diff options
Diffstat (limited to 'OpenSSL')
| -rw-r--r-- | OpenSSL/Cipher.html | 157 | ||||
| -rw-r--r-- | OpenSSL/Digest.html | 14 | ||||
| -rw-r--r-- | OpenSSL/HMAC.html | 38 | ||||
| -rw-r--r-- | OpenSSL/HMACError.html | 40 | ||||
| -rw-r--r-- | OpenSSL/PKey.html | 26 | ||||
| -rw-r--r-- | OpenSSL/PKey/DH.html | 102 | ||||
| -rw-r--r-- | OpenSSL/PKey/DSA.html | 76 | ||||
| -rw-r--r-- | OpenSSL/PKey/EC.html | 42 | ||||
| -rw-r--r-- | OpenSSL/PKey/EC/Group.html | 151 | ||||
| -rw-r--r-- | OpenSSL/PKey/RSA.html | 92 | ||||
| -rw-r--r-- | OpenSSL/Random.html | 27 | ||||
| -rw-r--r-- | OpenSSL/SSL.html | 2 | ||||
| -rw-r--r-- | OpenSSL/SSL/SSLContext.html | 221 | ||||
| -rw-r--r-- | OpenSSL/SSL/SSLServer.html | 12 | ||||
| -rw-r--r-- | OpenSSL/SSL/SSLSocket.html | 68 | ||||
| -rw-r--r-- | OpenSSL/SSL/Session.html | 39 | ||||
| -rw-r--r-- | OpenSSL/SSL/SocketForwarder.html | 14 | ||||
| -rw-r--r-- | OpenSSL/X509/Store.html | 146 | ||||
| -rw-r--r-- | OpenSSL/X509/StoreContext.html | 632 |
19 files changed, 1430 insertions, 469 deletions
diff --git a/OpenSSL/Cipher.html b/OpenSSL/Cipher.html index b7eb30c3..563e39db 100644 --- a/OpenSSL/Cipher.html +++ b/OpenSSL/Cipher.html @@ -97,6 +97,8 @@ <li ><a href="#method-i-authenticated-3F">#authenticated?</a> + <li ><a href="#method-i-block_size">#block_size</a> + <li ><a href="#method-i-decrypt">#decrypt</a> <li ><a href="#method-i-encrypt">#encrypt</a> @@ -111,6 +113,8 @@ <li ><a href="#method-i-key-3D">#key=</a> + <li ><a href="#method-i-key_len">#key_len</a> + <li ><a href="#method-i-key_len-3D">#key_len=</a> <li ><a href="#method-i-name">#name</a> @@ -738,6 +742,48 @@ ossl_cipher_is_authenticated(VALUE self) </div> + <div id="method-i-block_size" class="method-detail "> + + + <div class="method-heading"> + <span class="method-callseq"> + block_size → integer + </span> + + <span class="method-click-advice">click to toggle source</span> + + </div> + + + + <div class="method-description"> + + <p>Returns the size in bytes of the blocks on which this <a +href="Cipher/Cipher.html">Cipher</a> operates on.</p> + + + + + <div class="method-source-code" id="block_size-source"> + <pre>static VALUE +ossl_cipher_block_size(VALUE self) +{ + EVP_CIPHER_CTX *ctx; + + GetCipher(self, ctx); + + return INT2NUM(EVP_CIPHER_CTX_block_size(ctx)); +}</pre> + </div> + + </div> + + + + + </div> + + <div id="method-i-decrypt" class="method-detail "> @@ -759,7 +805,7 @@ ossl_cipher_is_authenticated(VALUE self) <p>Make sure to call <a href="Cipher.html#method-i-encrypt">#encrypt</a> or <a href="Cipher.html#method-i-decrypt">#decrypt</a> before using any of the following methods:</p> -<ul><li><dl class="rdoc-list label-list"><dt>key=, iv=, <a href="Cipher.html#method-i-random_key">#random_key</a>, <a href="Cipher.html#method-i-random_iv">#random_iv</a>, <a href="Cipher.html#method-i-pkcs5_keyivgen">#pkcs5_keyivgen</a> +<ul><li><dl class="rdoc-list label-list"><dt><a href="Cipher.html#method-i-key-3D">key=</a>, <a href="Cipher.html#method-i-iv-3D">iv=</a>, <a href="Cipher.html#method-i-random_key">random_key</a>, <a href="Cipher.html#method-i-random_iv">random_iv</a>, <a href="Cipher.html#method-i-pkcs5_keyivgen">pkcs5_keyivgen</a> <dd></dd></dl> </li></ul> @@ -805,7 +851,7 @@ ossl_cipher_decrypt(int argc, VALUE *argv, VALUE self) <p>Make sure to call <a href="Cipher.html#method-i-encrypt">#encrypt</a> or <a href="Cipher.html#method-i-decrypt">#decrypt</a> before using any of the following methods:</p> -<ul><li><dl class="rdoc-list label-list"><dt>key=, iv=, <a href="Cipher.html#method-i-random_key">#random_key</a>, <a href="Cipher.html#method-i-random_iv">#random_iv</a>, <a href="Cipher.html#method-i-pkcs5_keyivgen">#pkcs5_keyivgen</a> +<ul><li><dl class="rdoc-list label-list"><dt><a href="Cipher.html#method-i-key-3D">key=</a>, <a href="Cipher.html#method-i-iv-3D">iv=</a>, <a href="Cipher.html#method-i-random_key">random_key</a>, <a href="Cipher.html#method-i-random_iv">random_iv</a>, <a href="Cipher.html#method-i-pkcs5_keyivgen">pkcs5_keyivgen</a> <dd></dd></dl> </li></ul> @@ -1119,6 +1165,48 @@ ossl_cipher_set_key(VALUE self, VALUE key) </div> + <div id="method-i-key_len" class="method-detail "> + + + <div class="method-heading"> + <span class="method-callseq"> + key_len → integer + </span> + + <span class="method-click-advice">click to toggle source</span> + + </div> + + + + <div class="method-description"> + + <p>Returns the key length in bytes of the <a +href="Cipher/Cipher.html">Cipher</a>.</p> + + + + + <div class="method-source-code" id="key_len-source"> + <pre>static VALUE +ossl_cipher_key_length(VALUE self) +{ + EVP_CIPHER_CTX *ctx; + + GetCipher(self, ctx); + + return INT2NUM(EVP_CIPHER_CTX_key_length(ctx)); +}</pre> + </div> + + </div> + + + + + </div> + + <div id="method-i-key_len-3D" class="method-detail "> @@ -1266,7 +1354,7 @@ ossl_cipher_set_padding(VALUE self, VALUE padding) <div class="method-heading"> <span class="method-callseq"> - pkcs5_keyivgen(pass [, salt [, iterations [, digest]]] ) → nil + pkcs5_keyivgen(pass, salt = nil, iterations = 2048, digest = "MD5") → nil </span> <span class="method-click-advice">click to toggle source</span> @@ -1279,20 +1367,23 @@ ossl_cipher_set_padding(VALUE self, VALUE padding) <p>Generates and sets the key/IV based on a password.</p> -<p>WARNING: This method is only <a href="PKCS5.html">PKCS5</a> v1.5 compliant -when using RC2, RC4-40, or DES with MD5 or SHA1. Using anything else (like -AES) will generate the key/iv using an <a -href="../OpenSSL.html">OpenSSL</a> specific method. This method is -deprecated and should no longer be used. Use a <a +<p><strong>WARNING</strong>: This method is only <a +href="PKCS5.html">PKCS5</a> v1.5 compliant when using RC2, RC4-40, or DES +with MD5 or SHA1. Using anything else (like AES) will generate the key/iv +using an <a href="../OpenSSL.html">OpenSSL</a> specific method. This method +is deprecated and should no longer be used. Use a <a href="PKCS5.html">PKCS5</a> v2 key generation method from <a href="PKCS5.html">OpenSSL::PKCS5</a> instead.</p> <h3 id="method-i-pkcs5_keyivgen-label-Parameters">Parameters<span><a href="#method-i-pkcs5_keyivgen-label-Parameters">¶</a> <a href="#top">↑</a></span></h3> - -<p><code>salt</code> must be an 8 byte string if provided. -<code>iterations</code> is a integer with a default of 2048. -<code>digest</code> is a <a href="Digest.html">Digest</a> object that +<ul><li> +<p><code>salt</code> must be an 8 byte string if provided.</p> +</li><li> +<p><code>iterations</code> is a integer with a default of 2048.</p> +</li><li> +<p><code>digest</code> is a <a href="Digest.html">Digest</a> object that defaults to 'MD5'</p> +</li></ul> <p>A minimum of 1000 iterations is recommended.</p> @@ -1341,29 +1432,35 @@ ossl_cipher_pkcs5_keyivgen(int argc, VALUE *argv, VALUE self) <div id="method-i-random_iv" class="method-detail "> + <div class="method-heading"> - <span class="method-name">random_iv</span><span - class="method-args">()</span> + <span class="method-callseq"> + random_iv → iv + </span> <span class="method-click-advice">click to toggle source</span> </div> + <div class="method-description"> - <p>Generate, set, and return a random iv. You must call cipher.encrypt or -cipher.decrypt before calling this method.</p> + <p>Generate a random IV with <a +href="Random.html#method-c-random_bytes">OpenSSL::Random.random_bytes</a> +and sets it to the cipher, and returns it.</p> + +<p>You must call <a href="Cipher.html#method-i-encrypt">encrypt</a> or <a +href="Cipher.html#method-i-decrypt">decrypt</a> before calling this method.</p> <div class="method-source-code" id="random_iv-source"> - <pre><span class="ruby-comment"># File lib/openssl/cipher.rb, line 46</span> + <pre><span class="ruby-comment"># File lib/openssl/cipher.rb, line 55</span> <span class="ruby-keyword">def</span> <span class="ruby-identifier">random_iv</span> <span class="ruby-identifier">str</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">Random</span>.<span class="ruby-identifier">random_bytes</span>(<span class="ruby-keyword">self</span>.<span class="ruby-identifier">iv_len</span>) <span class="ruby-keyword">self</span>.<span class="ruby-identifier">iv</span> = <span class="ruby-identifier">str</span> - <span class="ruby-keyword">return</span> <span class="ruby-identifier">str</span> <span class="ruby-keyword">end</span></pre> </div> @@ -1377,29 +1474,35 @@ cipher.decrypt before calling this method.</p> <div id="method-i-random_key" class="method-detail "> + <div class="method-heading"> - <span class="method-name">random_key</span><span - class="method-args">()</span> + <span class="method-callseq"> + random_key → key + </span> <span class="method-click-advice">click to toggle source</span> </div> + <div class="method-description"> - <p>Generate, set, and return a random key. You must call cipher.encrypt or -cipher.decrypt before calling this method.</p> + <p>Generate a random key with <a +href="Random.html#method-c-random_bytes">OpenSSL::Random.random_bytes</a> +and sets it to the cipher, and returns it.</p> + +<p>You must call <a href="Cipher.html#method-i-encrypt">encrypt</a> or <a +href="Cipher.html#method-i-decrypt">decrypt</a> before calling this method.</p> <div class="method-source-code" id="random_key-source"> - <pre><span class="ruby-comment"># File lib/openssl/cipher.rb, line 38</span> + <pre><span class="ruby-comment"># File lib/openssl/cipher.rb, line 43</span> <span class="ruby-keyword">def</span> <span class="ruby-identifier">random_key</span> <span class="ruby-identifier">str</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">Random</span>.<span class="ruby-identifier">random_bytes</span>(<span class="ruby-keyword">self</span>.<span class="ruby-identifier">key_len</span>) <span class="ruby-keyword">self</span>.<span class="ruby-identifier">key</span> = <span class="ruby-identifier">str</span> - <span class="ruby-keyword">return</span> <span class="ruby-identifier">str</span> <span class="ruby-keyword">end</span></pre> </div> @@ -1481,10 +1584,8 @@ encrypted data chunk. When done, the output of <a href="Cipher.html#method-i-final">#final</a> should be additionally added to the result.</p> -<h3 id="method-i-update-label-Parameters">Parameters<span><a href="#method-i-update-label-Parameters">¶</a> <a href="#top">↑</a></span></h3> - -<p><code>data</code> is a nonempty string. <code>buffer</code> is an optional -string to store the result.</p> +<p>If <code>buffer</code> is given, the encryption/decryption result will be +written to it. <code>buffer</code> will be resized automatically.</p> diff --git a/OpenSSL/Digest.html b/OpenSSL/Digest.html index ea47511d..3de314e7 100644 --- a/OpenSSL/Digest.html +++ b/OpenSSL/Digest.html @@ -361,9 +361,10 @@ short name of a supported digest algorithm.</p> <p>Creates a <a href="Digest.html">Digest</a> instance based on <code>string</code>, which is either the ln (long name) or sn (short name) -of a supported digest algorithm. If <code>data</code> (a -<code>String</code>) is given, it is used as the initial input to the <a -href="Digest.html">Digest</a> instance, i.e.</p> +of a supported digest algorithm.</p> + +<p>If <code>data</code> (a <code>String</code>) is given, it is used as the +initial input to the <a href="Digest.html">Digest</a> instance, i.e.</p> <pre class="ruby"><span class="ruby-identifier">digest</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">Digest</span>.<span class="ruby-identifier">new</span>(<span class="ruby-string">'sha256'</span>, <span class="ruby-string">'digestdata'</span>) </pre> @@ -373,11 +374,6 @@ href="Digest.html">Digest</a> instance, i.e.</p> <pre class="ruby"><span class="ruby-identifier">digest</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">Digest</span>.<span class="ruby-identifier">new</span>(<span class="ruby-string">'sha256'</span>) <span class="ruby-identifier">digest</span>.