From 3eedf9156cf01751423a99ef2939ec81964155d2 Mon Sep 17 00:00:00 2001
From: aamine <aamine@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Sat, 6 Mar 2004 17:08:21 +0000
Subject: * lib/net/http.rb: spin off https code again. * lib/net/https.rb: new
 file. * ext/openssl/lib/net/https.rb: removed.  moved to net/https with
 modifications. * ext/openssl/lib/net/protocol.rb: removed.  merged with
 net/http. * lib/net/protocol.rb: new class BufferedIO. * lib/net/protocol.rb:
 InternetMessageIO < BufferedIO. * lib/net/protocol.rb: BufferedIO.new takes
 an IO. * lib/net/smtp.rb: follow InternetMessageIO's change. *
 lib/net/pop.rb: ditto.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@5908 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 lib/net/https.rb | 177 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 177 insertions(+)
 create mode 100644 lib/net/https.rb

(limited to 'lib/net/https.rb')

diff --git a/lib/net/https.rb b/lib/net/https.rb
new file mode 100644
index 0000000000..4200be3d62
--- /dev/null
+++ b/lib/net/https.rb
@@ -0,0 +1,177 @@
+=begin
+
+= $RCSfile$ -- SSL/TLS enhancement for Net::HTTP.
+
+== Info
+  'OpenSSL for Ruby 2' project
+  Copyright (C) 2001 GOTOU Yuuzou <gotoyuzo@notwork.org>
+  All rights reserved.
+
+== Licence
+  This program is licenced under the same licence as Ruby.
+  (See the file 'LICENCE'.)
+
+== Requirements
+  This program requires Net 1.2.0 or higher version.
+  You can get it from RAA or Ruby's CVS repository.
+
+== Version
+  $Id$
+  
+  2001-11-06: Contiributed to Ruby/OpenSSL project.
+  2004-03-06: Some code is merged in to net/http.
+
+== Example
+
+Here is a simple HTTP client:
+
+    require 'net/http'
+    require 'uri'
+
+    uri = URI.parse(ARGV[0] || 'http://localhost/')
+    http = Net::HTTP.new(uri.host, uri.port)
+    http.start {
+      http.request_get(uri.path) {|res|
+        print res.body
+      }
+    }
+
+It can be replaced by the following code:
+
+    require 'net/https'
+    require 'uri'
+
+    uri = URI.parse(ARGV[0] || 'https://localhost/')
+    http = Net::HTTP.new(uri.host, uri.port)
+    http.use_ssl = true if uri.scheme == "https"  # enable SSL/TLS
+    http.start {
+      http.request_get(uri.path) {|res|
+        print res.body
+      }
+    }
+
+== class Net::HTTP
+
+=== Instance Methods
+
+: use_ssl?
+    returns true if use SSL/TLS with HTTP.
+
+: use_ssl=((|true_or_false|))
+    sets use_ssl.
+
+: peer_cert
+    return the X.509 certificates the server presented.
+
+: key, key=((|key|))
+    Sets an OpenSSL::PKey::RSA or OpenSSL::PKey::DSA object.
+    (This method is appeared in Michal Rokos's OpenSSL extention.)
+
+: key_file, key_file=((|path|))
+    Sets a private key file to use in PEM format.
+
+: cert, cert=((|cert|))
+    Sets an OpenSSL::X509::Certificate object as client certificate
+    (This method is appeared in Michal Rokos's OpenSSL extention).
+
+: cert_file, cert_file=((|path|))
+    Sets pathname of a X.509 certification file in PEM format.
+
+: ca_file, ca_file=((|path|))
+    Sets path of a CA certification file in PEM format.
+    The file can contrain several CA certificats.
+
+: ca_path, ca_path=((|path|))
+    Sets path of a CA certification directory containing certifications
+    in PEM format.
+
+: verify_mode, verify_mode=((|mode|))
+    Sets the flags for server the certification verification at
+    begining of SSL/TLS session.
+    OpenSSL::SSL::VERIFY_NONE or OpenSSL::SSL::VERIFY_PEER is acceptable.
+
+: verify_callback, verify_callback=((|proc|))
+    Sets the verify callback for the server certification verification.
+
+: verify_depth, verify_depth=((|num|))
+    Sets the maximum depth for the certificate chain verification.
+
+: cert_store, cert_store=((|store|))
+    Sets the X509::Store to verify peer certificate.
+
+: ssl_timeout, ssl_timeout=((|sec|))
+    Sets the SSL timeout seconds.
+
+=end
+
+require 'net/http'
+require 'openssl'
+
+module Net
+
+  class HTTP
+    remove_method :use_ssl?
+    def use_ssl?
+      @use_ssl
+    end
+
+    alias use_ssl use_ssl?   # for backward compatibility
+
+    # Turn on/off SSL.
+    # This flag must be set before starting session.
+    # If you change use_ssl value after session started,
+    # a Net::HTTP object raises IOError.
+    def use_ssl=(flag)
+      flag = (flag ? true : false)
+      raise IOError, "use_ssl value changed but session already started" \
+          if started? and @use_ssl != flag
+      if flag and not @ssl_context
+        @ssl_context = OpenSSL::SSL::SSLContext.new
+      end
+      @use_ssl = flag
+    end
+
+    def self.ssl_context_accessor(name)
+      module_eval(<<-End, __FILE__, __LINE__ + 1)
+        def #{name}
+          return nil unless @ssl_context
+          @ssl_context.#{name}
+        end
+
+        def #{name}=(val)
+          @ssl_context ||= OpenSSL::SSL::SSLContext.new
+          @ssl_context.#{name} = val
+        end
+      End
+    end
+
+    ssl_context_accessor :key
+    ssl_context_accessor :cert
+    ssl_context_accessor :ca_file
+    ssl_context_accessor :ca_path
+    ssl_context_accessor :verify_mode
+    ssl_context_accessor :verify_callback
+    ssl_context_accessor :verify_depth
+    ssl_context_accessor :cert_store
+
+    def ssl_timeout
+      return nil unless @ssl_context
+      @ssl_context.timeout
+    end
+
+    def ssl_timeout=(sec)
+      raise ArgumentError, 'Net::HTTP#ssl_timeout= called but use_ssl=false' \
+          unless use_ssl?
+      @ssl_context ||= OpenSSL::SSL::SSLContext.new
+      @ssl_context.timeout = sec
+    end
+
+    alias timeout= ssl_timeout=   # for backward compatibility
+
+    def peer_cert
+      return nil if not use_ssl? or not @socket
+      @socket.io.peer_cert
+    end
+  end
+
+end
-- 
cgit v1.2.3