Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Newer
Older
100644 2281 lines (1980 sloc) 67.049 kb
231247c0 » gotoyuzo
2003-07-23 * ext/openssl: imported.
1 /*
2 * $Id$
3 * 'OpenSSL for Ruby' project
4 * Copyright (C) 2000-2002 GOTOU Yuuzou <gotoyuzo@notwork.org>
5 * Copyright (C) 2001-2002 Michal Rokos <m.rokos@sh.cvut.cz>
a05e89ca » technorama
2007-04-02 * ext/openssl/ossl_{ssl.[ch],ssl_session.c}},
6 * Copyright (C) 2001-2007 Technorama Ltd. <oss-ruby@technorama.net>
231247c0 » gotoyuzo
2003-07-23 * ext/openssl: imported.
7 * All rights reserved.
8 */
9 /*
10 * This program is licenced under the same licence as Ruby.
11 * (See the file 'LICENCE'.)
12 */
13 #include "ossl.h"
14
15 #if defined(HAVE_UNISTD_H)
16 # include <unistd.h> /* for read(), and write() */
17 #endif
18
08c07a21 » akr
2011-03-09 * ext/openssl/ossl_ssl.c: parenthesize macro arguments.
19 #define numberof(ary) (int)(sizeof(ary)/sizeof((ary)[0]))
231247c0 » gotoyuzo
2003-07-23 * ext/openssl: imported.
20
b4312303 » unak
2003-07-26 * io.c (rb_fdopen): set errno if it's zero on win32 platforms.
21 #ifdef _WIN32
2b15bd05 » unak
2003-07-25 * ext/openssl/ossl_ssl.c (ossl_ssl_setup): need to pass the real
22 # define TO_SOCKET(s) _get_osfhandle(s)
23 #else
08c07a21 » akr
2011-03-09 * ext/openssl/ossl_ssl.c: parenthesize macro arguments.
24 # define TO_SOCKET(s) (s)
2b15bd05 » unak
2003-07-25 * ext/openssl/ossl_ssl.c (ossl_ssl_setup): need to pass the real
25 #endif
26
231247c0 » gotoyuzo
2003-07-23 * ext/openssl: imported.
27 VALUE mSSL;
28 VALUE eSSLError;
29 VALUE cSSLContext;
30 VALUE cSSLSocket;
31
0626d9b9 » headius
2013-04-08 Fix #6154 by introducing new EAGAIN/EWOULDBLOCK/EINPROGRESS
32 static VALUE eSSLErrorWaitReadable;
33 static VALUE eSSLErrorWaitWritable;
34
50ba64ab » emboss
2012-05-26 * ext/openssl/ossl_ssl.c: Allow disabling client-side renegotiation.
35 #define ossl_sslctx_set_cert(o,v) rb_iv_set((o),"@cert",(v))
36 #define ossl_sslctx_set_key(o,v) rb_iv_set((o),"@key",(v))
37 #define ossl_sslctx_set_client_ca(o,v) rb_iv_set((o),"@client_ca",(v))
38 #define ossl_sslctx_set_ca_file(o,v) rb_iv_set((o),"@ca_file",(v))
39 #define ossl_sslctx_set_ca_path(o,v) rb_iv_set((o),"@ca_path",(v))
40 #define ossl_sslctx_set_timeout(o,v) rb_iv_set((o),"@timeout",(v))
41 #define ossl_sslctx_set_verify_mode(o,v) rb_iv_set((o),"@verify_mode",(v))
42 #define ossl_sslctx_set_verify_dep(o,v) rb_iv_set((o),"@verify_depth",(v))
43 #define ossl_sslctx_set_verify_cb(o,v) rb_iv_set((o),"@verify_callback",(v))
44 #define ossl_sslctx_set_options(o,v) rb_iv_set((o),"@options",(v))
45 #define ossl_sslctx_set_cert_store(o,v) rb_iv_set((o),"@cert_store",(v))
46 #define ossl_sslctx_set_extra_cert(o,v) rb_iv_set((o),"@extra_chain_cert",(v))
47 #define ossl_sslctx_set_client_cert_cb(o,v) rb_iv_set((o),"@client_cert_cb",(v))
48 #define ossl_sslctx_set_tmp_dh_cb(o,v) rb_iv_set((o),"@tmp_dh_callback",(v))
49 #define ossl_sslctx_set_sess_id_ctx(o, v) rb_iv_set((o),"@session_id_context",(v))
50
51 #define ossl_sslctx_get_cert(o) rb_iv_get((o),"@cert")
52 #define ossl_sslctx_get_key(o) rb_iv_get((o),"@key")
53 #define ossl_sslctx_get_client_ca(o) rb_iv_get((o),"@client_ca")
54 #define ossl_sslctx_get_ca_file(o) rb_iv_get((o),"@ca_file")
55 #define ossl_sslctx_get_ca_path(o) rb_iv_get((o),"@ca_path")
56 #define ossl_sslctx_get_timeout(o) rb_iv_get((o),"@timeout")
57 #define ossl_sslctx_get_verify_mode(o) rb_iv_get((o),"@verify_mode")
58 #define ossl_sslctx_get_verify_dep(o) rb_iv_get((o),"@verify_depth")
59 #define ossl_sslctx_get_verify_cb(o) rb_iv_get((o),"@verify_callback")
60 #define ossl_sslctx_get_options(o) rb_iv_get((o),"@options")
61 #define ossl_sslctx_get_cert_store(o) rb_iv_get((o),"@cert_store")
62 #define ossl_sslctx_get_extra_cert(o) rb_iv_get((o),"@extra_chain_cert")
63 #define ossl_sslctx_get_client_cert_cb(o) rb_iv_get((o),"@client_cert_cb")
64 #define ossl_sslctx_get_tmp_dh_cb(o) rb_iv_get((o),"@tmp_dh_callback")
65 #define ossl_sslctx_get_sess_id_ctx(o) rb_iv_get((o),"@session_id_context")
231247c0 » gotoyuzo
2003-07-23 * ext/openssl: imported.