<span class="ruby-identifier">update</span>(<span class="ruby-string">'digestdata'</span>) </pre> - -<h3 id="method-c-new-label-Example">Example<span><a href="#method-c-new-label-Example">¶</a> <a href="#top">↑</a></span></h3> - -<pre class="ruby"><span class="ruby-identifier">digest</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">Digest</span>.<span class="ruby-identifier">new</span>(<span class="ruby-string">'sha1'</span>) -</pre> @@ -562,7 +558,7 @@ ossl_digest_size(VALUE self) <div class="method-description"> - <p>Returns the sn of this <a href="Digest.html">Digest</a> instance.</p> + <p>Returns the sn of this <a href="Digest.html">Digest</a> algorithm.</p> <h3 id="method-i-name-label-Example">Example<span><a href="#method-i-name-label-Example">¶</a> <a href="#top">↑</a></span></h3> diff --git a/OpenSSL/HMAC.html b/OpenSSL/HMAC.html index 99f1b861..8aa8fa8f 100644 --- a/OpenSSL/HMAC.html +++ b/OpenSSL/HMAC.html @@ -51,6 +51,15 @@ </div> +<div class="nav-section"> + <h3>Table of Contents</h3> + + <ul class="link-list" role="directory"> + <li><a href="#class-OpenSSL::HMAC-label-HMAC-SHA256+using+one-shot+interface">HMAC-SHA256 using one-shot interface</a> + <li><a href="#class-OpenSSL::HMAC-label-HMAC-SHA256+using+incremental+interface">HMAC-SHA256 using incremental interface</a> + </ul> +</div> + <div id="class-metadata"> @@ -103,6 +112,35 @@ <section class="description"> +<p><a href="HMAC.html">OpenSSL::HMAC</a> allows computing Hash-based Message +Authentication Code (HMAC). It is a type of message authentication code +(MAC) involving a hash function in combination with a key. <a +href="HMAC.html">HMAC</a> can be used to verify the integrity of a message +as well as the authenticity.</p> + +<p><a href="HMAC.html">OpenSSL::HMAC</a> has a similar interface to <a +href="Digest.html">OpenSSL::Digest</a>.</p> + +<h3 id="class-OpenSSL::HMAC-label-HMAC-SHA256+using+one-shot+interface">HMAC-SHA256 using one-shot interface<span><a href="#class-OpenSSL::HMAC-label-HMAC-SHA256+using+one-shot+interface">¶</a> <a href="#top">↑</a></span></h3> + +<pre class="ruby"><span class="ruby-identifier">key</span> = <span class="ruby-string">"key"</span> +<span class="ruby-identifier">data</span> = <span class="ruby-string">"message-to-be-authenticated"</span> +<span class="ruby-identifier">mac</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">HMAC</span>.<span class="ruby-identifier">hexdigest</span>(<span class="ruby-string">"SHA256"</span>, <span class="ruby-identifier">key</span>, <span class="ruby-identifier">data</span>) +<span class="ruby-comment">#=> "cddb0db23f469c8bf072b21fd837149bd6ace9ab771cceef14c9e517cc93282e"</span> +</pre> + +<h3 id="class-OpenSSL::HMAC-label-HMAC-SHA256+using+incremental+interface">HMAC-SHA256 using incremental interface<span><a href="#class-OpenSSL::HMAC-label-HMAC-SHA256+using+incremental+interface">¶</a> <a href="#top">↑</a></span></h3> + +<pre class="ruby"><span class="ruby-identifier">data1</span> = <span class="ruby-constant">File</span>.<span class="ruby-identifier">read</span>(<span class="ruby-string">"file1"</span>) +<span class="ruby-identifier">data2</span> = <span class="ruby-constant">File</span>.<span class="ruby-identifier">read</span>(<span class="ruby-string">"file2"</span>) +<span class="ruby-identifier">key</span> = <span class="ruby-string">"key"</span> +<span class="ruby-identifier">digest</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">Digest</span><span class="ruby-operator">::</span><span class="ruby-constant">SHA256</span>.<span class="ruby-identifier">new</span> +<span class="ruby-identifier">hmac</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">HMAC</span>.<span class="ruby-identifier">new</span>(<span class="ruby-identifier">key</span>, <span class="ruby-identifier">digest</span>) +<span class="ruby-identifier">hmac</span> <span class="ruby-operator"><<</span> <span class="ruby-identifier">data1</span> +<span class="ruby-identifier">hmac</span> <span class="ruby-operator"><<</span> <span class="ruby-identifier">data2</span> +<span class="ruby-identifier">mac</span> = <span class="ruby-identifier">hmac</span>.<span class="ruby-identifier">digest</span> +</pre> + </section> diff --git a/OpenSSL/HMACError.html b/OpenSSL/HMACError.html index 11e6e783..935c69f4 100644 --- a/OpenSSL/HMACError.html +++ b/OpenSSL/HMACError.html @@ -51,6 +51,15 @@ </div> +<div class="nav-section"> + <h3>Table of Contents</h3> + + <ul class="link-list" role="directory"> + <li><a href="#class-OpenSSL::HMACError-label-HMAC-SHA256+using+one-shot+interface">HMAC-SHA256 using one-shot interface</a> + <li><a href="#class-OpenSSL::HMACError-label-HMAC-SHA256+using+incremental+interface">HMAC-SHA256 using incremental interface</a> + </ul> +</div> + <div id="class-metadata"> @@ -75,6 +84,37 @@ <section class="description"> +<p>Document-class: <a href="HMAC.html">OpenSSL::HMAC</a></p> + +<p><a href="HMAC.html">OpenSSL::HMAC</a> allows computing Hash-based Message +Authentication Code (HMAC). It is a type of message authentication code +(MAC) involving a hash function in combination with a key. <a +href="HMAC.html">HMAC</a> can be used to verify the integrity of a message +as well as the authenticity.</p> + +<p><a href="HMAC.html">OpenSSL::HMAC</a> has a similar interface to <a +href="Digest.html">OpenSSL::Digest</a>.</p> + +<h3 id="class-OpenSSL::HMACError-label-HMAC-SHA256+using+one-shot+interface">HMAC-SHA256 using one-shot interface<span><a href="#class-OpenSSL::HMACError-label-HMAC-SHA256+using+one-shot+interface">¶</a> <a href="#top">↑</a></span></h3> + +<pre class="ruby"><span class="ruby-identifier">key</span> = <span class="ruby-string">"key"</span> +<span class="ruby-identifier">data</span> = <span class="ruby-string">"message-to-be-authenticated"</span> +<span class="ruby-identifier">mac</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">HMAC</span>.<span class="ruby-identifier">hexdigest</span>(<span class="ruby-string">"SHA256"</span>, <span class="ruby-identifier">key</span>, <span class="ruby-identifier">data</span>) +<span class="ruby-comment">#=> "cddb0db23f469c8bf072b21fd837149bd6ace9ab771cceef14c9e517cc93282e"</span> +</pre> + +<h3 id="class-OpenSSL::HMACError-label-HMAC-SHA256+using+incremental+interface">HMAC-SHA256 using incremental interface<span><a href="#class-OpenSSL::HMACError-label-HMAC-SHA256+using+incremental+interface">¶</a> <a href="#top">↑</a></span></h3> + +<pre class="ruby"><span class="ruby-identifier">data1</span> = <span class="ruby-constant">File</span>.<span class="ruby-identifier">read</span>(<span class="ruby-string">"file1"</span>) +<span class="ruby-identifier">data2</span> = <span class="ruby-constant">File</span>.<span class="ruby-identifier">read</span>(<span class="ruby-string">"file2"</span>) +<span class="ruby-identifier">key</span> = <span class="ruby-string">"key"</span> +<span class="ruby-identifier">digest</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">Digest</span><span class="ruby-operator">::</span><span class="ruby-constant">SHA256</span>.<span class="ruby-identifier">new</span> +<span class="ruby-identifier">hmac</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">HMAC</span>.<span class="ruby-identifier">new</span>(<span class="ruby-identifier">key</span>, <span class="ruby-identifier">digest</span>) +<span class="ruby-identifier">hmac</span> <span class="ruby-operator"><<</span> <span class="ruby-identifier">data1</span> +<span class="ruby-identifier">hmac</span> <span class="ruby-operator"><<</span> <span class="ruby-identifier">data2</span> +<span class="ruby-identifier">mac</span> = <span class="ruby-identifier">hmac</span>.<span class="ruby-identifier">digest</span> +</pre> + </section> diff --git a/OpenSSL/PKey.html b/OpenSSL/PKey.html index 297a9d01..ef65fd26 100644 --- a/OpenSSL/PKey.html +++ b/OpenSSL/PKey.html @@ -155,20 +155,6 @@ the Diffie-Hellman protocol.</p> - <section class="constants-list"> - <header> - <h3>Constants</h3> - </header> - <dl> - - <dt id="DEFAULT_TMP_DH_CALLBACK">DEFAULT_TMP_DH_CALLBACK - - <dd> - - - </dl> - </section> - @@ -184,7 +170,7 @@ the Diffie-Hellman protocol.</p> <div class="method-heading"> <span class="method-callseq"> - OpenSSL::PKey.read(string [, pwd ] ) → PKey + OpenSSL::PKey.read(string [, pwd ]) → PKey </span> <span class="method-click-advice">click to toggle source</span> @@ -193,7 +179,7 @@ the Diffie-Hellman protocol.</p> <div class="method-heading"> <span class="method-callseq"> - OpenSSL::PKey.read(file [, pwd ]) → PKey + OpenSSL::PKey.read(io [, pwd ]) → PKey </span> </div> @@ -202,12 +188,16 @@ the Diffie-Hellman protocol.</p> <div class="method-description"> - <h3 id="method-c-read-label-Parameters">Parameters<span><a href="#method-c-read-label-Parameters">¶</a> <a href="#top">↑</a></span></h3> + <p>Reads a DER or PEM encoded string from <code>string</code> or +<code>io</code> and returns an instance of the appropriate <a +href="PKey/PKey.html">PKey</a> class.</p> + +<h3 id="method-c-read-label-Parameters">Parameters<span><a href="#method-c-read-label-Parameters">¶</a> <a href="#top">↑</a></span></h3> <ul><li> <p><code>string</code> is a DER- or PEM-encoded string containing an arbitrary private or public key.</p> </li><li> -<p><code>file</code> is an instance of <code>File</code> containing a DER- or +<p><code>io</code> is an instance of <code>IO</code> containing a DER- or PEM-encoded arbitrary private or public key.</p> </li><li> <p><code>pwd</code> is an optional password in case <code>string</code> or diff --git a/OpenSSL/PKey/DH.html b/OpenSSL/PKey/DH.html index 85ab99cb..74ed1008 100644 --- a/OpenSSL/PKey/DH.html +++ b/OpenSSL/PKey/DH.html @@ -99,6 +99,10 @@ <li ><a href="#method-i-public_key">#public_key</a> + <li ><a href="#method-i-set_key">#set_key</a> + + <li ><a href="#method-i-set_pqg">#set_pqg</a> + <li ><a href="#method-i-to_der">#to_der</a> <li ><a href="#method-i-to_pem">#to_pem</a> @@ -166,25 +170,6 @@ href="DH.html#method-i-compute_key">#compute_key</a>.</p> - <section class="constants-list"> - <header> - <h3>Constants</h3> - </header> - <dl> - - <dt id="DEFAULT_1024">DEFAULT_1024 - - <dd> - - - <dt id="DEFAULT_2048">DEFAULT_2048 - - <dd> - - - </dl> - </section> - @@ -260,13 +245,27 @@ ossl_dh_s_generate(int argc, VALUE *argv, VALUE klass) <div class="method-heading"> <span class="method-callseq"> - new([size [, generator] | string]) → dh + new → dh </span> <span class="method-click-advice">click to toggle source</span> </div> + <div class="method-heading"> + <span class="method-callseq"> + new(string) → dh + </span> + + </div> + + <div class="method-heading"> + <span class="method-callseq"> + new(size [, generator]) → dh + </span> + + </div> + <div class="method-description"> @@ -385,11 +384,10 @@ party's public value. See DH_compute_key() for further information.</p> <h3 id="method-i-compute_key-label-Parameters">Parameters<span><a href="#method-i-compute_key-label-Parameters">¶</a> <a href="#top">↑</a></span></h3> <ul><li> <p><code>pub_bn</code> is a <a href="../BN.html">OpenSSL::BN</a>, -<strong>not</strong> the <a href="DH.html">DH</a> instance returned by</p> +<strong>not</strong> the <a href="DH.html">DH</a> instance returned by <a +href="DH.html#method-i-public_key">#public_key</a> as that contains the <a +href="DH.html">DH</a> parameters only.</p> </li></ul> - -<p><a href="DH.html#method-i-public_key">#public_key</a> as that contains the -<a href="DH.html">DH</a> parameters only.</p> @@ -813,6 +811,62 @@ ossl_dh_to_public_key(VALUE self) </div> + <div id="method-i-set_key" class="method-detail "> + + + <div class="method-heading"> + <span class="method-callseq"> + set_key(pub_key, priv_key) → self + </span> + + </div> + + + + <div class="method-description"> + + <p>Sets <code>pub_key</code> and <code>priv_key</code> for the <a +href="DH.html">DH</a> instance. <code>priv_key</code> may be nil.