Module: Falcon::Environment::TLS
- Defined in:
- lib/falcon/environment/tls.rb
Overview
Provides an environment that exposes a TLS context for hosting a secure web application.
Instance Method Summary collapse
-
#ssl_certificate ⇒ Object
The main certificate.
-
#ssl_certificate_chain ⇒ Object
The certificate chain.
-
#ssl_certificate_path ⇒ Object
The public certificate path.
-
#ssl_certificates ⇒ Object
The list of certificates loaded from that path.
-
#ssl_ciphers ⇒ Object
The supported ciphers.
-
#ssl_context ⇒ Object
The SSL context to use for incoming connections.
-
#ssl_private_key ⇒ Object
The private key.
-
#ssl_private_key_path ⇒ Object
The private key path.
-
#ssl_session_id ⇒ Object
The default session identifier for the session cache.
Instance Method Details
#ssl_certificate ⇒ Object
The main certificate.
39 40 41 |
# File 'lib/falcon/environment/tls.rb', line 39 def ssl_certificate ssl_certificates[0] end |
#ssl_certificate_chain ⇒ Object
The certificate chain.
45 46 47 |
# File 'lib/falcon/environment/tls.rb', line 45 def ssl_certificate_chain ssl_certificates[1..-1] end |
#ssl_certificate_path ⇒ Object
The public certificate path.
27 28 29 |
# File 'lib/falcon/environment/tls.rb', line 27 def ssl_certificate_path File.("ssl/certificate.pem", root) end |
#ssl_certificates ⇒ Object
The list of certificates loaded from that path.
33 34 35 |
# File 'lib/falcon/environment/tls.rb', line 33 def ssl_certificates OpenSSL::X509::Certificate.load_file(ssl_certificate_path) end |
#ssl_ciphers ⇒ Object
The supported ciphers.
21 22 23 |
# File 'lib/falcon/environment/tls.rb', line 21 def ssl_ciphers Falcon::TLS::SERVER_CIPHERS end |
#ssl_context ⇒ Object
The SSL context to use for incoming connections.
63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 |
# File 'lib/falcon/environment/tls.rb', line 63 def ssl_context OpenSSL::SSL::SSLContext.new.tap do |context| context.add_certificate(ssl_certificate, ssl_private_key, ssl_certificate_chain) context.session_cache_mode = OpenSSL::SSL::SSLContext::SESSION_CACHE_CLIENT context.session_id_context = ssl_session_id context.alpn_select_cb = lambda do |protocols| if protocols.include? "h2" return "h2" elsif protocols.include? "http/1.1" return "http/1.1" elsif protocols.include? "http/1.0" return "http/1.0" else return nil end end # TODO Ruby 2.4 requires using ssl_version. context.ssl_version = :TLSv1_2_server context.set_params( ciphers: ssl_ciphers, verify_mode: OpenSSL::SSL::VERIFY_NONE, ) context.setup end end |
#ssl_private_key ⇒ Object
The private key.
57 58 59 |
# File 'lib/falcon/environment/tls.rb', line 57 def ssl_private_key OpenSSL::PKey::RSA.new(File.read(ssl_private_key_path)) end |
#ssl_private_key_path ⇒ Object
The private key path.
51 52 53 |
# File 'lib/falcon/environment/tls.rb', line 51 def ssl_private_key_path File.("ssl/private.key", root) end |
#ssl_session_id ⇒ Object
The default session identifier for the session cache.
15 16 17 |
# File 'lib/falcon/environment/tls.rb', line 15 def ssl_session_id "falcon" end |