66
9b383bd6 » matz
2006-06-09 * sprintf.c (rb_str_format): allow %c to print one character
67 static const char *ossl_sslctx_attrs[] = {
231247c0 » gotoyuzo
2003-07-23 * ext/openssl: imported.
68 "cert", "key", "client_ca", "ca_file", "ca_path",
14ba7fab » emboss
2012-06-09 * ext/openssl/ossl_ssl.c: Introduce SSLContext#renegotiation_cb and
69 "timeout", "verify_mode", "verify_depth", "renegotiation_cb",
55054497 » gotoyuzo
2005-03-09 * ext/openssl/ossl_ssl.c: OpenSSL::SSL::SSLContexts suports callbacks:
70 "verify_callback", "options", "cert_store", "extra_chain_cert",
7aea792d » gotoyuzo
2005-05-22 * ext/openssl/lib/openssl/ssl.rb (OpenSSL::SSL::SSLServer#intialize):
71 "client_cert_cb", "tmp_dh_callback", "session_id_context",
a05e89ca » technorama
2007-04-02 * ext/openssl/ossl_{ssl.[ch],ssl_session.c}},
72 "session_get_cb", "session_new_cb", "session_remove_cb",
7361a2ec » technorama
2009-01-24 * ext/openssl/ossl_ssl.c: Server Name Indication support.
73 #ifdef HAVE_SSL_SET_TLSEXT_HOST_NAME
74 "servername_cb",
75 #endif
25e6db3e » emboss
2012-08-31 * ext/openssl/extconf.rb: Check existence of OPENSSL_NPN_NEGOTIATED.
76 #ifdef HAVE_OPENSSL_NPN_NEGOTIATED
77 "npn_protocols",
e8854f8c » nurse
2012-09-18 * ext/openssl/ossl_ssl.c (ossl_sslctx_attrs): add npn_select_db to
78 "npn_select_cb",
25e6db3e » emboss
2012-08-31 * ext/openssl/extconf.rb: Check existence of OPENSSL_NPN_NEGOTIATED.
79 #endif
231247c0 » gotoyuzo
2003-07-23 * ext/openssl: imported.
80 };
81
55054497 » gotoyuzo
2005-03-09 * ext/openssl/ossl_ssl.c: OpenSSL::SSL::SSLContexts suports callbacks:
82 #define ossl_ssl_get_io(o) rb_iv_get((o),"@io")
83 #define ossl_ssl_get_ctx(o) rb_iv_get((o),"@context")
84 #define ossl_ssl_get_sync_close(o) rb_iv_get((o),"@sync_close")
85 #define ossl_ssl_get_x509(o) rb_iv_get((o),"@x509")
86 #define ossl_ssl_get_key(o) rb_iv_get((o),"@key")
87 #define ossl_ssl_get_tmp_dh(o) rb_iv_get((o),"@tmp_dh")
88
89 #define ossl_ssl_set_io(o,v) rb_iv_set((o),"@io",(v))
90 #define ossl_ssl_set_ctx(o,v) rb_iv_set((o),"@context",(v))
91 #define ossl_ssl_set_sync_close(o,v) rb_iv_set((o),"@sync_close",(v))
92 #define ossl_ssl_set_x509(o,v) rb_iv_set((o),"@x509",(v))
93 #define ossl_ssl_set_key(o,v) rb_iv_set((o),"@key",(v))
94 #define ossl_ssl_set_tmp_dh(o,v) rb_iv_set((o),"@tmp_dh",(v))
95
9b383bd6 » matz
2006-06-09 * sprintf.c (rb_str_format): allow %c to print one character
96 static const char *ossl_ssl_attr_readers[] = { "io", "context", };
7361a2ec » technorama
2009-01-24 * ext/openssl/ossl_ssl.c: Server Name Indication support.
97 static const char *ossl_ssl_attrs[] = {
98 #ifdef HAVE_SSL_SET_TLSEXT_HOST_NAME
99 "hostname",
100 #endif
977267c2 » nobu
2010-04-22 * ext/**/*.[ch]: removed trailing spaces.
101 "sync_close",
7361a2ec » technorama
2009-01-24 * ext/openssl/ossl_ssl.c: Server Name Indication support.
102 };
55054497 » gotoyuzo
2005-03-09 * ext/openssl/ossl_ssl.c: OpenSSL::SSL::SSLContexts suports callbacks:
103
a05e89ca » technorama
2007-04-02 * ext/openssl/ossl_{ssl.[ch],ssl_session.c}},
104 ID ID_callback_state;
105
988ca605 » tenderlove
2013-08-26 * io.c (io_read_nonblock): support non-blocking reads without raising
106 static VALUE sym_exception;
107
55054497 » gotoyuzo
2005-03-09 * ext/openssl/ossl_ssl.c: OpenSSL::SSL::SSLContexts suports callbacks:
108 /*
109 * SSLContext class
110 */
231247c0 » gotoyuzo
2003-07-23 * ext/openssl: imported.
111 struct {
112 const char *name;
113 SSL_METHOD *(*func)(void);
114 } ossl_ssl_method_tab[] = {
87af442f » nobu
2010-05-21 * suppress warnings.
115 #define OSSL_SSL_METHOD_ENTRY(name) { #name, (SSL_METHOD *(*)(void))name##_method }
231247c0 » gotoyuzo
2003-07-23 * ext/openssl: imported.