</p> + + + + + </div> + + + + + </div> + + + <div id="method-i-set_pqg" class="method-detail "> + + + <div class="method-heading"> + <span class="method-callseq"> + set_pqg(p, q, g) → self + </span> + + </div> + + + + <div class="method-description"> + + <p>Sets <code>p</code>, <code>q</code>, <code>g</code> for the <a +href="DH.html">DH</a> instance.</p> + + + + + </div> + + + + + </div> + + <div id="method-i-to_der" class="method-detail "> diff --git a/OpenSSL/PKey/DSA.html b/OpenSSL/PKey/DSA.html index f4dc07ce..ec1515a3 100644 --- a/OpenSSL/PKey/DSA.html +++ b/OpenSSL/PKey/DSA.html @@ -84,6 +84,10 @@ <li ><a href="#method-i-public_key">#public_key</a> + <li ><a href="#method-i-set_key">#set_key</a> + + <li ><a href="#method-i-set_pqg">#set_pqg</a> + <li ><a href="#method-i-syssign">#syssign</a> <li ><a href="#method-i-sysverify">#sysverify</a> @@ -197,13 +201,27 @@ ossl_dsa_s_generate(VALUE klass, VALUE size) <div class="method-heading"> <span class="method-callseq"> - new([size | string [, pass]) → dsa + new → dsa </span> <span class="method-click-advice">click to toggle source</span> </div> + <div class="method-heading"> + <span class="method-callseq"> + new(size) → dsa + </span> + + </div> + + <div class="method-heading"> + <span class="method-callseq"> + new(string [, pass]) → dsa + </span> + + </div> + <div class="method-description"> @@ -602,6 +620,62 @@ ossl_dsa_to_public_key(VALUE self) </div> + <div id="method-i-set_key" class="method-detail "> + + + <div class="method-heading"> + <span class="method-callseq"> + set_key(pub_key, priv_key) → self + </span> + + </div> + + + + <div class="method-description"> + + <p>Sets <code>pub_key</code> and <code>priv_key</code> for the <a +href="DSA.html">DSA</a> instance. <code>priv_key</code> may be nil.</p> + + + + + </div> + + + + + </div> + + + <div id="method-i-set_pqg" class="method-detail "> + + + <div class="method-heading"> + <span class="method-callseq"> + set_pqg(p, q, g) → self + </span> + + </div> + + + + <div class="method-description"> + + <p>Sets <code>p</code>, <code>q</code>, <code>g</code> for the <a +href="DSA.html">DSA</a> instance.</p> + + + + + </div> + + + + + </div> + + <div id="method-i-syssign" class="method-detail "> diff --git a/OpenSSL/PKey/EC.html b/OpenSSL/PKey/EC.html index 889512f9..3fcd0e5f 100644 --- a/OpenSSL/PKey/EC.html +++ b/OpenSSL/PKey/EC.html @@ -129,6 +129,21 @@ <section class="description"> +<p><a href="EC.html">OpenSSL::PKey::EC</a> provides access to Elliptic Curve +Digital Signature Algorithm (ECDSA) and Elliptic Curve Diffie-Hellman +(ECDH).</p> + +<h3 id="class-OpenSSL::PKey::EC-label-Key+exchange">Key exchange<span><a href="#class-OpenSSL::PKey::EC-label-Key+exchange">¶</a> <a href="#top">↑</a></span></h3> + +<pre class="ruby"><span class="ruby-identifier">ec1</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">PKey</span><span class="ruby-operator">::</span><span class="ruby-constant">EC</span>.<span class="ruby-identifier">generate</span>(<span class="ruby-string">"prime256v1"</span>) +<span class="ruby-identifier">ec2</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">PKey</span><span class="ruby-operator">::</span><span class="ruby-constant">EC</span>.<span class="ruby-identifier">generate</span>(<span class="ruby-string">"prime256v1"</span>) +<span class="ruby-comment"># ec1 and ec2 have own private key respectively</span> +<span class="ruby-identifier">shared_key1</span> = <span class="ruby-identifier">ec1</span>.<span class="ruby-identifier">dh_compute_key</span>(<span class="ruby-identifier">ec2</span>.<span class="ruby-identifier">public_key</span>) +<span class="ruby-identifier">shared_key2</span> = <span class="ruby-identifier">ec2</span>.<span class="ruby-identifier">dh_compute_key</span>(<span class="ruby-identifier">ec1</span>.<span class="ruby-identifier">public_key</span>) + +<span class="ruby-identifier">p</span> <span class="ruby-identifier">shared_key1</span> <span class="ruby-operator">==</span> <span class="ruby-identifier">shared_key2</span> <span class="ruby-comment">#=> true</span> +</pre> + </section> @@ -146,6 +161,11 @@ </header> <dl> + <dt id="EXPLICIT_CURVE">EXPLICIT_CURVE + + <dd> + + <dt id="NAMED_CURVE">NAMED_CURVE <dd> @@ -169,7 +189,7 @@ <div class="method-heading"> <span class="method-callseq"> - builtin_curves → [[name, comment], ...] + builtin_curves → [[sn, comment], ...] </span> <span class="method-click-advice">click to toggle source</span> @@ -180,8 +200,11 @@ <div class="method-description"> - <p>See the <a href="../../OpenSSL.html">OpenSSL</a> documentation for -EC_builtin_curves()</p> + <p>Obtains a list of all predefined curves by the <a +href="../../OpenSSL.html">OpenSSL</a>. Curve names are returned as sn.</p> + +<p>See the <a href="../../OpenSSL.html">OpenSSL</a> documentation for +EC_get_builtin_curves().</p> @@ -288,7 +311,7 @@ ossl_ec_key_s_generate(VALUE klass, VALUE arg) <div class="method-heading"> <span class="method-callseq"> - OpenSSL::PKey::EC.new() + OpenSSL::PKey::EC.new </span> <span class="method-click-advice">click to toggle source</span> @@ -318,13 +341,6 @@ ossl_ec_key_s_generate(VALUE klass, VALUE arg) <div class="method-heading"> <span class="method-callseq"> - OpenSSL::PKey::EC.new(pem_string) - </span> - - </div> - - <div class="method-heading"> - <span class="method-callseq"> OpenSSL::PKey::EC.new(pem_string [, pwd]) </span> @@ -341,9 +357,7 @@ ossl_ec_key_s_generate(VALUE klass, VALUE arg) <div class="method-description"> - <p>See the <a href="../../OpenSSL.html">OpenSSL</a> documentation for:</p> - -<pre>EC_KEY_*</pre> + <p>Creates a new <a href="EC.html">EC</a> object from given arguments.</p> diff --git a/OpenSSL/PKey/EC/Group.html b/OpenSSL/PKey/EC/Group.html index 3290ea5d..2c9b3a6c 100644 --- a/OpenSSL/PKey/EC/Group.html +++ b/OpenSSL/PKey/EC/Group.html @@ -145,72 +145,23 @@ <div class="method-heading"> <span class="method-callseq"> - OpenSSL::PKey::EC::Group.new("secp112r1") - </span> - - <span class="method-click-advice">click to toggle source</span> - - </div> - - <div class="method-heading"> - <span class="method-callseq"> OpenSSL::PKey::EC::Group.new(ec_group) </span> - </div> - - <div class="method-heading"> - <span class="method-callseq"> - OpenSSL::PKey::EC::Group.new(pem_string) - </span> - - </div> - - <div class="method-heading"> - <span class="method-callseq"> - OpenSSL::PKey::EC::Group.new(der_string) - </span> - - </div> - - <div class="method-heading"> - <span class="method-callseq"> - OpenSSL::PKey::EC::Group.new(pem_file) - </span> - - </div> - - <div class="method-heading"> - <span class="method-callseq"> - OpenSSL::PKey::EC::Group.new(der_file) - </span> - - </div> - - <div class="method-heading"> - <span class="method-callseq"> - OpenSSL::PKey::EC::Group.new(:GFp_simple) - </span> - - </div> - - <div class="method-heading"> - <span class="method-callseq"> - OpenSSL::PKey::EC::Group.new(:GFp_mult) - </span> + <span class="method-click-advice">click to toggle source</span> </div> <div class="method-heading"> <span class="method-callseq"> - OpenSSL::PKey::EC::Group.new(:GFp_nist) + OpenSSL::PKey::EC::Group.new(pem_or_der_encoded) </span> </div> <div class="method-heading"> <span class="method-callseq"> - OpenSSL::PKey::EC::Group.new(:GF2m_simple) + OpenSSL::PKey::EC::Group.new(ec_method) </span> </div> @@ -233,8 +184,22 @@ <div class="method-description"> - <p>See the <a href="../../../OpenSSL.html">OpenSSL</a> documentation for -EC_GROUP_*</p> + <p>Creates a new <a href="Group.html">EC::Group</a> object.</p> + +<p><code>ec_method</code> is a symbol that represents an EC_METHOD. Currently +the following are supported:</p> +<ul><li> +<p>:GFp_simple</p> +</li><li> +<p>:GFp_mont</p> +</li><li> +<p>:GFp_nist</p> +</li><li> +<p>:GF2m_simple</p> +</li></ul> + +<p>If the first argument is :GFp or :GF2m, creates a new curve with given +parameters.</p> @@ -396,7 +361,7 @@ EC_GROUP_*</p> <div class="method-heading"> <span class="method-callseq"> - asn1_flag → Fixnum + asn1_flag → Integer </span> <span class="method-click-advice">click to toggle source</span> @@ -407,8 +372,9 @@ EC_GROUP_*</p> <div class="method-description"> - <p>See the <a href="../../../OpenSSL.html">OpenSSL</a> documentation for -EC_GROUP_get_asn1_flag()</p> + <p>Returns the flags set on the group.</p> + +<p>See also <a href="Group.html#method-i-asn1_flag-3D">asn1_flag=</a>.</p> @@ -440,7 +406,7 @@ EC_GROUP_get_asn1_flag()</p> <div class="method-heading"> <span class="method-callseq"> - asn1_flag = Fixnum → Fixnum + asn1_flag = flags </span> <span class="method-click-advice">click to toggle source</span> @@ -451,8 +417,18 @@ EC_GROUP_get_asn1_flag()</p> <div class="method-description"> - <p>See the <a href="../../../OpenSSL.html">OpenSSL</a> documentation for -EC_GROUP_set_asn1_flag()</p> + <p>Sets flags on the group. The flag value is used to determine how to encode +the group: encode explicit parameters or named curve using an OID.</p> + +<p>The flag value can be either of:</p> +<ul><li> +<p>EC::NAMED_CURVE</p> +</li><li> +<p>EC::EXPLICIT_CURVE</p> +</li></ul> + +<p>See the <a href="../../../OpenSSL.html">OpenSSL</a> documentation for +EC_GROUP_set_asn1_flag().</p> @@ -494,7 +470,9 @@ EC_GROUP_set_asn1_flag()</p> <div class="method-description"> - <p>See the <a href="../../../OpenSSL.html">OpenSSL</a> documentation for + <p>Returns the cofactor of the group.</p> + +<p>See the <a href="../../../OpenSSL.html">OpenSSL</a> documentation for EC_GROUP_get_cofactor()</p> @@ -543,7 +521,9 @@ EC_GROUP_get_cofactor()</p> <div class="method-description"> - <p>See the <a href="../../../OpenSSL.html">OpenSSL</a> documentation for + <p>Returns the curve name (sn).</p> + +<p>See the <a href="../../../OpenSSL.html">OpenSSL</a> documentation for EC_GROUP_get_curve_name()</p> @@ -638,7 +618,8 @@ EC_GROUP_get_degree()</p> <div class="method-description"> - + <p>Returns true if the two groups use the same curve and have the same +parameters, false otherwise.</p> @@ -686,7 +667,9 @@ EC_GROUP_get_degree()</p> <div class="method-description"> - <p>See the <a href="../../../OpenSSL.html">OpenSSL</a> documentation for + <p>Returns the generator of the group.</p> + +<p>See the <a href="../../../OpenSSL.html">OpenSSL</a> documentation for EC_GROUP_get0_generator()</p> @@ -730,7 +713,9 @@ EC_GROUP_get0_generator()</p> <div class="method-description"> - <p>See the <a href="../../../OpenSSL.html">OpenSSL</a> documentation for + <p>Returns the order of the group.</p> + +<p>See the <a href="../../../OpenSSL.html">OpenSSL</a> documentation for EC_GROUP_get_order()</p> @@ -768,7 +753,7 @@ EC_GROUP_get_order()</p> <div class="method-heading"> <span class="method-callseq"> - point_conversion_form → :uncompressed | :compressed | :hybrid + point_conversion_form → Symbol </span> <span class="method-click-advice">click to toggle source</span> @@ -779,8 +764,11 @@ EC_GROUP_get_order()</p> <div class="method-description"> - <p>See the <a href="../../../OpenSSL.html">OpenSSL</a> documentation for -EC_GROUP_get_point_conversion_form()</p> + <p>Returns the form how <a href="Point.html">EC::Point</a> data is encoded as +ASN.1.</p> + +<p>See also <a +href="Group.html#method-i-point_conversion_form-3D">point_conversion_form=</a>.</p> @@ -820,7 +808,7 @@ EC_GROUP_get_point_conversion_form()</p> <div class="method-heading"> <span class="method-callseq"> - point_conversion_form = form → form + point_conversion_form = form </span> <span class="method-click-advice">click to toggle source</span> @@ -831,7 +819,24 @@ EC_GROUP_get_point_conversion_form()</p> <div class="method-description"> - <p>See the <a href="../../../OpenSSL.html">OpenSSL</a> documentation for + <p>Sets the form how <a href="Point.html">EC::Point</a> data is encoded as +ASN.1 as defined in X9.62.