diff options
author | Kazuki Yamaguchi <k@rhe.jp> | 2016-07-28 22:15:26 +0900 |
---|---|---|
committer | Kazuki Yamaguchi <k@rhe.jp> | 2016-07-28 22:15:26 +0900 |
commit | bf120798efa43c9db6c68e75037fc0a0c4735703 (patch) | |
tree | d14e13da8bfae8bf7ae0249565c28175ad775abc /lib | |
parent | 1c244fa916f274b715594492a85fcfa57c987c2e (diff) | |
parent | 028e495734e9e6aa5dba1a2e130b08f66cf31a21 (diff) | |
download | ruby-openssl-bf120798efa43c9db6c68e75037fc0a0c4735703.tar.gz |
Merge branch 'topic/ssl-verify-hostname'
* topic/ssl-verify-hostname:
ssl: add verify_hostname option to SSLContext
test/test_ssl: avoid SSLContext#set_params where not required
Refactor common verify callback code
Diffstat (limited to 'lib')
-rw-r--r-- | lib/openssl/ssl.rb | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/lib/openssl/ssl.rb b/lib/openssl/ssl.rb index 9cac6925..a8059cba 100644 --- a/lib/openssl/ssl.rb +++ b/lib/openssl/ssl.rb @@ -19,6 +19,7 @@ module OpenSSL DEFAULT_PARAMS = { :ssl_version => "SSLv23", :verify_mode => OpenSSL::SSL::VERIFY_PEER, + :verify_hostname => true, :ciphers => %w{ ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 @@ -71,7 +72,7 @@ module OpenSSL "session_get_cb", "session_new_cb", "session_remove_cb", "tmp_ecdh_callback", "servername_cb", "npn_protocols", "alpn_protocols", "alpn_select_cb", - "npn_select_cb"].map { |x| "@#{x}" } + "npn_select_cb", "verify_hostname"].map { |x| "@#{x}" } # A callback invoked when DH parameters are required. # @@ -107,13 +108,17 @@ module OpenSSL end ## - # Sets the parameters for this SSL context to the values in +params+. + # call-seq: + # ctx.set_params(params = {}) -> params + # + # Sets saner defaults optimized for the use with HTTP-like protocols. + # + # If a Hash +params+ is given, the parameters are overridden with it. # The keys in +params+ must be assignment methods on SSLContext. # # If the verify_mode is not VERIFY_NONE and ca_file, ca_path and # cert_store are not set then the system default certificate store is # used. - def set_params(params={}) params = DEFAULT_PARAMS.merge(params) params.each{|name, value| self.__send__("#{name}=", value) } |