* lib/net/https.rb: revised. (tested on Ruby-1.8.0-previre3)

* lib/net/protocols.rb: ditto

3 files changed, 61 insertions, 48 deletions

diff --git a/ChangeLog b/ChangeLog
index 00cf2f2..4bd78f9 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+Wed, 02 Jul 2003 02:34:21 +0900 -- GOTOU Yuuzou <gotoyuzo@notwork.org>
+	* lib/net/https.rb: revised. (tested on Ruby-1.8.0-previre3)
+	* lib/net/protocols.rb: ditto
+
 Tue, 02 Jul 2003 00:37:58 +0900 -- NAKAMURA, Hiroshi <nahi@ruby-lang.org>
 	* examples/c_rehash.rb: c_rehash written in pure ruby.
 
diff --git a/lib/net/https.rb b/lib/net/https.rb
index aa81ea9..01a8bbc 100644
--- a/lib/net/https.rb
+++ b/lib/net/https.rb
@@ -3,7 +3,7 @@
 
 = Info
   'OpenSSL for Ruby 2' project
-  Copyright (C) 2001 GOTOU YUUZOU <gotoyuzo@notwork.org>
+  Copyright (C) 2001 GOTOU Yuuzou <gotoyuzo@notwork.org>
   All rights reserved.
 
 = Licence
@@ -74,10 +74,6 @@ It can be replaced by follow one:
 : cert_file=((|path|))
     Sets pathname of a X.509 certification file in PEM format.
 
-: ca_cert=((|cert|))
-    Sets an OpenSSL::X509::Certificate object as specific CA certifacate.
-    (This method is appeared in Michal Rokos's OpenSSL extention.)
-
 : ca_file=((|path|))
     Sets path of a CA certification file in PEM format.
     The file can contrain several CA certificats.
@@ -89,12 +85,17 @@ It can be replaced by follow one:
 : verify_mode=((|mode|))
     Sets the flags for server the certification verification at
     begining of SSL/TLS session.
+    OpenSSL::SSL::VERIFY_NONE or OpenSSL::SSL::VERIFY_PEER is acceptable.
 
 : verify_callback=((|proc|))
     Sets the verify callback for the server certification verification.
 
 : verify_depth=((|num|))
     Sets the maximum depth for the certificate chain verification.
+
+: cert_store=((|store|))
+    Sets the X509::Store to verify peer certificate.
+
 =end
 
 require 'net/protocols'
@@ -102,7 +103,9 @@ require 'net/http'
 
 module Net
   class HTTP
-    protocol_param :socket_type, ::Net::NetPrivate::SSLSocket
+    def self.socket_type
+      SSLIO
+    end
 
     attr_accessor :use_ssl
     attr_writer :key, :cert, :key_file, :cert_file
@@ -110,7 +113,7 @@ module Net
     attr_writer :verify_mode, :verify_callback, :verify_depth
     attr_reader :peer_cert
 
-    class Conn < ::Net::NetPrivate::HTTPRequest
+    class Conn < HTTPRequest
       REQUEST_HAS_BODY=false
       RESPONSE_HAS_BODY=false
       METHOD="connect"
@@ -130,6 +133,24 @@ module Net
       end
     end
 
+    module ProxyMod
+      def edit_path( path )
+        if use_ssl
+          'https://' + addr_port + path
+        else
+          'http://' + addr_port + path
+        end
+      end
+    end
+
+    alias :default_initialize :initialize
+
+    def initialize(*args)
+      default_initialize(*args)
+      @key = @cert = @ca_file = @ca_path = @verify_mode =
+      @verify_callback = @verify_depth = @timeout = @cert_store = nil
+    end
+
     def on_connect
       if use_ssl
         if proxy?
@@ -140,27 +161,16 @@ module Net
           end
         end
         @socket.key             = @key       if @key
-        @socket.key_file        = @key_file  if @key_file
         @socket.cert            = @cert      if @cert
-        @socket.cert_file       = @cert_file if @cert_file
         @socket.ca_file         = @ca_file
         @socket.ca_path         = @ca_path
         @socket.verify_mode     = @verify_mode
         @socket.verify_callback = @verify_callback
         @socket.verify_depth    = @verify_depth
         @socket.timeout         = @timeout
+        @socket.cert_store      = @cert_store
         @socket.ssl_connect
-        @peer_cert = socket.peer_cert
-      end
-    end
-
-    module ProxyMod
-      def edit_path( path )
-        if use_ssl
-          'https://' + addr_port + path
-        else
-          'http://' + addr_port + path
-        end
+        @peer_cert = @socket.peer_cert
       end
     end
 
diff --git a/lib/net/protocols.rb b/lib/net/protocols.rb
index ddd12f6..5897716 100644
--- a/lib/net/protocols.rb
+++ b/lib/net/protocols.rb
@@ -25,34 +25,33 @@ require 'forwardable'
 require 'openssl'
 
 module Net
-  module NetPrivate
-
-    class SSLSocket < Socket
-      extend Forwardable
-
-      def_delegators(:@ssl_context,
-                     :key=, :cert=, :key_file=, :cert_file=,
-                     :ca_file=, :ca_path=,
-                     :verify_mode=, :verify_callback=, :verify_depth=,
-                     :timeout=)
-
-      def initialize(addr, port, otime = nil, rtime = nil, pipe = nil)
-        super
-        @ssl_context = OpenSSL::SSL::SSLContext.new()
-      end
-
-      def ssl_connect()
-        @raw_socket = @socket
-        @socket = OpenSSL::SSL::SSLSocket.new(@raw_socket, @ssl_context)
-        @socket.connect
-      end
-
-      def close
-        super
-        @raw_socket.close if @raw_socket
-      end
-
-      def peer_cert; @socket.peer_cert; end
+  class SSLIO < InternetMessageIO
+    extend Forwardable
+
+    def_delegators(:@ssl_context,
+                   :key=, :cert=, :key_file=, :cert_file=,
+                   :ca_file=, :ca_path=,
+                   :verify_mode=, :verify_callback=, :verify_depth=,
+                   :timeout=, :cert_store=)
+
+    def initialize(addr, port, otime = nil, rtime = nil, dout = nil)
+      super
+      @ssl_context = OpenSSL::SSL::SSLContext.new()
+    end
+
+    def ssl_connect()
+      @raw_socket = @socket
+      @socket = OpenSSL::SSL::SSLSocket.new(@raw_socket, @ssl_context)
+      @socket.connect
+    end
+
+    def close
+      super
+      @raw_socket.close if @raw_socket
+    end
+
+    def peer_cert
+      @socket.peer_cert
     end
   end
 end