116 OSSL_SSL_METHOD_ENTRY(TLSv1),
117 OSSL_SSL_METHOD_ENTRY(TLSv1_server),
118 OSSL_SSL_METHOD_ENTRY(TLSv1_client),
060184c3 » emboss
2012-05-06 * ext/openssl/ossl_ssl.c: support TLSv1.1 & TLSv1.1. Add
119 #if defined(HAVE_TLSV1_2_METHOD) && defined(HAVE_TLSV1_2_SERVER_METHOD) && \
120 defined(HAVE_TLSV1_2_CLIENT_METHOD)
121 OSSL_SSL_METHOD_ENTRY(TLSv1_2),
122 OSSL_SSL_METHOD_ENTRY(TLSv1_2_server),
123 OSSL_SSL_METHOD_ENTRY(TLSv1_2_client),
124 #endif
125 #if defined(HAVE_TLSV1_1_METHOD) && defined(HAVE_TLSV1_1_SERVER_METHOD) && \
126 defined(HAVE_TLSV1_1_CLIENT_METHOD)
127 OSSL_SSL_METHOD_ENTRY(TLSv1_1),
128 OSSL_SSL_METHOD_ENTRY(TLSv1_1_server),
129 OSSL_SSL_METHOD_ENTRY(TLSv1_1_client),
130 #endif
baf2eff2 » iwamatsu
2011-05-12 * ext/openssl/ossl_ssl.c: By trunk@31346, function check of SSLv2 is…
131 #if defined(HAVE_SSLV2_METHOD) && defined(HAVE_SSLV2_SERVER_METHOD) && \
3a47cf33 » nobu
2011-05-15 * remove trailing spaces.
132 defined(HAVE_SSLV2_CLIENT_METHOD)
231247c0 » gotoyuzo
2003-07-23 * ext/openssl: imported.
133 OSSL_SSL_METHOD_ENTRY(SSLv2),
134 OSSL_SSL_METHOD_ENTRY(SSLv2_server),
135 OSSL_SSL_METHOD_ENTRY(SSLv2_client),
baf2eff2 » iwamatsu
2011-05-12 * ext/openssl/ossl_ssl.c: By trunk@31346, function check of SSLv2 is…
136 #endif
231247c0 » gotoyuzo
2003-07-23 * ext/openssl: imported.
137 OSSL_SSL_METHOD_ENTRY(SSLv3),
138 OSSL_SSL_METHOD_ENTRY(SSLv3_server),
139 OSSL_SSL_METHOD_ENTRY(SSLv3_client),
140 OSSL_SSL_METHOD_ENTRY(SSLv23),
141 OSSL_SSL_METHOD_ENTRY(SSLv23_server),
142 OSSL_SSL_METHOD_ENTRY(SSLv23_client),
143 #undef OSSL_SSL_METHOD_ENTRY
144 };
145
146 int ossl_ssl_ex_vcb_idx;
147 int ossl_ssl_ex_store_p;
55054497 » gotoyuzo
2005-03-09 * ext/openssl/ossl_ssl.c: OpenSSL::SSL::SSLContexts suports callbacks:
148 int ossl_ssl_ex_ptr_idx;
149 int ossl_ssl_ex_client_cert_cb_idx;
150 int ossl_ssl_ex_tmp_dh_callback_idx;
231247c0 » gotoyuzo
2003-07-23 * ext/openssl: imported.
151
152 static void
153 ossl_sslctx_free(SSL_CTX *ctx)
154 {
155 if(ctx && SSL_CTX_get_ex_data(ctx, ossl_ssl_ex_store_p)== (void*)1)
156 ctx->cert_store = NULL;
157 SSL_CTX_free(ctx);
158 }
159
160 static VALUE
161 ossl_sslctx_s_alloc(VALUE klass)
162 {
163 SSL_CTX *ctx;
41c517d1 » emboss
2011-06-22 * ext/openssl/ossl_ssl.c: Use SSL_MODE_RELEASE_BUFFERS if available.
164 long mode = SSL_MODE_ENABLE_PARTIAL_WRITE;
165
166 #ifdef SSL_MODE_RELEASE_BUFFERS
167 mode |= SSL_MODE_RELEASE_BUFFERS;
168 #endif
231247c0 » gotoyuzo
2003-07-23 * ext/openssl: imported.
169
170 ctx = SSL_CTX_new(SSLv23_method());
171 if (!ctx) {
29b0d9d9 » emboss
2011-11-23 * ext/openssl/ossl_pkey_dsa.c: remove redundant colon from error
172 ossl_raise(eSSLError, "SSL_CTX_new");
231247c0 » gotoyuzo
2003-07-23 * ext/openssl: imported.
173 }
41c517d1 » emboss
2011-06-22 * ext/openssl/ossl_ssl.c: Use SSL_MODE_RELEASE_BUFFERS if available.
174 SSL_CTX_set_mode(ctx, mode);
231247c0 » gotoyuzo
2003-07-23 * ext/openssl: imported.
175 return Data_Wrap_Struct(klass, 0, ossl_sslctx_free, ctx);
176 }
177
ff3e943d » drbrain
2010-11-29 Improve documentation for URI::Common#encode_www_form, OpenSSL::SSL::…
178 /*
179 * call-seq:
180 * ctx.ssl_version = :TLSv1
181 * ctx.ssl_version = "SSLv23_client"
182 *
41bfc7a7 » drbrain
2010-12-06 Add toplevel documentation for OpenSSL
183 * You can get a list of valid versions with OpenSSL::SSL::SSLContext::METHODS
ff3e943d » drbrain
2010-11-29 Improve documentation for URI::Common#encode_www_form, OpenSSL::SSL::…
184 */
231247c0 » gotoyuzo
2003-07-23 * ext/openssl: imported.
185 static VALUE
2c038353 » gotoyuzo
2007-12-17 * ext/openssl/ossl_ssl.c (ossl_sslctx_set_ssl_version):
186 ossl_sslctx_set_ssl_version(VALUE self, VALUE ssl_method)
231247c0 » gotoyuzo
2003-07-23 * ext/openssl: imported.
187 {
188 SSL_METHOD *method = NULL;
9b383bd6 » matz
2006-06-09 * sprintf.c (rb_str_format): allow %c to print one character
189 const char *s;
2c038353 » gotoyuzo
2007-12-17 * ext/openssl/ossl_ssl.c (ossl_sslctx_set_ssl_version):
190 int i;
231247c0 » gotoyuzo
2003-07-23 * ext/openssl: imported.
191
2c038353 » gotoyuzo
2007-12-17 * ext/openssl/ossl_ssl.c (ossl_sslctx_set_ssl_version):
192 SSL_CTX *ctx;
231247c0 » gotoyuzo
2003-07-23 * ext/openssl: imported.