</p> + +<p><code>format</code> can be one of these:</p> +<dl class="rdoc-list note-list"><dt>:compressed +<dd> +<p>Encoded as z||x, where z is an octet indicating which solution of the +equation y is. z will be 0x02 or 0x03.</p> +</dd><dt>:uncompressed +<dd> +<p>Encoded as z||x||y, where z is an octet 0x04.</p> +</dd><dt>:hybrid +<dd> +<p>Encodes as z||x||y, where z is an octet indicating which solution of the +equation y is. z will be 0x06 or 0x07.</p> +</dd></dl> + +<p>See the <a href="../../../OpenSSL.html">OpenSSL</a> documentation for EC_GROUP_set_point_conversion_form()</p> @@ -978,7 +983,11 @@ EC_GROUP_set_seed()</p> <div class="method-description"> - <p>See the <a href="../../../OpenSSL.html">OpenSSL</a> documentation for + <p>Sets the curve parameters. <code>generator</code> must be an instance of <a +href="Point.html">EC::Point</a> that is on the curve. <code>order</code> +and <code>cofactor</code> are integers.</p> + +<p>See the <a href="../../../OpenSSL.html">OpenSSL</a> documentation for EC_GROUP_set_generator()</p> diff --git a/OpenSSL/PKey/RSA.html b/OpenSSL/PKey/RSA.html index 1ae4b5cd..8c564fbf 100644 --- a/OpenSSL/PKey/RSA.html +++ b/OpenSSL/PKey/RSA.html @@ -96,6 +96,12 @@ <li ><a href="#method-i-public_key">#public_key</a> + <li ><a href="#method-i-set_crt_params">#set_crt_params</a> + + <li ><a href="#method-i-set_factors">#set_factors</a> + + <li ><a href="#method-i-set_key">#set_key</a> + <li ><a href="#method-i-to_der">#to_der</a> <li ><a href="#method-i-to_pem">#to_pem</a> @@ -954,6 +960,92 @@ ossl_rsa_to_public_key(VALUE self) </div> + <div id="method-i-set_crt_params" class="method-detail "> + + + <div class="method-heading"> + <span class="method-callseq"> + set_crt_params(dmp1, dmq1, iqmp) → self + </span> + + </div> + + + + <div class="method-description"> + + <p>Sets <code>dmp1</code>, <code>dmq1</code>, <code>iqmp</code> for the <a +href="RSA.html">RSA</a> instance. They are calculated by <code>d mod (p - +1)</code>, <code>d mod (q - 1)</code> and <code>q^(-1) mod p</code> +respectively.</p> + + + + + </div> + + + + + </div> + + + <div id="method-i-set_factors" class="method-detail "> + + + <div class="method-heading"> + <span class="method-callseq"> + set_factors(p, q) → self + </span> + + </div> + + + + <div class="method-description"> + + <p>Sets <code>p</code>, <code>q</code> for the <a href="RSA.html">RSA</a> +instance.</p> + + + + + </div> + + + + + </div> + + + <div id="method-i-set_key" class="method-detail "> + + + <div class="method-heading"> + <span class="method-callseq"> + set_key(n, e, d) → self + </span> + + </div> + + + + <div class="method-description"> + + <p>Sets <code>n</code>, <code>e</code>, <code>d</code> for the <a +href="RSA.html">RSA</a> instance.</p> + + + + + </div> + + + + + </div> + + <div id="method-i-to_der" class="method-detail "> diff --git a/OpenSSL/Random.html b/OpenSSL/Random.html index e3f34e83..80d6084f 100644 --- a/OpenSSL/Random.html +++ b/OpenSSL/Random.html @@ -271,10 +271,11 @@ pseudo-random bytes.</p> href="Random.html#method-c-pseudo_bytes">::pseudo_bytes</a> will be unique if they are of sufficient length, but are not necessarily unpredictable.</p> -<pre>Example: +<h3 id="method-c-pseudo_bytes-label-Example">Example<span><a href="#method-c-pseudo_bytes-label-Example">¶</a> <a href="#top">↑</a></span></h3> - OpenSSL::Random.pseudo_bytes(12) - => "..."</pre> +<pre class="ruby"><span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">Random</span>.<span class="ruby-identifier">pseudo_bytes</span>(<span class="ruby-value">12</span>) +<span class="ruby-comment">#=> "..."</span> +</pre> @@ -329,13 +330,14 @@ less predictable.</p> <p>The <code>entropy</code> argument is (the lower bound of) an estimate of how much randomness is contained in <code>str</code>, measured in bytes.</p> -<pre>Example: +<h3 id="method-c-random_add-label-Example">Example<span><a href="#method-c-random_add-label-Example">¶</a> <a href="#top">↑</a></span></h3> - pid = $$ - now = Time.now - ary = [now.to_i, now.nsec, 1000, pid] - OpenSSL::Random.add(ary.join("").to_s, 0.0) - OpenSSL::Random.seed(ary.join("").to_s)</pre> +<pre class="ruby"><span class="ruby-identifier">pid</span> = <span class="ruby-identifier">$$</span> +<span class="ruby-identifier">now</span> = <span class="ruby-constant">Time</span>.<span class="ruby-identifier">now</span> +<span class="ruby-identifier">ary</span> = [<span class="ruby-identifier">now</span>.<span class="ruby-identifier">to_i</span>, <span class="ruby-identifier">now</span>.<span class="ruby-identifier">nsec</span>, <span class="ruby-value">1000</span>, <span class="ruby-identifier">pid</span>] +<span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">Random</span>.<span class="ruby-identifier">add</span>(<span class="ruby-identifier">ary</span>.<span class="ruby-identifier">join</span>, <span class="ruby-value">0.0</span>) +<span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">Random</span>.<span class="ruby-identifier">seed</span>(<span class="ruby-identifier">ary</span>.<span class="ruby-identifier">join</span>) +</pre> @@ -378,10 +380,11 @@ ossl_rand_add(VALUE self, VALUE str, VALUE entropy) <p>Generates <code>string</code> with <code>length</code> number of cryptographically strong pseudo-random bytes.</p> -<pre>Example: +<h3 id="method-c-random_bytes-label-Example">Example<span><a href="#method-c-random_bytes-label-Example">¶</a> <a href="#top">↑</a></span></h3> - OpenSSL::Random.random_bytes(12) - => "..."</pre> +<pre class="ruby"><span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">Random</span>.<span class="ruby-identifier">random_bytes</span>(<span class="ruby-value">12</span>) +<span class="ruby-comment">#=> "..."</span> +</pre> diff --git a/OpenSSL/SSL.html b/OpenSSL/SSL.html index 5e4493fe..d693b653 100644 --- a/OpenSSL/SSL.html +++ b/OpenSSL/SSL.html @@ -126,7 +126,7 @@ connections.</p> <div class="method-source-code" id="verify_certificate_identity-source"> - <pre><span class="ruby-comment"># File lib/openssl/ssl.rb, line 170</span> + <pre><span class="ruby-comment"># File lib/openssl/ssl.rb, line 173</span> <span class="ruby-keyword">def</span> <span class="ruby-identifier">verify_certificate_identity</span>(<span class="ruby-identifier">cert</span>, <span class="ruby-identifier">hostname</span>) <span class="ruby-identifier">should_verify_common_name</span> = <span class="ruby-keyword">true</span> <span class="ruby-identifier">cert</span>.<span class="ruby-identifier">extensions</span>.<span class="ruby-identifier">each</span>{<span class="ruby-operator">|</span><span class="ruby-identifier">ext</span><span class="ruby-operator">|</span> diff --git a/OpenSSL/SSL/SSLContext.html b/OpenSSL/SSL/SSLContext.html index b5bacfd2..189a2494 100644 --- a/OpenSSL/SSL/SSLContext.html +++ b/OpenSSL/SSL/SSLContext.html @@ -70,8 +70,6 @@ <ul class="link-list" role="directory"> - <li ><a href="#method-c-new">::new</a> - <li ><a href="#method-i-ciphers">#ciphers</a> <li ><a href="#method-i-ciphers-3D">#ciphers=</a> @@ -102,8 +100,6 @@ <li ><a href="#method-i-session_remove">#session_remove</a> - <li ><a href="#method-i-set_params">#set_params</a> - <li ><a href="#method-i-setup">#setup</a> <li ><a href="#method-i-ssl_version-3D">#ssl_version=</a> @@ -130,25 +126,6 @@ href="SSLSocket.html">SSLSocket</a>.</p> href="SSLSocket.html">SSLSocket</a> as the <a href="SSLContext.html">SSLContext</a> will be frozen afterward.</p> -<p>The following attributes are available but don't show up in rdoc:</p> -<ul><li> -<p>ssl_version, cert, key, <a -href="SSLContext.html#attribute-i-client_ca">#client_ca</a>, <a -href="SSLContext.html#attribute-i-ca_file">#ca_file</a>, <a -href="SSLContext.html#attribute-i-ca_path">#ca_path</a>, timeout,</p> -</li><li> -<p><a href="SSLContext.html#attribute-i-verify_mode">#verify_mode</a>, <a -href="SSLContext.html#attribute-i-verify_depth">#verify_depth</a> <a -href="SSLContext.html#attribute-i-client_cert_cb">#client_cert_cb</a>, <a -href="SSLContext.html#attribute-i-tmp_dh_callback">#tmp_dh_callback</a>,</p> -</li><li> -<p><a -href="SSLContext.html#attribute-i-session_id_context">#session_id_context</a>, -session_add_cb, <a -href="SSLContext.html#attribute-i-session_new_cb">#session_new_cb</a>, <a -href="SSLContext.html#attribute-i-session_remove_cb">#session_remove_cb</a></p> -</li></ul> - </section> @@ -166,21 +143,6 @@ href="SSLContext.html#attribute-i-session_remove_cb">#session_remove_cb</a></p> </header> <dl> - <dt id="DEFAULT_CERT_STORE">DEFAULT_CERT_STORE - - <dd> - - - <dt id="DEFAULT_PARAMS">DEFAULT_PARAMS - - <dd> - - - <dt id="INIT_VARS">INIT_VARS - - <dd> - - <dt id="METHODS">METHODS <dd><p>The list of available SSL/TLS methods</p> @@ -258,8 +220,8 @@ internal cache.</p> <p>An Enumerable of Strings. Each String represents a protocol to be advertised as the list of supported protocols for Application-Layer Protocol Negotiation. Supported in <a href="../../OpenSSL.html">OpenSSL</a> -1.0.1 and higher. Has no effect on the client side. If not set explicitly, -the NPN extension will not be sent by the server in the handshake.</p> +1.0.2 and higher. Has no effect on the server side. If not set explicitly, +the ALPN extension will not be included in the handshake.</p> <h3 id="attribute-i-alpn_protocols-label-Example">Example<span><a href="#attribute-i-alpn_protocols-label-Example">¶</a> <a href="#top">↑</a></span></h3> @@ -279,16 +241,16 @@ the NPN extension will not be sent by the server in the handshake.</p> <p>A callback invoked on the server side when the server needs to select a protocol from the list sent by the client. Supported in <a -href="../../OpenSSL.html">OpenSSL</a> 1.0.2 and higher. The server MUST -select a protocol of those advertised by the client. If none is acceptable, +href="../../OpenSSL.html">OpenSSL</a> 1.0.2 and higher. The callback must +return a protocol of those advertised by the client. If none is acceptable, raising an error in the callback will cause the handshake to fail. Not setting this callback explicitly means not supporting the ALPN extension on -the client - any protocols advertised by the server will be ignored.</p> +the server - any protocols advertised by the client will be ignored.</p> <h3 id="attribute-i-alpn_select_cb-label-Example">Example<span><a href="#attribute-i-alpn_select_cb-label-Example">¶</a> <a href="#top">↑</a></span></h3> <pre class="ruby"><span class="ruby-identifier">ctx</span>.<span class="ruby-identifier">alpn_select_cb</span> = <span class="ruby-identifier">lambda</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">protocols</span><span class="ruby-operator">|</span> - <span class="ruby-comment">#inspect the protocols and select one</span> + <span class="ruby-comment"># inspect the protocols and select one</span> <span class="ruby-identifier">protocols</span>.<span class="ruby-identifier">first</span> <span class="ruby-keyword">end</span> </pre> @@ -347,7 +309,7 @@ name's hash value.</p> <div class="method-description"> <p>An <a href="../X509/Store.html">OpenSSL::X509::Store</a> used for -certificate verification</p> +certificate verification.</p> </div> </div> @@ -453,7 +415,7 @@ the client - any protocols advertised by the server will be ignored.</p> <h3 id="attribute-i-npn_select_cb-label-Example">Example<span><a href="#attribute-i-npn_select_cb-label-Example">¶</a> <a href="#top">↑</a></span></h3> <pre class="ruby"><span class="ruby-identifier">ctx</span>.<span class="ruby-identifier">npn_select_cb</span> = <span class="ruby-identifier">lambda</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">protocols</span><span class="ruby-operator">|</span> - <span class="ruby-comment">#inspect the protocols and select one</span> + <span class="ruby-comment"># inspect the protocols and select one</span> <span class="ruby-identifier">protocols</span>.