aboutsummaryrefslogtreecommitdiffstats
path: root/ext/openssl/ossl_ssl.c
diff options
context:
space:
mode:
Diffstat (limited to 'ext/openssl/ossl_ssl.c')
-rw-r--r--ext/openssl/ossl_ssl.c55
1 files changed, 55 insertions, 0 deletions
diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c
index 2af2fc0824..c4ed30591c 100644
--- a/ext/openssl/ossl_ssl.c
+++ b/ext/openssl/ossl_ssl.c
@@ -963,6 +963,59 @@ ossl_sslctx_set_ciphers(VALUE self, VALUE v)
}
/*
+ * call-seq:
+ * ctx.security_level => 0, .., 5
+ *
+ * The security level for this context. This is new in OpenSSL 1.1.0 and
+ * always returns 0 if using older OpenSSL.
+ */
+static VALUE
+ossl_sslctx_get_security_level(VALUE self)
+{
+ SSL_CTX *ctx;
+ int i;
+
+ GetSSLCTX(self, ctx);
+ if (!ctx) {
+ rb_warning("SSL_CTX is not initialized.");
+ return Qnil;
+ }
+
+#if defined(HAVE_SSL_CTX_GET_SECURITY_LEVEL)
+ i = SSL_CTX_get_security_level(ctx);
+#else
+ i = 0;
+#endif
+ return INT2FIX(i);
+}
+
+/*
+ * call-seq:
+ * ctx.security_level = 0
+ * ctx.security_level = 5
+ *
+ * Sets the security level for this context. This is new in OpenSSL 1.1.0 and
+ * no-op if using older OpenSSL.
+ */
+static VALUE
+ossl_sslctx_set_security_level(VALUE self, VALUE v)
+{
+ SSL_CTX *ctx;
+
+ rb_check_frozen(self);
+
+ GetSSLCTX(self, ctx);
+ if (!ctx)
+ ossl_raise(eSSLError, "SSL_CTX is not initialized.");
+
+#if defined(HAVE_SSL_CTX_GET_SECURITY_LEVEL)
+ SSL_CTX_set_security_level(ctx, NUM2INT(v));
+#endif
+
+ return v;
+}
+
+/*
* call-seq:
* ctx.session_add(session) -> true | false
*
@@ -2230,6 +2283,8 @@ Init_ossl_ssl(void)
rb_define_method(cSSLContext, "ssl_version=", ossl_sslctx_set_ssl_version, 1);
rb_define_method(cSSLContext, "ciphers", ossl_sslctx_get_ciphers, 0);
rb_define_method(cSSLContext, "ciphers=", ossl_sslctx_set_ciphers, 1);
+ rb_define_method(cSSLContext, "security_level", ossl_sslctx_get_security_level, 0);
+ rb_define_method(cSSLContext, "security_level=", ossl_sslctx_set_security_level, 1);
rb_define_method(cSSLContext, "setup", ossl_sslctx_setup, 0);