diff options
author | gotoyuzo <gotoyuzo@ruby-lang.org> | 2007-12-22 08:31:53 +0000 |
---|---|---|
committer | gotoyuzo <gotoyuzo@ruby-lang.org> | 2007-12-22 08:31:53 +0000 |
commit | ce5c01d4ad2ce0a364a429a610b33d2060cb16cc (patch) | |
tree | fe08c424c94ca5711dc93d2d6aafab6bd842aa73 /lib | |
parent | efc89a252fbdb6a1e632bded43c582646e16a5ae (diff) | |
download | ruby-openssl-history-ce5c01d4ad2ce0a364a429a610b33d2060cb16cc.tar.gz |
* ext/openssl/lib/net/ssl.rb (OpenSSL::SSL::SSLContext.build): removed.
* ext/openssl/lib/net/ssl.rb (OpenSSL::SSL::SSLContext#set_params):
new method to set suitable SSL parameters.
* lib/net/pop.rb, lib/net/http.rb, lib/net/imap.rb,
test/openssl/test_ssl.rb: follow above change.
* test/net/http/test_https.rb: refine error case.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@14479 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'lib')
-rw-r--r-- | lib/openssl/ssl.rb | 42 |
1 files changed, 20 insertions, 22 deletions
diff --git a/lib/openssl/ssl.rb b/lib/openssl/ssl.rb index 7172680..948c55f 100644 --- a/lib/openssl/ssl.rb +++ b/lib/openssl/ssl.rb @@ -21,30 +21,28 @@ require "fcntl" module OpenSSL module SSL class SSLContext - class <<self - def build(params={}) - default_params = { - :ssl_version => "SSLv23", - :verify_mode => OpenSSL::SSL::VERIFY_PEER, - :ciphers => "ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW", - :options => OpenSSL::SSL::OP_ALL, - } - params = default_params.merge(params) - ctx = new() - params.each{|name, value| ctx.__send__("#{name}=", value) } - ctx.verify_mode ||= OpenSSL::SSL::VERIFY_NONE - if ctx.verify_mode != OpenSSL::SSL::VERIFY_NONE - unless ctx.ca_file or ctx.ca_path or - ctx.cert_store or ctx.verify_callback - ctx.cert_store = OpenSSL::X509::Store.new - if defined?(OpenSSL::X509::V_FLAG_CRL_CHECK_ALL) - ctx.cert_store.flags = OpenSSL::X509::V_FLAG_CRL_CHECK_ALL - end - ctx.cert_store.set_default_paths - end + DEFAULT_PARAMS = { + :ssl_version => "SSLv23", + :verify_mode => OpenSSL::SSL::VERIFY_PEER, + :ciphers => "ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW", + :options => OpenSSL::SSL::OP_ALL, + } + + DEFAULT_CERT_STORE = OpenSSL::X509::Store.new + DEFAULT_CERT_STORE.set_default_paths + if defined?(OpenSSL::X509::V_FLAG_CRL_CHECK_ALL) + DEFAULT_CERT_STORE.flags = OpenSSL::X509::V_FLAG_CRL_CHECK_ALL + end + + def set_params(params={}) + params = DEFAULT_PARAMS.merge(params) + params.each{|name, value| self.__send__("#{name}=", value) } + if self.verify_mode != OpenSSL::SSL::VERIFY_NONE + unless self.ca_file or self.ca_path or self.cert_store + self.cert_store = DEFAULT_CERT_STORE end - return ctx end + return params end end |