193 if(TYPE(ssl_method) == T_SYMBOL)
194 s = rb_id2name(SYM2ID(ssl_method));
195 else
196 s = StringValuePtr(ssl_method);
197 for (i = 0; i < numberof(ossl_ssl_method_tab); i++) {
198 if (strcmp(ossl_ssl_method_tab[i].name, s) == 0) {
199 method = ossl_ssl_method_tab[i].func();
200 break;
201 }
202 }
203 if (!method) {
204 ossl_raise(rb_eArgError, "unknown SSL method `%s'.", s);
205 }
2edbb9d0 » matz
2004-12-15 * lib/set.rb (Set#==): [ruby-dev:25206]
206 Data_Get_Struct(self, SSL_CTX, ctx);
231247c0 » gotoyuzo
2003-07-23 * ext/openssl: imported.
207 if (SSL_CTX_set_ssl_version(ctx, method) != 1) {
29b0d9d9 » emboss
2011-11-23 * ext/openssl/ossl_pkey_dsa.c: remove redundant colon from error
208 ossl_raise(eSSLError, "SSL_CTX_set_ssl_version");
231247c0 » gotoyuzo
2003-07-23 * ext/openssl: imported.
209 }
210
2c038353 » gotoyuzo
2007-12-17 * ext/openssl/ossl_ssl.c (ossl_sslctx_set_ssl_version):
211 return ssl_method;
212 }
213
214 /*
215 * call-seq:
216 * SSLContext.new => ctx
217 * SSLContext.new(:TLSv1) => ctx
218 * SSLContext.new("SSLv23_client") => ctx
219 *
220 * You can get a list of valid methods with OpenSSL::SSL::SSLContext::METHODS
221 */
222 static VALUE
223 ossl_sslctx_initialize(int argc, VALUE *argv, VALUE self)
224 {
225 VALUE ssl_method;
226 int i;
227
228 for(i = 0; i < numberof(ossl_sslctx_attrs); i++){
229 char buf[32];
230 snprintf(buf, sizeof(buf), "@%s", ossl_sslctx_attrs[i]);
231 rb_iv_set(self, buf, Qnil);
232 }
233 if (rb_scan_args(argc, argv, "01", &ssl_method) == 0){
234 return self;
235 }
236 ossl_sslctx_set_ssl_version(self, ssl_method);
237
231247c0 » gotoyuzo
2003-07-23 * ext/openssl: imported.
238 return self;
239 }
240
55054497 » gotoyuzo
2005-03-09 * ext/openssl/ossl_ssl.c: OpenSSL::SSL::SSLContexts suports callbacks:
241 static VALUE
242 ossl_call_client_cert_cb(VALUE obj)
243 {
244 VALUE cb, ary, cert, key;
245 SSL *ssl;
246
247 Data_Get_Struct(obj, SSL, ssl);
248 cb = (VALUE)SSL_get_ex_data(ssl, ossl_ssl_ex_client_cert_cb_idx);
249 if (NIL_P(cb)) return Qfalse;
250 ary = rb_funcall(cb, rb_intern("call"), 1, obj);
251 Check_Type(ary, T_ARRAY);
252 GetX509CertPtr(cert = rb_ary_entry(ary, 0));
253 GetPKeyPtr(key = rb_ary_entry(ary, 1));
254 ossl_ssl_set_x509(obj, cert);
255 ossl_ssl_set_key(obj, key);
256
257 return Qtrue;
258 }
259
260 static int
261 ossl_client_cert_cb(SSL *ssl, X509 **x509, EVP_PKEY **pkey)
262 {
3a16cc24 » nurse
2011-03-24 * ext/openssl/ossl.c: surpress warning: shorten-64-to-32.
263 VALUE obj, success;
55054497 » gotoyuzo
2005-03-09 * ext/openssl/ossl_ssl.c: OpenSSL::SSL::SSLContexts suports callbacks:
264
265 obj = (VALUE)SSL_get_ex_data(ssl, ossl_ssl_ex_ptr_idx);
266 success = rb_protect((VALUE(*)_((VALUE)))ossl_call_client_cert_cb,
3a16cc24 » nurse
2011-03-24 * ext/openssl/ossl.c: surpress warning: shorten-64-to-32.
267 obj, NULL);
268 if (!RTEST(success)) return 0;
55054497 » gotoyuzo
2005-03-09 * ext/openssl/ossl_ssl.c: OpenSSL::SSL::SSLContexts suports callbacks:
269 *x509 = DupX509CertPtr(ossl_ssl_get_x509(obj));
270 *pkey = DupPKeyPtr(ossl_ssl_get_key(obj));
271
272 return 1;
273 }
274
275 #if !defined(OPENSSL_NO_DH)
276 static VALUE
277 ossl_call_tmp_dh_callback(VALUE *args)
278 {
279 SSL *ssl;
280 VALUE cb, dh;
281 EVP_PKEY *pkey;
282
283 Data_Get_Struct(args[0], SSL, ssl);
284 cb = (VALUE)SSL_get_ex_data(ssl, ossl_ssl_ex_tmp_dh_callback_idx);
285 if (NIL_P(cb)) return Qfalse;
286 dh = rb_funcall(cb, rb_intern("call"), 3, args[0], args[1], args[2]);
287 pkey = GetPKeyPtr(dh);
288 if (EVP_PKEY_type(pkey->type) != EVP_PKEY_DH) return Qfalse;
0d23cc25 » gotoyuzo
2005-03-12 * ext/openssl/ossl_pkey_dh.c (ossl_create_dh): fix typo.
289 ossl_ssl_set_tmp_dh(args[0], dh);
55054497 » gotoyuzo
2005-03-09 * ext/openssl/ossl_ssl.c: OpenSSL::SSL::SSLContexts suports callbacks:
290
291 return Qtrue;
292 }
293
294 static DH*
295 ossl_tmp_dh_callback(SSL *ssl, int is_export, int keylength)
296 {
3a16cc24 » nurse
2011-03-24 * ext/openssl/ossl.c: surpress warning: shorten-64-to-32.