<span class="ruby-identifier">first</span> <span class="ruby-keyword">end</span> </pre> @@ -566,7 +528,7 @@ and a <a href="Session.html">Session</a>.</p> <div class="method-description"> - <p>Maximum session lifetime.</p> + <p>Maximum session lifetime in seconds.</p> </div> </div> @@ -579,27 +541,7 @@ and a <a href="Session.html">Session</a>.</p> <div class="method-description"> - <p>Maximum session lifetime.</p> - - </div> - </div> - - <div id="attribute-i-tmp_dh_callback" class="method-detail"> - <div class="method-heading attribute-method-heading"> - <span class="method-name">tmp_dh_callback</span><span - class="attribute-access-type">[RW]</span> - </div> - - <div class="method-description"> - - <p>A callback invoked when DH parameters are required.</p> - -<p>The callback is invoked with the <a href="Session.html">Session</a> for the -key exchange, an flag indicating the use of an export cipher and the -keylength required.</p> - -<p>The callback must return an <a href="../PKey/DH.html">OpenSSL::PKey::DH</a> -instance of the correct key length.</p> + <p>Maximum session lifetime in seconds.</p> </div> </div> @@ -692,6 +634,11 @@ href="SSLSocket.html#method-i-hostname-3D">OpenSSL::SSL::SSLSocket#hostname=</a> <p>Valid modes are VERIFY_NONE, VERIFY_PEER, VERIFY_CLIENT_ONCE, VERIFY_FAIL_IF_NO_PEER_CERT and defined on <a href="../SSL.html">OpenSSL::SSL</a></p> + +<p>The default mode is VERIFY_NONE, which does not perform any verification at +all.</p> + +<p>See SSL_CTX_set_verify(3) for details.</p> </div> </div> @@ -700,67 +647,6 @@ href="../SSL.html">OpenSSL::SSL</a></p> - <section id="public-class-5Buntitled-5D-method-details" class="method-section"> - <header> - <h3>Public Class Methods</h3> - </header> - - - <div id="method-c-new" class="method-detail "> - - - <div class="method-heading"> - <span class="method-callseq"> - new → ctx - </span> - - <span class="method-click-advice">click to toggle source</span> - - </div> - - <div class="method-heading"> - <span class="method-callseq"> - new(:TLSv1) → ctx - </span> - - </div> - - <div class="method-heading"> - <span class="method-callseq"> - new("SSLv23_client") → ctx - </span> - - </div> - - - - <div class="method-description"> - - <p>You can get a list of valid methods with OpenSSL::SSL::SSLContext::METHODS</p> - - - - - <div class="method-source-code" id="new-source"> - <pre><span class="ruby-comment"># File lib/openssl/ssl.rb, line 109</span> -<span class="ruby-keyword">def</span> <span class="ruby-identifier">initialize</span>(<span class="ruby-identifier">version</span> = <span class="ruby-keyword">nil</span>) - <span class="ruby-constant">INIT_VARS</span>.<span class="ruby-identifier">each</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">v</span><span class="ruby-operator">|</span> <span class="ruby-identifier">instance_variable_set</span> <span class="ruby-identifier">v</span>, <span class="ruby-keyword">nil</span> } - <span class="ruby-keyword">self</span>.<span class="ruby-identifier">options</span> = <span class="ruby-keyword">self</span>.<span class="ruby-identifier">options</span> <span class="ruby-operator">|</span> <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">SSL</span><span class="ruby-operator">::</span><span class="ruby-constant">OP_ALL</span> - <span class="ruby-keyword">return</span> <span class="ruby-keyword">unless</span> <span class="ruby-identifier">version</span> - <span class="ruby-keyword">self</span>.<span class="ruby-identifier">ssl_version</span> = <span class="ruby-identifier">version</span> -<span class="ruby-keyword">end</span></pre> - </div> - - </div> - - - - - </div> - - - </section> - <section id="public-instance-5Buntitled-5D-method-details" class="method-section"> <header> <h3>Public Instance Methods</h3> @@ -783,7 +669,7 @@ href="../SSL.html">OpenSSL::SSL</a></p> <div class="method-description"> - <p>The list of ciphers configured for this context.</p> + <p>The list of cipher suites configured for this context.</p> @@ -856,12 +742,10 @@ ossl_sslctx_get_ciphers(VALUE self) <div class="method-description"> - <p>Sets the list of available ciphers for this context. Note in a server -context some ciphers require the appropriate certificates. For example, an -RSA cipher can only be chosen when an RSA certificate is available.</p> - -<p>See also <a href="../Cipher.html">OpenSSL::Cipher</a> and <a -href="../Cipher.html#method-c-ciphers">OpenSSL::Cipher.ciphers</a></p> + <p>Sets the list of available cipher suites for this context. Note in a +server context some ciphers require the appropriate certificates. For +example, an RSA cipher suite can only be chosen when an RSA certificate is +available.</p> @@ -1216,7 +1100,7 @@ ossl_sslctx_get_security_level(VALUE self) <div class="method-heading"> <span class="method-callseq"> - security_level=(integer) → Integer + security_level = integer </span> <span class="method-click-advice">click to toggle source</span> @@ -1293,7 +1177,7 @@ ossl_sslctx_set_security_level(VALUE self, VALUE value) <div class="method-description"> - <p>Adds <code>session</code> to the session cache</p> + <p>Adds <code>session</code> to the session cache.</p> @@ -1602,7 +1486,7 @@ ossl_sslctx_get_session_cache_stats(VALUE self) <div class="method-description"> - <p>Removes <code>session</code> from the session cache</p> + <p>Removes <code>session</code> from the session cache.</p> @@ -1629,60 +1513,6 @@ ossl_sslctx_session_remove(VALUE self, VALUE arg) </div> - <div id="method-i-set_params" class="method-detail "> - - - <div class="method-heading"> - <span class="method-callseq"> - set_params(params = {}) → params - </span> - - <span class="method-click-advice">click to toggle source</span> - - </div> - - - - <div class="method-description"> - - <p>Sets saner defaults optimized for the use with HTTP-like protocols.</p> - -<p>If a Hash <code>params</code> is given, the parameters are overridden with -it. The keys in <code>params</code> must be assignment methods on <a -href="SSLContext.html">SSLContext</a>.</p> - -<p>If the <a href="SSLContext.html#attribute-i-verify_mode">#verify_mode</a> -is not VERIFY_NONE and <a -href="SSLContext.html#attribute-i-ca_file">#ca_file</a>, <a -href="SSLContext.html#attribute-i-ca_path">#ca_path</a> and <a -href="SSLContext.html#attribute-i-cert_store">#cert_store</a> are not set -then the system default certificate store is used.</p> - - - - - <div class="method-source-code" id="set_params-source"> - <pre><span class="ruby-comment"># File lib/openssl/ssl.rb, line 128</span> -<span class="ruby-keyword">def</span> <span class="ruby-identifier">set_params</span>(<span class="ruby-identifier">params</span>={}) - <span class="ruby-identifier">params</span> = <span class="ruby-constant">DEFAULT_PARAMS</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-identifier">params</span>) - <span class="ruby-identifier">params</span>.<span class="ruby-identifier">each</span>{<span class="ruby-operator">|</span><span class="ruby-identifier">name</span>, <span class="ruby-identifier">value</span><span class="ruby-operator">|</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">__send__</span>(<span class="ruby-node">"#{name}="</span>, <span class="ruby-identifier">value</span>) } - <span class="ruby-keyword">if</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">verify_mode</span> <span class="ruby-operator">!=</span> <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">SSL</span><span class="ruby-operator">::</span><span class="ruby-constant">VERIFY_NONE</span> - <span class="ruby-keyword">unless</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">ca_file</span> <span class="ruby-keyword">or</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">ca_path</span> <span class="ruby-keyword">or</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">cert_store</span> - <span class="ruby-keyword">self</span>.<span class="ruby-identifier">cert_store</span> = <span class="ruby-constant">DEFAULT_CERT_STORE</span> - <span class="ruby-keyword">end</span> - <span class="ruby-keyword">end</span> - <span class="ruby-keyword">return</span> <span class="ruby-identifier">params</span> -<span class="ruby-keyword">end</span></pre> - </div> - - </div> - - - - - </div> - - <div id="method-i-setup" class="method-detail "> @@ -1928,7 +1758,10 @@ ossl_sslctx_setup(VALUE self) <div class="method-description"> - <p>You can get a list of valid versions with OpenSSL::SSL::SSLContext::METHODS</p> + <p>Sets the SSL/TLS protocol version for the context. This forces connections +to use only the specified protocol version.</p> + +<p>You can get a list of valid versions with OpenSSL::SSL::SSLContext::METHODS</p> diff --git a/OpenSSL/SSL/SSLServer.html b/OpenSSL/SSL/SSLServer.html index d01d82e2..14d65d1c 100644 --- a/OpenSSL/SSL/SSLServer.html +++ b/OpenSSL/SSL/SSLServer.html @@ -177,7 +177,7 @@ href="SSLContext.html">OpenSSL::SSL::SSLContext</a>.</p> <div class="method-source-code" id="new-source"> - <pre><span class="ruby-comment"># File lib/openssl/ssl.rb, line 348</span> + <pre><span class="ruby-comment"># File lib/openssl/ssl.rb, line 362</span> <span class="ruby-keyword">def</span> <span class="ruby-identifier">initialize</span>(<span class="ruby-identifier">svr</span>, <span class="ruby-identifier">ctx</span>) <span class="ruby-ivar">@svr</span> = <span class="ruby-identifier">svr</span> <span class="ruby-ivar">@ctx</span> = <span class="ruby-identifier">ctx</span> @@ -226,7 +226,7 @@ href="SSLContext.html">OpenSSL::SSL::SSLContext</a>.</p> <div class="method-source-code" id="accept-source"> - <pre><span class="ruby-comment"># File lib/openssl/ssl.rb, line 376</span> + <pre><span class="ruby-comment"># File lib/openssl/ssl.rb, line 390</span> <span class="ruby-keyword">def</span> <span class="ruby-identifier">accept</span> <span class="ruby-comment"># Socket#accept returns [socket, addrinfo].</span> <span class="ruby-comment"># TCPServer#accept returns a socket.</span> @@ -275,7 +275,7 @@ href="SSLContext.html">OpenSSL::SSL::SSLContext</a>.</p> <div class="method-source-code" id="close-source"> - <pre><span class="ruby-comment"># File lib/openssl/ssl.rb, line 397</span> + <pre><span class="ruby-comment"># File lib/openssl/ssl.rb, line 411</span> <span class="ruby-keyword">def</span> <span class="ruby-identifier">close</span> <span class="ruby-ivar">@svr</span>.<span class="ruby-identifier">close</span> <span class="ruby-keyword">end</span></pre> @@ -308,7 +308,7 @@ href="SSLContext.html">OpenSSL::SSL::SSLContext</a>.</p> <div class="method-source-code" id="listen-source"> - <pre><span class="ruby-comment"># File lib/openssl/ssl.rb, line 366</span> + <pre><span class="ruby-comment"># File lib/openssl/ssl.rb, line 380</span> <span class="ruby-keyword">def</span> <span class="ruby-identifier">listen</span>(<span class="ruby-identifier">backlog</span>=<span class="ruby-value">5</span>) <span class="ruby-ivar">@svr</span>.<span class="ruby-identifier">listen</span>(<span class="ruby-identifier">backlog</span>) <span class="ruby-keyword">end</span></pre> @@ -341,7 +341,7 @@ href="SSLContext.html">OpenSSL::SSL::SSLContext</a>.</p> <div class="method-source-code" id="shutdown-source"> - <pre><span class="ruby-comment"># File lib/openssl/ssl.rb, line 371</span> + <pre><span class="ruby-comment"># File lib/openssl/ssl.rb, line 385</span> <span class="ruby-keyword">def</span> <span class="ruby-identifier">shutdown</span>(<span class="ruby-identifier">how</span>=<span class="ruby-constant">Socket</span><span class="ruby-operator">::</span><span class="ruby-constant">SHUT_RDWR</span>) <span class="ruby-ivar">@svr</span>.<span class="ruby-identifier">shutdown</span>(<span class="ruby-identifier">how</span>) <span class="ruby-keyword">end</span></pre> @@ -375,7 +375,7 @@ when initialized.