Module: Raktr::Connection::TLS
- Defined in:
- lib/raktr/connection/tls.rb
Overview
Constant Summary collapse
- CERTIFICATES =
{}
Instance Method Summary collapse
-
#_connect ⇒ Object
Performs an SSL handshake in addition to a plaintext connect operation.
-
#_read ⇒ Object
First checks if there’s a pending SSL #accept operation when this connection is a server handler which has been passed an accepted plaintext connection.
-
#_write(*args) ⇒ Object
First checks if there’s a pending SSL #accept operation when this connection is a server handler which has been passed an accepted plaintext connection.
-
#start_tls(options = {}) ⇒ Object
Converts the #socket to an SSL one.
Instance Method Details
#_connect ⇒ Object
Performs an SSL handshake in addition to a plaintext connect operation.
95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 |
# File 'lib/raktr/connection/tls.rb', line 95 def _connect return if @ssl_connected @plaintext_connected ||= super return if !@plaintext_connected # Mark the connection as not connected due to the pending SSL handshake. @connected = false @socket.connect_nonblock @ssl_connected = @connected = true rescue IO::WaitReadable, IO::WaitWritable, Errno::EINPROGRESS rescue => e close e end |
#_read ⇒ Object
First checks if there’s a pending SSL #accept operation when this connection is a server handler which has been passed an accepted plaintext connection.
127 128 129 130 131 132 |
# File 'lib/raktr/connection/tls.rb', line 127 def _read return ssl_accept if accept? super rescue OpenSSL::SSL::SSLErrorWaitReadable end |
#_write(*args) ⇒ Object
First checks if there’s a pending SSL #accept operation when this connection is a server handler which has been passed an accepted plaintext connection.
116 117 118 119 120 |
# File 'lib/raktr/connection/tls.rb', line 116 def _write( *args ) return ssl_accept if accept? super( *args ) end |
#start_tls(options = {}) ⇒ Object
Converts the Raktr::Connection#socket to an SSL one.
26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 |
# File 'lib/raktr/connection/tls.rb', line 26 def start_tls( = {} ) if @socket.is_a? OpenSSL::SSL::SSLSocket @ssl_context = @socket.context return end @ssl_context = OpenSSL::SSL::SSLContext.new @ssl_context.verify_mode = OpenSSL::SSL::VERIFY_NONE tls = @tls || if tls certificate = tls[:certificate] private_key = tls[:private_key] public_key = tls[:public_key] ca = tls[:ca] end if certificate && private_key && public_key && ca # Cache PEM *contents* — caching File handles caused EOF on the # second read of the same path. CERTIFICATES[certificate] ||= File.read( certificate ) @ssl_context.cert = OpenSSL::X509::Certificate.new( CERTIFICATES[certificate] ) CERTIFICATES[private_key] ||= File.read( private_key ) @ssl_context.key = OpenSSL::PKey::RSA.new( CERTIFICATES[private_key] ) CERTIFICATES[public_key] ||= File.read( public_key ) @ssl_context.cert.public_key = OpenSSL::PKey::RSA.new( CERTIFICATES[public_key] ) @ssl_context.ca_file = ca @ssl_context.verify_mode = OpenSSL::SSL::VERIFY_PEER | OpenSSL::SSL::VERIFY_FAIL_IF_NO_PEER_CERT elsif @role == :server @ssl_context.key = OpenSSL::PKey::RSA.new( 2048 ) @ssl_context.cert = OpenSSL::X509::Certificate.new @ssl_context.cert.subject = OpenSSL::X509::Name.new( [['CN', 'localhost']] ) @ssl_context.cert.issuer = @ssl_context.cert.subject @ssl_context.cert.public_key = @ssl_context.key @ssl_context.cert.not_before = Time.now @ssl_context.cert.not_after = Time.now + 60 * 60 * 24 @ssl_context.cert.version = 2 @ssl_context.cert.serial = 1 @ssl_context.cert.sign( @ssl_context.key, OpenSSL::Digest::SHA1.new ) end if @role == :server @socket = OpenSSL::SSL::SSLServer.new( @socket, @ssl_context ) else @socket = OpenSSL::SSL::SSLSocket.new( @socket, @ssl_context ) @socket.sync_close = true # We've switched to SSL, a connection needs to be re-established # via the SSL handshake. @connected = false _connect if unix? end @socket end |