297 VALUE args[3], success;
55054497 » gotoyuzo
2005-03-09 * ext/openssl/ossl_ssl.c: OpenSSL::SSL::SSLContexts suports callbacks:
298
299 args[0] = (VALUE)SSL_get_ex_data(ssl, ossl_ssl_ex_ptr_idx);
300 args[1] = INT2FIX(is_export);
301 args[2] = INT2FIX(keylength);
302 success = rb_protect((VALUE(*)_((VALUE)))ossl_call_tmp_dh_callback,
3a16cc24 » nurse
2011-03-24 * ext/openssl/ossl.c: surpress warning: shorten-64-to-32.
303 (VALUE)args, NULL);
304 if (!RTEST(success)) return NULL;
55054497 » gotoyuzo
2005-03-09 * ext/openssl/ossl_ssl.c: OpenSSL::SSL::SSLContexts suports callbacks:
305
7ff4c7c7 » gotoyuzo
2005-03-12 * ext/openssl/ossl_ssl.c (ossl_tmp_dh_callback): should get DH
306 return GetPKeyPtr(ossl_ssl_get_tmp_dh(args[0]))->pkey.dh;
55054497 » gotoyuzo
2005-03-09 * ext/openssl/ossl_ssl.c: OpenSSL::SSL::SSLContexts suports callbacks:
307 }
308
309 static DH*
310 ossl_default_tmp_dh_callback(SSL *ssl, int is_export, int keylength)
311 {
42643e48 » technorama
2007-12-25 * ext/openssl/ossl_ssl.c: Only show a warning if the default
312 rb_warning("using default DH parameters.");
313
55054497 » gotoyuzo
2005-03-09 * ext/openssl/ossl_ssl.c: OpenSSL::SSL::SSLContexts suports callbacks:
314 switch(keylength){
315 case 512:
316 return OSSL_DEFAULT_DH_512;
317 case 1024:
318 return OSSL_DEFAULT_DH_1024;
319 }
320 return NULL;
321 }
322 #endif /* OPENSSL_NO_DH */
323
231247c0 » gotoyuzo
2003-07-23 * ext/openssl: imported.
324 static int
325 ossl_ssl_verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
326 {
327 VALUE cb;
328 SSL *ssl;
329
330 ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
331 cb = (VALUE)SSL_get_ex_data(ssl, ossl_ssl_ex_vcb_idx);
332 X509_STORE_CTX_set_ex_data(ctx, ossl_verify_cb_idx, (void*)cb);
333 return ossl_verify_cb(preverify_ok, ctx);
334 }
335
336 static VALUE
a05e89ca » technorama
2007-04-02 * ext/openssl/ossl_{ssl.[ch],ssl_session.c}},
337 ossl_call_session_get_cb(VALUE ary)
338 {
6c0f5402 » nobu
2008-07-22 * ext/openssl: suppress warnings.
339 VALUE ssl_obj, sslctx_obj, cb;
977267c2 » nobu
2010-04-22 * ext/**/*.[ch]: removed trailing spaces.
340
a05e89ca » technorama
2007-04-02 * ext/openssl/ossl_{ssl.[ch],ssl_session.c}},
341 Check_Type(ary, T_ARRAY);
342 ssl_obj = rb_ary_entry(ary, 0);
343
344 sslctx_obj = rb_iv_get(ssl_obj, "@context");
345 if (NIL_P(sslctx_obj)) return Qnil;
346 cb = rb_iv_get(sslctx_obj, "@session_get_cb");
347 if (NIL_P(cb)) return Qnil;
348
349 return rb_funcall(cb, rb_intern("call"), 1, ary);
350 }
351
352 /* this method is currently only called for servers (in OpenSSL <= 0.9.8e) */
353 static SSL_SESSION *
354 ossl_sslctx_session_get_cb(SSL *ssl, unsigned char *buf, int len, int *copy)
355 {
356 VALUE ary, ssl_obj, ret_obj;
357 SSL_SESSION *sess;
358 void *ptr;
359 int state = 0;
360
361 OSSL_Debug("SSL SESSION get callback entered");
362 if ((ptr = SSL_get_ex_data(ssl, ossl_ssl_ex_ptr_idx)) == NULL)
363 return NULL;
364 ssl_obj = (VALUE)ptr;
365 ary = rb_ary_new2(2);
366 rb_ary_push(ary, ssl_obj);
6c0f5402 » nobu
2008-07-22 * ext/openssl: suppress warnings.
367 rb_ary_push(ary, rb_str_new((const char *)buf, len));
a05e89ca » technorama
2007-04-02 * ext/openssl/ossl_{ssl.[ch],ssl_session.c}},
368
369 ret_obj = rb_protect((VALUE(*)_((VALUE)))ossl_call_session_get_cb, ary, &state);
370 if (state) {
371 rb_ivar_set(ssl_obj, ID_callback_state, INT2NUM(state));
372 return NULL;
373 }
374 if (!rb_obj_is_instance_of(ret_obj, cSSLSession))
375 return NULL;
376
377 SafeGetSSLSession(ret_obj, sess);
378 *copy = 1;
379
380 return sess;
381 }
382
383 static VALUE
384 ossl_call_session_new_cb(VALUE ary)
385 {
6c0f5402 » nobu
2008-07-22 * ext/openssl: suppress warnings.
386 VALUE ssl_obj, sslctx_obj, cb;
977267c2 » nobu
2010-04-22 * ext/**/*.[ch]: removed trailing spaces.
