try_ssl_connect()
[show source] 
    # File lib/httpx/io/ssl.rb
117 def try_ssl_connect
118   ret = @io.connect_nonblock(exception: false)
119   log(level: 3, color: :cyan) { "TLS CONNECT: #{ret}..." }
120   case ret
121   when :wait_readable
122     @interests = :r
123     return
124   when :wait_writable
125     @interests = :w
126     return
127   end
128   @io.post_connection_check(@sni_hostname) if @ctx.verify_mode != OpenSSL::SSL::VERIFY_NONE && @verify_hostname
129   transition(:negotiated)
130   @interests = :w
131 end
verify_hostname(host)
[show source] 
   # File lib/httpx/io/ssl.rb
77 def verify_hostname(host)
78   return false if @ctx.verify_mode == OpenSSL::SSL::VERIFY_NONE
79   return false if !@io.respond_to?(:peer_cert) || @io.peer_cert.nil?
80 
81   OpenSSL::SSL.verify_certificate_identity(@io.peer_cert, host)
82 end