</p> <div class="method-source-code" id="to_io-source"> - <pre><span class="ruby-comment"># File lib/openssl/ssl.rb, line 361</span> + <pre><span class="ruby-comment"># File lib/openssl/ssl.rb, line 375</span> <span class="ruby-keyword">def</span> <span class="ruby-identifier">to_io</span> <span class="ruby-ivar">@svr</span> <span class="ruby-keyword">end</span></pre> diff --git a/OpenSSL/SSL/SSLSocket.html b/OpenSSL/SSL/SSLSocket.html index 43c389f1..9195aaa3 100644 --- a/OpenSSL/SSL/SSLSocket.html +++ b/OpenSSL/SSL/SSLSocket.html @@ -148,12 +148,6 @@ <section class="description"> -<p>The following attributes are available but don't show up in rdoc.</p> -<ul><li> -<p>io, context, <a -href="SSLSocket.html#attribute-i-sync_close">#sync_close</a></p> -</li></ul> - </section> @@ -181,7 +175,8 @@ href="SSLSocket.html#attribute-i-sync_close">#sync_close</a></p> <div class="method-description"> - + <p>The <a href="SSLContext.html">SSLContext</a> object used in this +connection.</p> </div> </div> @@ -194,7 +189,7 @@ href="SSLSocket.html#attribute-i-sync_close">#sync_close</a></p> <div class="method-description"> - + <p>The underlying <a href="../../IO.html">IO</a> object.</p> </div> </div> @@ -221,7 +216,7 @@ is shut down. This defaults to <code>false</code>.</p> <div class="method-description"> - + <p>The underlying <a href="../../IO.html">IO</a> object.</p> </div> </div> @@ -260,8 +255,8 @@ is shut down. This defaults to <code>false</code>.</p> <div class="method-description"> <p>Creates a new <a href="../SSL.html">SSL</a> socket from <code>io</code> -which must be a real ruby object (not an IO-like object that responds to -read/write).</p> +which must be a real <a href="../../IO.html">IO</a> object (not an IO-like +object that responds to read/write).</p> <p>If <code>ctx</code> is provided the <a href="../SSL.html">SSL</a> Sockets initial params will be taken from the context.</p> @@ -439,7 +434,7 @@ ossl_ssl_accept_nonblock(int argc, VALUE *argv, VALUE self) <div class="method-heading"> <span class="method-callseq"> - alpn_protocol → String + alpn_protocol → String | nil </span> <span class="method-click-advice">click to toggle source</span> @@ -450,7 +445,7 @@ ossl_ssl_accept_nonblock(int argc, VALUE *argv, VALUE self) <div class="method-description"> - <p>Returns the ALPN protocol string that was finally selected by the client + <p>Returns the ALPN protocol string that was finally selected by the server during the handshake.</p> @@ -732,18 +727,22 @@ ossl_ssl_connect_nonblock(int argc, VALUE *argv, VALUE self) <div id="method-i-hostname-3D" class="method-detail "> + <div class="method-heading"> - <span class="method-name">hostname=</span><span - class="method-args">(p1)</span> + <span class="method-callseq"> + hostname = hostname → hostname + </span> <span class="method-click-advice">click to toggle source</span> </div> + <div class="method-description"> - + <p>Sets the server hostname used for SNI. This needs to be set before <a +href="SSLSocket.html#method-i-connect">#connect</a>.</p> @@ -783,7 +782,7 @@ ossl_ssl_set_hostname(VALUE self, VALUE arg) <div class="method-heading"> <span class="method-callseq"> - npn_protocol → String + npn_protocol → String | nil </span> <span class="method-click-advice">click to toggle source</span> @@ -948,7 +947,7 @@ ossl_ssl_get_peer_cert_chain(VALUE self) <div class="method-description"> - <p>The number of bytes that are immediately available for reading</p> + <p>The number of bytes that are immediately available for reading.</p> @@ -975,19 +974,21 @@ ossl_ssl_pending(VALUE self) <div id="method-i-post_connection_check" class="method-detail "> + <div class="method-heading"> - <span class="method-name">post_connection_check</span><span - class="method-args">(hostname)</span> + <span class="method-callseq"> + post_connection_check(hostname) → true + </span> <span class="method-click-advice">click to toggle source</span> </div> + <div class="method-description"> - <p>Perform hostname verification after an <a href="../SSL.html">SSL</a> -connection is established</p> + <p>Perform hostname verification following RFC 6125.</p> <p>This method MUST be called after calling <a href="SSLSocket.html#method-i-connect">connect</a> to ensure that the @@ -997,12 +998,12 @@ hostname of a remote peer has been verified.</p> <div class="method-source-code" id="post_connection_check-source"> - <pre><span class="ruby-comment"># File lib/openssl/ssl.rb, line 288</span> + <pre><span class="ruby-comment"># File lib/openssl/ssl.rb, line 296</span> <span class="ruby-keyword">def</span> <span class="ruby-identifier">post_connection_check</span>(<span class="ruby-identifier">hostname</span>) <span class="ruby-keyword">if</span> <span class="ruby-identifier">peer_cert</span>.<span class="ruby-identifier">nil?</span> <span class="ruby-identifier">msg</span> = <span class="ruby-string">"Peer verification enabled, but no certificate received."</span> <span class="ruby-keyword">if</span> <span class="ruby-identifier">using_anon_cipher?</span> - <span class="ruby-identifier">msg</span> <span class="ruby-operator">+=</span> <span class="ruby-node">" Anonymous cipher suite #{cipher[0]} was negotiated. Anonymous suites must be disabled to use peer verification."</span> + <span class="ruby-identifier">msg</span> <span class="ruby-operator">+=</span> <span class="ruby-node">" Anonymous cipher suite #{cipher[0]} was negotiated. "</span> <span class="ruby-string">"Anonymous suites must be disabled to use peer verification."</span> <span class="ruby-keyword">end</span> <span class="ruby-identifier">raise</span> <span class="ruby-constant">SSLError</span>, <span class="ruby-identifier">msg</span> <span class="ruby-keyword">end</span> @@ -1024,24 +1025,28 @@ hostname of a remote peer has been verified.</p> <div id="method-i-session" class="method-detail "> + <div class="method-heading"> - <span class="method-name">session</span><span - class="method-args">()</span> + <span class="method-callseq"> + session → aSession + </span> <span class="method-click-advice">click to toggle source</span> </div> + <div class="method-description"> - + <p>Returns the SSLSession object currently used, or nil if the session is not +established.</p> <div class="method-source-code" id="session-source"> - <pre><span class="ruby-comment"># File lib/openssl/ssl.rb, line 303</span> + <pre><span class="ruby-comment"># File lib/openssl/ssl.rb, line 317</span> <span class="ruby-keyword">def</span> <span class="ruby-identifier">session</span> <span class="ruby-constant">SSL</span><span class="ruby-operator">::</span><span class="ruby-constant">Session</span>.<span class="ruby-identifier">new</span>(<span class="ruby-keyword">self</span>) <span class="ruby-keyword">rescue</span> <span class="ruby-constant">SSL</span><span class="ruby-operator">::</span><span class="ruby-constant">Session</span><span class="ruby-operator">::</span><span class="ruby-constant">SessionError</span> @@ -1203,7 +1208,8 @@ ossl_ssl_get_version(VALUE self) <div class="method-description"> - <p>A description of the current connection state.</p> + <p>A description of the current connection state. This is for diagnostic +purposes only.</p> @@ -1261,7 +1267,7 @@ closed.</p> <div class="method-source-code" id="sysclose-source"> - <pre><span class="ruby-comment"># File lib/openssl/ssl.rb, line 277</span> + <pre><span class="ruby-comment"># File lib/openssl/ssl.rb, line 283</span> <span class="ruby-keyword">def</span> <span class="ruby-identifier">sysclose</span> <span class="ruby-keyword">return</span> <span class="ruby-keyword">if</span> <span class="ruby-identifier">closed?</span> <span class="ruby-identifier">stop</span> @@ -1376,7 +1382,7 @@ ossl_ssl_write(VALUE self, VALUE str) <div class="method-description"> - <p>Returns the ephemeral key used in case of forward secrecy cipher</p> + <p>Returns the ephemeral key used in case of forward secrecy cipher.</p> diff --git a/OpenSSL/SSL/Session.html b/OpenSSL/SSL/Session.html index a1bee899..8b47ad3f 100644 --- a/OpenSSL/SSL/Session.html +++ b/OpenSSL/SSL/Session.html @@ -129,22 +129,26 @@ <div class="method-heading"> <span class="method-callseq"> - new(SSLSocket | string) → session + new(ssl_socket) → Session </span> <span class="method-click-advice">click to toggle source</span> </div> + <div class="method-heading"> + <span class="method-callseq"> + new(string) → Session + </span> + + </div> + <div class="method-description"> - <h3 id="method-c-new-label-Parameters">Parameters<span><a href="#method-c-new-label-Parameters">¶</a> <a href="#top">↑</a></span></h3> - -<p><code>SSLSocket</code> is an <a -href="SSLSocket.html">OpenSSL::SSL::SSLSocket</a> <code>string</code> must -be a DER or PEM encoded <a href="Session.html">Session</a>.</p> + <p>Creates a new <a href="Session.html">Session</a> object from an instance of +<a href="SSLSocket.html">SSLSocket</a> or DER/PEM encoded String.</p> @@ -222,7 +226,8 @@ be a DER or PEM encoded <a href="Session.html">Session</a>.</p> <div class="method-description"> - + <p>Returns true if the two <a href="Session.html">Session</a> is the same, +false if not.</p> @@ -255,7 +260,7 @@ be a DER or PEM encoded <a href="Session.html">Session</a>.</p> <div class="method-heading"> <span class="method-callseq"> - id → aString + id → String </span> <span class="method-click-advice">click to toggle source</span> @@ -310,7 +315,7 @@ be a DER or PEM encoded <a href="Session.html">Session</a>.</p> <div class="method-description"> - <p>Gets start time of the session.</p> + <p>Returns the time at which the session was established.</p> @@ -345,7 +350,7 @@ be a DER or PEM encoded <a href="Session.html">Session</a>.</p> <div class="method-heading"> <span class="method-callseq"> - time=(Time) → Time + time = time </span> <span class="method-click-advice">click to toggle source</span> @@ -354,7 +359,7 @@ be a DER or PEM encoded <a href="Session.html">Session</a>.</p> <div class="method-heading"> <span class="method-callseq"> - time=(integer) → Time + time = integer </span> </div> @@ -397,7 +402,7 @@ be a DER or PEM encoded <a href="Session.html">Session</a>.</p> <div class="method-heading"> <span class="method-callseq"> - timeout → integer + timeout → Integer </span> <span class="method-click-advice">click to toggle source</span> @@ -408,7 +413,8 @@ be a DER or PEM encoded <a href="Session.html">Session</a>.</p> <div class="method-description"> - <p>Gets how long until the session expires in seconds.</p> + <p>Returns the timeout value set for the session, in seconds from the +established time.</p> @@ -440,7 +446,7 @@ be a DER or PEM encoded <a href="Session.html">Session</a>.</p> <div class="method-heading"> <span class="method-callseq"> - timeout=(integer) → integer + timeout = integer </span> <span class="method-click-advice">click to toggle source</span> @@ -482,7 +488,7 @@ be a DER or PEM encoded <a href="Session.html">Session</a>.</p> <div class="method-heading"> <span class="method-callseq"> - to_der → aString + to_der → String </span> <span class="method-click-advice">click to toggle source</span> @@ -603,7 +609,8 @@ href="Session.html">Session</a> object.</p> <div class="method-description"> - <p>Shows everything in the <a href="Session.html">Session</a> object.</p> + <p>Shows everything in the <a href="Session.html">Session</a> object. This is +for diagnostic purposes.</p> diff --git a/OpenSSL/SSL/SocketForwarder.html b/OpenSSL/SSL/SocketForwarder.html index ef67b73f..72fda115 100644 --- a/OpenSSL/SSL/SocketForwarder.html +++ b/OpenSSL/SSL/SocketForwarder.html @@ -130,7 +130,7 @@ <div class="method-source-code" id="addr-source"> - <pre><span class="ruby-comment"># File lib/openssl/ssl.rb, line 141</span> + <pre><span class="ruby-comment"># File lib/openssl/ssl.rb, line 144</span> <span class="ruby-keyword">def</span> <span class="ruby-identifier">addr</span> <span class="ruby-identifier">to_io</span>.