387
a05e89ca » technorama
2007-04-02 * ext/openssl/ossl_{ssl.[ch],ssl_session.c}},
388 Check_Type(ary, T_ARRAY);
389 ssl_obj = rb_ary_entry(ary, 0);
390
391 sslctx_obj = rb_iv_get(ssl_obj, "@context");
392 if (NIL_P(sslctx_obj)) return Qnil;
393 cb = rb_iv_get(sslctx_obj, "@session_new_cb");
394 if (NIL_P(cb)) return Qnil;
395
396 return rb_funcall(cb, rb_intern("call"), 1, ary);
397 }
398
399 /* return 1 normal. return 0 removes the session */
400 static int
401 ossl_sslctx_session_new_cb(SSL *ssl, SSL_SESSION *sess)
402 {
c35204f7 » emboss
2011-10-19 * ext/openssl/ossl_ssl.c: Remove set, but unused variables.
403 VALUE ary, ssl_obj, sess_obj;
a05e89ca » technorama
2007-04-02 * ext/openssl/ossl_{ssl.[ch],ssl_session.c}},
404 void *ptr;
405 int state = 0;
406
407 OSSL_Debug("SSL SESSION new callback entered");
408
409 if ((ptr = SSL_get_ex_data(ssl, ossl_ssl_ex_ptr_idx)) == NULL)
410 return 1;
411 ssl_obj = (VALUE)ptr;
412 sess_obj = rb_obj_alloc(cSSLSession);
413 CRYPTO_add(&sess->references, 1, CRYPTO_LOCK_SSL_SESSION);
414 DATA_PTR(sess_obj) = sess;
415
416 ary = rb_ary_new2(2);
417 rb_ary_push(ary, ssl_obj);
418 rb_ary_push(ary, sess_obj);
419
c35204f7 » emboss
2011-10-19 * ext/openssl/ossl_ssl.c: Remove set, but unused variables.
420 rb_protect((VALUE(*)_((VALUE)))ossl_call_session_new_cb, ary, &state);
a05e89ca » technorama
2007-04-02 * ext/openssl/ossl_{ssl.[ch],ssl_session.c}},
421 if (state) {
422 rb_ivar_set(ssl_obj, ID_callback_state, INT2NUM(state));
423 }
424
dea3113a » nahi
2011-06-22 * ext/openssl/ossl_ssl.c (ossl_sslctx_session_new_cb): Return 0 to
425 /*
edb98f8b » k-tsj
2013-05-19 fix typos. Patch by k_takata.
426 * return 0 which means to OpenSSL that the session is still
dea3113a » nahi
2011-06-22 * ext/openssl/ossl_ssl.c (ossl_sslctx_session_new_cb): Return 0 to
427 * valid (since we created Ruby Session object) and was not freed by us
428 * with SSL_SESSION_free(). Call SSLContext#remove_session(sess) in
429 * session_get_cb block if you don't want OpenSSL to cache the session
430 * internally.
431 */
432 return 0;
a05e89ca » technorama
2007-04-02 * ext/openssl/ossl_{ssl.[ch],ssl_session.c}},
433 }
434
435 static VALUE
436 ossl_call_session_remove_cb(VALUE ary)
437 {
6c0f5402 » nobu
2008-07-22 * ext/openssl: suppress warnings.
438 VALUE sslctx_obj, cb;
977267c2 » nobu
2010-04-22 * ext/**/*.[ch]: removed trailing spaces.
439
a05e89ca » technorama
2007-04-02 * ext/openssl/ossl_{ssl.[ch],ssl_session.c}},
440 Check_Type(ary, T_ARRAY);
441 sslctx_obj = rb_ary_entry(ary, 0);
442
443 cb = rb_iv_get(sslctx_obj, "@session_remove_cb");
444 if (NIL_P(cb)) return Qnil;
445
446 return rb_funcall(cb, rb_intern("call"), 1, ary);
447 }
448
449 static void
450 ossl_sslctx_session_remove_cb(SSL_CTX *ctx, SSL_SESSION *sess)
451 {
c35204f7 » emboss
2011-10-19 * ext/openssl/ossl_ssl.c: Remove set, but unused variables.
452 VALUE ary, sslctx_obj, sess_obj;
a05e89ca » technorama
2007-04-02 * ext/openssl/ossl_{ssl.[ch],ssl_session.c}},
453 void *ptr;
454 int state = 0;
455
456 OSSL_Debug("SSL SESSION remove callback entered");
457
458 if ((ptr = SSL_CTX_get_ex_data(ctx, ossl_ssl_ex_ptr_idx)) == NULL)
459 return;
460 sslctx_obj = (VALUE)ptr;
461 sess_obj = rb_obj_alloc(cSSLSession);
462 CRYPTO_add(&sess->references, 1, CRYPTO_LOCK_SSL_SESSION);
463 DATA_PTR(sess_obj) = sess;
464
465 ary = rb_ary_new2(2);
466 rb_ary_push(ary, sslctx_obj);
467 rb_ary_push(ary, sess_obj);
468
c35204f7 » emboss
2011-10-19 * ext/openssl/ossl_ssl.c: Remove set, but unused variables.
469 rb_protect((VALUE(*)_((VALUE)))ossl_call_session_remove_cb, ary, &state);
a05e89ca » technorama
2007-04-02 * ext/openssl/ossl_{ssl.[ch],ssl_session.c}},
470 if (state) {
471 /*
472 the SSL_CTX is frozen, nowhere to save state.
473 there is no common accessor method to check it either.
474 rb_ivar_set(sslctx_obj, ID_callback_state, INT2NUM(state));
475 */
476 }
477 }
478
479 static VALUE
7566c490 » nobu
2013-11-29 ruby/ruby.h: RB_BLOCK_CALL_FUNC_ARGLIST
480 ossl_sslctx_add_extra_chain_cert_i(RB_BLOCK_CALL_FUNC_ARGLIST(i, arg))
2e0b6e28 » gotoyuzo
2003-10-29 * ext/openssl/lib/openssl/buffering.rb (Buffering#initialize):
481 {
482 X509 *x509;
483 SSL_CTX *ctx;
484
485 Data_Get_Struct(arg, SSL_CTX, ctx);
486 x509 = DupX509CertPtr(i);
487 if(!SSL_CTX_add_extra_chain_cert(ctx, x509)){
488 ossl_raise(eSSLError, NULL);
489 }
490
491 return i;
492 }
493
7361a2ec » technorama
2009-01-24 * ext/openssl/ossl_ssl.c: Server Name Indication support.
494 static VALUE ossl_sslctx_setup(VALUE self);
495
496 #ifdef HAVE_SSL_SET_TLSEXT_HOST_NAME
497 static VALUE
498 ossl_call_servername_cb(VALUE ary)
499 {
500 VALUE ssl_obj, sslctx_obj, cb, ret_obj;
501
502 Check_Type(ary, T_ARRAY);
503 ssl_obj = rb_ary_entry(ary, 0);
504
505 sslctx_obj = rb_iv_get(ssl_obj, "@context");
506 if (NIL_P(sslctx_obj)) return Qnil;
507 cb = rb_iv_get(sslctx_obj, "@servername_cb");
508 if (NIL_P(cb)) return Qnil;
509
510 ret_obj = rb_funcall(cb, rb_intern("call"), 1, ary);
511 if (rb_obj_is_kind_of(ret_obj, cSSLContext)) {
512 SSL *ssl;
513 SSL_CTX *ctx2;
514
515 ossl_sslctx_setup(ret_obj);
516 Data_Get_Struct(ssl_obj, SSL, ssl);
517 Data_Get_Struct(ret_obj, SSL_CTX, ctx2);
518 SSL_set_SSL_CTX(ssl, ctx2);
519 } else if (!NIL_P(ret_obj)) {
26cb830d » emboss
2011-06-22 * ext/openssl/ossl.h: Introduced OSSL_BIO_reset macro for PEM/DER
520 ossl_raise(rb_eArgError, "servername_cb must return an OpenSSL::SSL::SSLContext object or nil");
7361a2ec » technorama
2009-01-24 * ext/openssl/ossl_ssl.c: Server Name Indication support.
521 }
522
523 return ret_obj;
524 }
525
526 static int
527 ssl_servername_cb(SSL *ssl, int *ad, void *arg)
528 {
c35204f7 » emboss
2011-10-19 * ext/openssl/ossl_ssl.c: Remove set, but unused variables.
529 VALUE ary, ssl_obj;
7361a2ec » technorama
2009-01-24 * ext/openssl/ossl_ssl.c: Server Name Indication support.
530 void *ptr;
531 int state = 0;
532 const char *servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
533
534 if (!servername)
535 return SSL_TLSEXT_ERR_OK;
536
537 if ((ptr = SSL_get_ex_data(ssl, ossl_ssl_ex_ptr_idx)) == NULL)
538 return SSL_TLSEXT_ERR_ALERT_FATAL;
539 ssl_obj = (VALUE)ptr;
540 ary = rb_ary_new2(2);
541 rb_ary_push(ary, ssl_obj);
542 rb_ary_push(ary, rb_str_new2(servername));
543
c35204f7 » emboss
2011-10-19 * ext/openssl/ossl_ssl.c: Remove set, but unused variables.
544 rb_protect((VALUE(*)_((VALUE)))ossl_call_servername_cb, ary, &state);
7361a2ec » technorama
2009-01-24 * ext/openssl/ossl_ssl.c: Server Name Indication support.
545 if (state) {
546 rb_ivar_set(ssl_obj, ID_callback_state, INT2NUM(state));
547 return SSL_TLSEXT_ERR_ALERT_FATAL;
548 }
549
550 return SSL_TLSEXT_ERR_OK;
551 }
552 #endif
553
14ba7fab » emboss
2012-06-09 * ext/openssl/ossl_ssl.c: Introduce SSLContext#renegotiation_cb and
554 static void
555 ssl_renegotiation_cb(const SSL *ssl)
50ba64ab » emboss
2012-05-26 * ext/openssl/ossl_ssl.c: Allow disabling client-side renegotiation.
556 {
14ba7fab » emboss
2012-06-09 * ext/openssl/ossl_ssl.c: Introduce SSLContext#renegotiation_cb and
557 VALUE ssl_obj, sslctx_obj, cb;
558 void *ptr;
559
560 if ((ptr = SSL_get_ex_data(ssl, ossl_ssl_ex_ptr_idx)) == NULL)
561 ossl_raise(eSSLError, "SSL object could not be retrieved");
562 ssl_obj = (VALUE)ptr;
563
564 sslctx_obj = rb_iv_get(ssl_obj, "@context");
565 if (NIL_P(sslctx_obj)) return;
566 cb = rb_iv_get(sslctx_obj, "@renegotiation_cb");
567 if (NIL_P(cb)) return;
568
569 (void) rb_funcall(cb, rb_intern("call"), 1, ssl_obj);
50ba64ab » emboss
2012-05-26 * ext/openssl/ossl_ssl.c: Allow disabling client-side renegotiation.
570 }
571
25e6db3e » emboss
2012-08-31 * ext/openssl/extconf.rb: Check existence of OPENSSL_NPN_NEGOTIATED.
572 #ifdef HAVE_OPENSSL_NPN_NEGOTIATED
573 static VALUE
574 ssl_npn_encode_protocol_i(VALUE cur, VALUE encoded)
575 {
576 int len = RSTRING_LENINT(cur);
36c40166 » ngoto
2012-11-29 * ext/openssl/ossl_ssl.c (ssl_npn_encode_protocol_i): fix byte order
577 char len_byte;
25e6db3e » emboss
2012-08-31 * ext/openssl/extconf.rb: Check existence of OPENSSL_NPN_NEGOTIATED.
578 if (len < 1 || len > 255)
579 ossl_raise(eSSLError, "Advertised protocol must have length 1..255");
580 /* Encode the length byte */
36c40166 » ngoto
2012-11-29 * ext/openssl/ossl_ssl.c (ssl_npn_encode_protocol_i): fix byte order
581 len_byte = len;
582 rb_str_buf_cat(encoded, &len_byte, 1);
25e6db3e » emboss
2012-08-31 * ext/openssl/extconf.rb: Check existence of OPENSSL_NPN_NEGOTIATED.