<span class="ruby-identifier">addr</span> <span class="ruby-keyword">end</span></pre> @@ -163,7 +163,7 @@ <div class="method-source-code" id="closed-3F-source"> - <pre><span class="ruby-comment"># File lib/openssl/ssl.rb, line 161</span> + <pre><span class="ruby-comment"># File lib/openssl/ssl.rb, line 164</span> <span class="ruby-keyword">def</span> <span class="ruby-identifier">closed?</span> <span class="ruby-identifier">to_io</span>.<span class="ruby-identifier">closed?</span> <span class="ruby-keyword">end</span></pre> @@ -196,7 +196,7 @@ <div class="method-source-code" id="do_not_reverse_lookup-3D-source"> - <pre><span class="ruby-comment"># File lib/openssl/ssl.rb, line 165</span> + <pre><span class="ruby-comment"># File lib/openssl/ssl.rb, line 168</span> <span class="ruby-keyword">def</span> <span class="ruby-identifier">do_not_reverse_lookup=</span>(<span class="ruby-identifier">flag</span>) <span class="ruby-identifier">to_io</span>.<span class="ruby-identifier">do_not_reverse_lookup</span> = <span class="ruby-identifier">flag</span> <span class="ruby-keyword">end</span></pre> @@ -229,7 +229,7 @@ <div class="method-source-code" id="fcntl-source"> - <pre><span class="ruby-comment"># File lib/openssl/ssl.rb, line 157</span> + <pre><span class="ruby-comment"># File lib/openssl/ssl.rb, line 160</span> <span class="ruby-keyword">def</span> <span class="ruby-identifier">fcntl</span>(<span class="ruby-operator">*</span><span class="ruby-identifier">args</span>) <span class="ruby-identifier">to_io</span>.<span class="ruby-identifier">fcntl</span>(<span class="ruby-operator">*</span><span class="ruby-identifier">args</span>) <span class="ruby-keyword">end</span></pre> @@ -262,7 +262,7 @@ <div class="method-source-code" id="getsockopt-source"> - <pre><span class="ruby-comment"># File lib/openssl/ssl.rb, line 153</span> + <pre><span class="ruby-comment"># File lib/openssl/ssl.rb, line 156</span> <span class="ruby-keyword">def</span> <span class="ruby-identifier">getsockopt</span>(<span class="ruby-identifier">level</span>, <span class="ruby-identifier">optname</span>) <span class="ruby-identifier">to_io</span>.<span class="ruby-identifier">getsockopt</span>(<span class="ruby-identifier">level</span>, <span class="ruby-identifier">optname</span>) <span class="ruby-keyword">end</span></pre> @@ -295,7 +295,7 @@ <div class="method-source-code" id="peeraddr-source"> - <pre><span class="ruby-comment"># File lib/openssl/ssl.rb, line 145</span> + <pre><span class="ruby-comment"># File lib/openssl/ssl.rb, line 148</span> <span class="ruby-keyword">def</span> <span class="ruby-identifier">peeraddr</span> <span class="ruby-identifier">to_io</span>.<span class="ruby-identifier">peeraddr</span> <span class="ruby-keyword">end</span></pre> @@ -328,7 +328,7 @@ <div class="method-source-code" id="setsockopt-source"> - <pre><span class="ruby-comment"># File lib/openssl/ssl.rb, line 149</span> + <pre><span class="ruby-comment"># File lib/openssl/ssl.rb, line 152</span> <span class="ruby-keyword">def</span> <span class="ruby-identifier">setsockopt</span>(<span class="ruby-identifier">level</span>, <span class="ruby-identifier">optname</span>, <span class="ruby-identifier">optval</span>) <span class="ruby-identifier">to_io</span>.<span class="ruby-identifier">setsockopt</span>(<span class="ruby-identifier">level</span>, <span class="ruby-identifier">optname</span>, <span class="ruby-identifier">optval</span>) <span class="ruby-keyword">end</span></pre> diff --git a/OpenSSL/X509/Store.html b/OpenSSL/X509/Store.html index 6da89db2..0319a23f 100644 --- a/OpenSSL/X509/Store.html +++ b/OpenSSL/X509/Store.html @@ -119,11 +119,11 @@ certificates used to verify peer certificates.</p> <p>This will use your system's built-in certificates.</p> <p>If your system does not have a default set of certificates you can obtain a -set from Mozilla here: <a -href="http://curl.haxx.se/docs/caextract.html">curl.haxx.se/docs/caextract.html</a> -(Note that this set does not have an HTTPS download option so you may wish -to use the firefox-db2pem.sh script to extract the certificates from a -local install to avoid man-in-the-middle attacks.)</p> +set extracted from Mozilla CA certificate store by cURL maintainers here: +<a +href="https://curl.haxx.se/docs/caextract.html">curl.haxx.se/docs/caextract.html</a> +(You may wish to use the firefox-db2pem.sh script to extract the +certificates from a local install to avoid man-in-the-middle attacks.)</p> <p>After downloading or generating a cacert.pem from the above link you can create a certificate store from the pem file like this:</p> @@ -135,6 +135,7 @@ create a certificate store from the pem file like this:</p> <p>The certificate store can be used with an SSLSocket like this:</p> <pre class="ruby"><span class="ruby-identifier">ssl_context</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">SSL</span><span class="ruby-operator">::</span><span class="ruby-constant">SSLContext</span>.<span class="ruby-identifier">new</span> +<span class="ruby-identifier">ssl_context</span>.<span class="ruby-identifier">verify_mode</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">SSL</span><span class="ruby-operator">::</span><span class="ruby-constant">VERIFY_PEER</span> <span class="ruby-identifier">ssl_context</span>.<span class="ruby-identifier">cert_store</span> = <span class="ruby-identifier">cert_store</span> <span class="ruby-identifier">tcp_socket</span> = <span class="ruby-constant">TCPSocket</span>.<span class="ruby-identifier">open</span> <span class="ruby-string">'example.com'</span>, <span class="ruby-value">443</span> @@ -169,7 +170,8 @@ create a certificate store from the pem file like this:</p> <div class="method-description"> - + <p>The certificate chain constructed by the last call of <a +href="Store.html#method-i-verify">verify</a>.</p> </div> </div> @@ -182,7 +184,8 @@ create a certificate store from the pem file like this:</p> <div class="method-description"> - + <p>The error code set by the last call of <a +href="Store.html#method-i-verify">verify</a>.</p> </div> </div> @@ -195,7 +198,8 @@ create a certificate store from the pem file like this:</p> <div class="method-description"> - + <p>The description for the error code set by the last call of <a +href="Store.html#method-i-verify">verify</a>.</p> </div> </div> @@ -208,7 +212,13 @@ create a certificate store from the pem file like this:</p> <div class="method-description"> - + <p>The callback for additional certificate verification. It is invoked for +each untrusted certificate in the chain.</p> + +<p>The callback is invoked with two values, a boolean that indicates if the +pre-verification by <a href="../../OpenSSL.html">OpenSSL</a> has succeeded +or not, and the <a href="StoreContext.html">StoreContext</a> in use. The +callback must return either true or false.</p> </div> </div> @@ -239,7 +249,7 @@ create a certificate store from the pem file like this:</p> <div class="method-description"> - + <p>Creates a new <a href="Store.html">X509::Store</a>.</p> @@ -334,18 +344,22 @@ ossl_x509store_add_cert(VALUE self, VALUE arg) <div id="method-i-add_crl" class="method-detail "> + <div class="method-heading"> - <span class="method-name">add_crl</span><span - class="method-args">(p1)</span> + <span class="method-callseq"> + add_crl(crl) → self + </span> <span class="method-click-advice">click to toggle source</span> </div> + <div class="method-description"> - + <p>Adds the <a href="CRL.html">OpenSSL::X509::CRL</a> <code>crl</code> to the +store.</p> @@ -380,7 +394,7 @@ ossl_x509store_add_crl(VALUE self, VALUE arg) <div class="method-heading"> <span class="method-callseq"> - add_file(file) → store + add_file(file) → self </span> <span class="method-click-advice">click to toggle source</span> @@ -430,18 +444,21 @@ ossl_x509store_add_file(VALUE self, VALUE file) <div id="method-i-add_path" class="method-detail "> + <div class="method-heading"> - <span class="method-name">add_path</span><span - class="method-args">(p1)</span> + <span class="method-callseq"> + add_path(path) → self + </span> <span class="method-click-advice">click to toggle source</span> </div> + <div class="method-description"> - + <p>Adds <code>path</code> as the hash dir to be looked up by the store.</p> @@ -479,18 +496,23 @@ ossl_x509store_add_path(VALUE self, VALUE dir) <div id="method-i-flags-3D" class="method-detail "> + <div class="method-heading"> - <span class="method-name">flags=</span><span - class="method-args">(p1)</span> + <span class="method-callseq"> + flags = flag + </span> <span class="method-click-advice">click to toggle source</span> </div> + <div class="method-description"> - + <p>Sets <code>flag</code> to the <a href="Store.html">Store</a>. +<code>flag</code> consists of zero or more of the constants defined in with +name V_FLAG_* or'ed together.</p> @@ -519,18 +541,43 @@ ossl_x509store_set_flags(VALUE self, VALUE flags) <div id="method-i-purpose-3D" class="method-detail "> + <div class="method-heading"> - <span class="method-name">purpose=</span><span - class="method-args">(p1)</span> + <span class="method-callseq"> + purpose = purpose + </span> <span class="method-click-advice">click to toggle source</span> </div> + <div class="method-description"> - + <p>Sets the store's purpose to <code>purpose</code>. If specified, the +verifications on the store will check every untrusted certificate's +extensions are consistent with the purpose. The purpose is specified by +constants:</p> +<ul><li> +<p>X509::PURPOSE_SSL_CLIENT</p> +</li><li> +<p>X509::PURPOSE_SSL_SERVER</p> +</li><li> +<p>X509::PURPOSE_NS_SSL_SERVER</p> +</li><li> +<p>X509::PURPOSE_SMIME_SIGN</p> +</li><li> +<p>X509::PURPOSE_SMIME_ENCRYPT</p> +</li><li> +<p>X509::PURPOSE_CRL_SIGN</p> +</li><li> +<p>X509::PURPOSE_ANY</p> +</li><li> +<p>X509::PURPOSE_OCSP_HELPER</p> +</li><li> +<p>X509::PURPOSE_TIMESTAMP_SIGN</p> +</li></ul> @@ -573,12 +620,14 @@ ossl_x509store_set_purpose(VALUE self, VALUE purpose) <div class="method-description"> - <p>Adds the default certificates to the certificate store. These certificates -are loaded from the default configuration directory which can usually be -determined by:</p> - -<pre class="ruby"><span class="ruby-constant">File</span>.<span class="ruby-identifier">dirname</span> <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">Config</span><span class="ruby-operator">::</span><span class="ruby-constant">DEFAULT_CONFIG_FILE</span> -</pre> + <p>Configures <code>store</code> to look up CA certificates from the system +default certificate store as needed basis. The location of the store can +usually be determined by:</p> +<ul><li> +<p>OpenSSL::X509::DEFAULT_CERT_FILE</p> +</li><li> +<p>OpenSSL::X509::DEFAULT_CERT_DIR</p> +</li></ul> @@ -608,18 +657,21 @@ ossl_x509store_set_default_paths(VALUE self) <div id="method-i-time-3D" class="method-detail "> + <div class="method-heading"> - <span class="method-name">time=</span><span - class="method-args">(p1)</span> + <span class="method-callseq"> + time = time + </span> <span class="method-click-advice">click to toggle source</span> </div> + <div class="method-description"> - + <p>Sets the time to be used in verifications.</p> @@ -643,14 +695,17 @@ ossl_x509store_set_time(VALUE self, VALUE time) <div id="method-i-trust-3D" class="method-detail "> + <div class="method-heading"> - <span class="method-name">trust=</span><span - class="method-args">(p1)</span> + <span class="method-callseq"> + trust = trust + </span> <span class="method-click-advice">click to toggle source</span> </div> + <div class="method-description"> @@ -683,18 +738,35 @@ ossl_x509store_set_trust(VALUE self, VALUE trust) <div id="method-i-verify" class="method-detail "> + <div class="method-heading"> - <span class="method-name">verify</span><span - class="method-args">(p1, p2 = v2)</span> + <span class="method-callseq"> + verify(cert, chain = nil) → true | false + </span> <span class="method-click-advice">click to toggle source</span> </div> + <div class="method-description"> - + <p>Performs a certificate verification on the <a +href="Certificate.html">OpenSSL::X509::Certificate</a> <code>cert</code>.</p> + +<p><code>chain</code> can be an array of <a +href="Certificate.html">OpenSSL::X509::Certificate</a> that is used to +construct the certificate chain.</p> + +<p>If a block is given, it overrides the callback set by <a +href="Store.html#method-i-verify_callback-3D">verify_callback=</a>.</p> + +<p>After finishing the verification, the error information can be retrieved by +<a href="Store.html#attribute-i-error">error</a>, <a +href="Store.html#attribute-i-error_string">error_string</a>, and the +resuting complete certificate chain can be retrieved by <a +href="Store.html#attribute-i-chain">chain</a>.</p> diff --git a/OpenSSL/X509/StoreContext.html b/OpenSSL/X509/StoreContext.html index 65523cc6..29423ceb 100644 --- a/OpenSSL/X509/StoreContext.html +++ b/OpenSSL/X509/StoreContext.html @@ -70,8 +70,34 @@ <ul class="link-list" role="directory"> + <li ><a href="#method-c-new">::new</a> + + <li ><a href="#method-i-chain">#chain</a> + <li ><a href="#method-i-cleanup">#cleanup</a> + <li ><a href="#method-i-current_cert">#current_cert</a> + + <li ><a href="#method-i-current_crl">#current_crl</a> + + <li ><a href="#method-i-error">#error</a> + + <li ><a href="#method-i-error-3D">#error=</a> + + <li ><a href="#method-i-error_depth">#error_depth</a> + + <li ><a href="#method-i-error_string">#error_string</a> + + <li ><a href="#method-i-flags-3D">#flags=</a> + + <li ><a href="#method-i-purpose-3D">#purpose=</a> + + <li ><a href="#method-i-time-3D">#time=</a> + + <li ><a href="#method-i-trust-3D">#trust=</a> + + <li ><a href="#method-i-verify">#verify</a> + </ul> </div> @@ -85,6 +111,9 @@ <section class="description"> +<p>A <a href="StoreContext.html">StoreContext</a> is used while validating a +single certificate and holds the status involved.</p> + </section> @@ -100,12 +129,134 @@ + <section id="public-class-5Buntitled-5D-method-details" class="method-section"> + <header> + <h3>Public Class Methods</h3> + </header> + + + <div id="method-c-new" class="method-detail "> + + + <div class="method-heading"> + <span class="method-callseq"> + new(store, cert = nil, chain = nil) + </span> + + <span class="method-click-advice">click to toggle source</span> + + </div> + + + + <div class="method-description"> + + + + + + + <div class="method-source-code" id="new-source"> + <pre>static VALUE +ossl_x509stctx_initialize(int argc, VALUE *argv, VALUE self) +{ + VALUE store, cert, chain, t; + X509_STORE_CTX *ctx; + X509_STORE *x509st; + X509 *x509 = NULL; + STACK_OF(X509) *x509s = NULL; + + rb_scan_args(argc, argv, "12", &store, &cert, &chain); + GetX509StCtx(self, ctx); + SafeGetX509Store(store, x509st); + if(!NIL_P(cert)) x509 = DupX509CertPtr(cert); /* NEED TO DUP */ + if(!NIL_P(chain)) x509s = ossl_x509_ary2sk(chain); + if(X509_STORE_CTX_init(ctx, x509st, x509, x509s) != 1){ + sk_X509_pop_free(x509s, X509_free); + ossl_raise(eX509StoreError, NULL); + } + if (!NIL_P(t = rb_iv_get(store, "@time"))) + ossl_x509stctx_set_time(self, t); + rb_iv_set(self, "@verify_callback", rb_iv_get(store, "@verify_callback")); + rb_iv_set(self, "@cert", cert); + + return self; +}</pre> + </div> + + </div> + + + + + </div> + + + </section> + <section id="public-instance-5Buntitled-5D-method-details" class="method-section"> <header> <h3>Public Instance Methods</h3> </header> + <div id="method-i-chain" class="method-detail "> + + + <div class="method-heading"> + <span class="method-callseq"> + chain → Array of X509::Certificate + </span> + + <span class="method-click-advice">click to toggle source</span> + + </div> + + + + <div class="method-description"> + + + + + + + <div class="method-source-code" id="chain-source"> + <pre>static VALUE +ossl_x509stctx_get_chain(VALUE self) +{ + X509_STORE_CTX *ctx; + STACK_OF(X509) *chain; + X509 *x509; + int i, num; + VALUE ary; + + GetX509StCtx(self, ctx); + if((chain = X509_STORE_CTX_get0_chain(ctx)) == NULL){ + return Qnil; + } + if((num = sk_X509_num(chain)) < 0){ + OSSL_Debug("certs in chain < 0???"); + return rb_ary_new(); + } + ary = rb_ary_new2(num); + for(i = 0; i < num; i++) { + x509 = sk_X509_value(chain, i); + rb_ary_push(ary, ossl_x509_new(x509)); + } + + return ary; +}</pre> + </div> + + </div> + + + + + </div> + + <div id="method-i-cleanup" class="method-detail "> <div class="method-heading"> @@ -139,6 +290,487 @@ </div> + <div id="method-i-current_cert" class="method-detail "> + + + <div class="method-heading"> + <span class="method-callseq"> + current_cert → X509::Certificate + </span> + + <span class="method-click-advice">click to toggle source</span> + + </div> + + + + <div class="method-description"> + + + + + + + <div class="method-source-code" id="current_cert-source"> + <pre>static VALUE +ossl_x509stctx_get_curr_cert(VALUE self) +{ + X509_STORE_CTX *ctx; + + GetX509StCtx(self, ctx); + + return ossl_x509_new(X509_STORE_CTX_get_current_cert(ctx)); +}</pre> + </div> + + </div> + + + + + </div> + + + <div id="method-i-current_crl" class="method-detail "> + + + <div class="method-heading"> + <span class="method-callseq"> + current_crl → X509::CRL + </span> + + <span class="method-click-advice">click to toggle source</span> + + </div> + + + + <div class="method-description"> + + + + + + + <div class="method-source-code" id="current_crl-source"> + <pre>static VALUE +ossl_x509stctx_get_curr_crl(VALUE self) +{ + X509_STORE_CTX *ctx; + X509_CRL *crl; + + GetX509StCtx(self, ctx); + crl = X509_STORE_CTX_get0_current_crl(ctx); + if (!crl) + return Qnil; + + return ossl_x509crl_new(crl); +}</pre> + </div> + + </div> + + + + + </div> + + + <div id="method-i-error" class="method-detail "> + + + <div class="method-heading"> + <span class="method-callseq"> + error → Integer + </span> + + <span class="method-click-advice">click to toggle source</span> + + </div> + + + + <div class="method-description"> + + + + + + + <div class="method-source-code" id="error-source"> + <pre>static VALUE +ossl_x509stctx_get_err(VALUE self) +{ + X509_STORE_CTX *ctx; + + GetX509StCtx(self, ctx); + + return INT2FIX(X509_STORE_CTX_get_error(ctx)); +}</pre> + </div> + + </div> + + + + + </div> + + + <div id="method-i-error-3D" class="method-detail "> + + + <div class="method-heading"> + <span class="method-callseq"> + error = error_code + </span> + + <span class="method-click-advice">click to toggle source</span> + + </div> + + + + <div class="method-description"> + + + + + + + <div class="method-source-code" id="error-3D-source"> + <pre>static VALUE +ossl_x509stctx_set_error(VALUE self, VALUE err) +{ + X509_STORE_CTX *ctx; + + GetX509StCtx(self, ctx); + X509_STORE_CTX_set_error(ctx, NUM2INT(err)); + + return err; +}</pre> + </div> + + </div> + + + + + </div> + + + <div id="method-i-error_depth" class="method-detail "> + + + <div class="method-heading"> + <span class="method-callseq"> + error_depth → Integer + </span> + + <span class="method-click-advice">click to toggle source</span> + + </div> + + + + <div class="method-description"> + + + + + + + <div class="method-source-code" id="error_depth-source"> + <pre>static VALUE +ossl_x509stctx_get_err_depth(VALUE self) +{ + X509_STORE_CTX *ctx; + + GetX509StCtx(self, ctx); + + return INT2FIX(X509_STORE_CTX_get_error_depth(ctx)); +}</pre> + </div> + + </div> + + + + + </div> + + + <div id="method-i-error_string" class="method-detail "> + + + <div class="method-heading"> + <span class="method-callseq"> + error_string → String + </span> + + <span class="method-click-advice">click to toggle source</span> + + </div> + + + + <div class="method-description"> + + <p>Returns the error string corresponding to the error code retrieved by <a +href="StoreContext.html#method-i-error">error</a>.</p> + + + + + <div class="method-source-code" id="error_string-source"> + <pre>static VALUE +ossl_x509stctx_get_err_string(VALUE self) +{ + X509_STORE_CTX *ctx; + long err; + + GetX509StCtx(self, ctx); + err = X509_STORE_CTX_get_error(ctx); + + return rb_str_new2(X509_verify_cert_error_string(err)); +}</pre> + </div> + + </div> + + + + + </div> + + + <div id="method-i-flags-3D" class="method-detail "> + + + <div class="method-heading"> + <span class="method-callseq"> + flags = flags + </span> + + <span class="method-click-advice">click to toggle source</span> + + </div> + + + + <div class="method-description"> + + <p>Sets the verification flags to the context. See <a +href="Store.html#method-i-flags-3D">OpenSSL::X509::Store#flags=</a>.</p> + + + + + <div class="method-source-code" id="flags-3D-source"> + <pre>static VALUE +ossl_x509stctx_set_flags(VALUE self, VALUE flags) +{ + X509_STORE_CTX *store; + long f = NUM2LONG(flags); + + GetX509StCtx(self, store); + X509_STORE_CTX_set_flags(store, f); + + return flags; +}</pre> + </div> + + </div> + + + + + </div> + + + <div id="method-i-purpose-3D" class="method-detail "> + + + <div class="method-heading"> + <span class="method-callseq"> + purpose = purpose + </span> + + <span class="method-click-advice">click to toggle source</span> + + </div> + + + + <div class="method-description"> + + <p>Sets the purpose of the context. See <a +href="Store.html#method-i-purpose-3D">OpenSSL::X509::Store#purpose=</a>.</p> + + + + + <div class="method-source-code" id="purpose-3D-source"> + <pre>static VALUE +ossl_x509stctx_set_purpose(VALUE self, VALUE purpose) +{ + X509_STORE_CTX *store; + int p = NUM2INT(purpose); + + GetX509StCtx(self, store); + X509_STORE_CTX_set_purpose(store, p); + + return purpose; +}</pre> + </div> + + </div> + + + + + </div> + + + <div id="method-i-time-3D" class="method-detail "> + + + <div class="method-heading"> + <span class="method-callseq"> + time = time + </span> + + <span class="method-click-advice">click to toggle source</span> + + </div> + + + + <div class="method-description"> + + <p>Sets the time used in the verification. If not set, the current time is +used.</p> + + + + + <div class="method-source-code" id="time-3D-source"> + <pre>static VALUE +ossl_x509stctx_set_time(VALUE self, VALUE time) +{ + X509_STORE_CTX *store; + long t; + + t = NUM2LONG(rb_Integer(time)); + GetX509StCtx(self, store); + X509_STORE_CTX_set_time(store, 0, t); + + return time; +}</pre> + </div> + + </div> + + + + + </div> + + + <div id="method-i-trust-3D" class="method-detail "> + + + <div class="method-heading"> + <span class="method-callseq"> + trust = trust + </span> + + <span class="method-click-advice">click to toggle source</span> + + </div> + + + + <div class="method-description"> + + + + + + + <div class="method-source-code" id="trust-3D-source"> + <pre>static VALUE +ossl_x509stctx_set_trust(VALUE self, VALUE trust) +{ + X509_STORE_CTX *store; + int t = NUM2INT(trust); + + GetX509StCtx(self, store); + X509_STORE_CTX_set_trust(store, t); + + return trust; +}</pre> + </div> + + </div> + + + + + </div> + + + <div id="method-i-verify" class="method-detail "> + + + <div class="method-heading"> + <span class="method-callseq"> + verify → true | false + </span> + + <span class="method-click-advice">click to toggle source</span> + + </div> + + + + <div class="method-description"> + + + + + + + <div class="method-source-code" id="verify-source"> + <pre>static VALUE +ossl_x509stctx_verify(VALUE self) +{ + X509_STORE_CTX *ctx; + + GetX509StCtx(self, ctx); + X509_STORE_CTX_set_ex_data(ctx, ossl_store_ctx_ex_verify_cb_idx, + (void *)rb_iv_get(self, "@verify_callback")); + + switch (X509_verify_cert(ctx)) { + case 1: + return Qtrue; + case 0: + ossl_clear_error(); + return Qfalse; + default: + ossl_raise(eX509CertError, NULL); + } +}</pre> + </div> + + </div> + + + + + </div> + + </section> </section> |