583 rb_str_buf_cat(encoded, RSTRING_PTR(cur), len);
584 return Qnil;
585 }
586
587 static void
588 ssl_npn_encode_protocols(VALUE sslctx, VALUE protocols)
589 {
590 VALUE encoded = rb_str_new2("");
591 rb_iterate(rb_each, protocols, ssl_npn_encode_protocol_i, encoded);
592 StringValueCStr(encoded);
593 rb_iv_set(sslctx, "@_protocols", encoded);
594 }
595
596 static int
af6c038b » nobu
2012-09-04 remove trailing spaces.
597 ssl_npn_advertise_cb(SSL *ssl, const unsigned char **out, unsigned int *outlen, void *arg)
25e6db3e » emboss
2012-08-31 * ext/openssl/extconf.rb: Check existence of OPENSSL_NPN_NEGOTIATED.
598 {
599 VALUE sslctx_obj = (VALUE) arg;
600 VALUE protocols = rb_iv_get(sslctx_obj, "@_protocols");
601
602 *out = (const unsigned char *) RSTRING_PTR(protocols);
603 *outlen = RSTRING_LENINT(protocols);
604
605 return SSL_TLSEXT_ERR_OK;
606 }
607
608 static int
609 ssl_npn_select_cb(SSL *s, unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen, void *arg)
610 {
611 int i = 0;
612 VALUE sslctx_obj, cb, protocols, selected;
af6c038b » nobu
2012-09-04 remove trailing spaces.
613
25e6db3e » emboss
2012-08-31 * ext/openssl/extconf.rb: Check existence of OPENSSL_NPN_NEGOTIATED.
614 sslctx_obj = (VALUE) arg;
615 cb = rb_iv_get(sslctx_obj, "@npn_select_cb");
616 protocols = rb_ary_new();
617
618 /* The format is len_1|proto_1|...|len_n|proto_n\0 */
619 while (in[i]) {
620 VALUE protocol = rb_str_new((const char *) &in[i + 1], in[i]);
621 rb_ary_push(protocols, protocol);
622 i += in[i] + 1;
623 }
624
625 selected = rb_funcall(cb, rb_intern("call"), 1, protocols);
626 StringValue(selected);
627 *out = (unsigned char *) StringValuePtr(selected);
628 *outlen = RSTRING_LENINT(selected);
629
630 return SSL_TLSEXT_ERR_OK;
631 }
632 #endif
633
af6c038b » nobu
2012-09-04 remove trailing spaces.
634 /* This function may serve as the entry point to support further
14ba7fab » emboss
2012-06-09 * ext/openssl/ossl_ssl.c: Introduce SSLContext#renegotiation_cb and
635 * callbacks. */
50ba64ab » emboss
2012-05-26 * ext/openssl/ossl_ssl.c: Allow disabling client-side renegotiation.
636 static void
14ba7fab » emboss
2012-06-09 * ext/openssl/ossl_ssl.c: Introduce SSLContext#renegotiation_cb and
637 ssl_info_cb(const SSL *ssl, int where, int val)
50ba64ab » emboss
2012-05-26 * ext/openssl/ossl_ssl.c: Allow disabling client-side renegotiation.
638 {
639 int state = SSL_state(ssl);
640
af6c038b » nobu
2012-09-04 remove trailing spaces.
641 if ((where & SSL_CB_HANDSHAKE_START) &&
50ba64ab » emboss
2012-05-26 * ext/openssl/ossl_ssl.c: Allow disabling client-side renegotiation.
642 (state & SSL_ST_ACCEPT)) {
14ba7fab » emboss
2012-06-09 * ext/openssl/ossl_ssl.c: Introduce SSLContext#renegotiation_cb and
643 ssl_renegotiation_cb(ssl);
50ba64ab » emboss
2012-05-26 * ext/openssl/ossl_ssl.c: Allow disabling client-side renegotiation.
644 }
645 }
646
45acd59d » technorama
2008-04-20 * ext/openssl/ossl_ssl.c: Switch stats hash key from string to symbol.
647 /*
648 * call-seq:
649 * ctx.setup => Qtrue # first time
650 * ctx.setup => nil # thereafter
651 *
652 * This method is called automatically when a new SSLSocket is created.
41bfc7a7 » drbrain
2010-12-06 Add toplevel documentation for OpenSSL
653 * Normally you do not need to call this method (unless you are writing an
654 * extension in C).
45acd59d » technorama
2008-04-20 * ext/openssl/ossl_ssl.c: Switch stats hash key from string to symbol.
655 */
2e0b6e28 » gotoyuzo
2003-10-29 * ext/openssl/lib/openssl/buffering.rb (Buffering#initialize):
656 static VALUE
231247c0 » gotoyuzo
2003-07-23 * ext/openssl: imported.
657 ossl_sslctx_setup(VALUE self)
658 {
659 SSL_CTX *ctx;
660 X509 *cert = NULL, *client_ca = NULL;
661 X509_STORE *store;
662 EVP_PKEY *key = NULL;
663 char *ca_path = NULL, *ca_file = NULL;
664 int i, verify_mode;
665 VALUE val;
666
667 if(OBJ_FROZEN(self)) return Qnil;
668 Data_Get_Struct(self, SSL_CTX, ctx);
669
55054497 » gotoyuzo
2005-03-09 * ext/openssl/ossl_ssl.c: OpenSSL::SSL::SSLContexts suports callbacks:
670 #if !defined(OPENSSL_NO_DH)
671 if (RTEST(ossl_sslctx_get_tmp_dh_cb(self))){
672 SSL_CTX_set_tmp_dh_callback(ctx, ossl_tmp_dh_callback);
673 }
674 else{
675 SSL_CTX_set_tmp_dh_callback(ctx, ossl_default_tmp_dh_callback);
676 }
677 #endif
a05e89ca » technorama
2007-04-02 * ext/openssl/ossl_{ssl.[ch],ssl_session.c}},
678 SSL_CTX_set_ex_data(ctx, ossl_ssl_ex_ptr_idx, (void*)self);
55054497 » gotoyuzo
2005-03-09 * ext/openssl/ossl_ssl.c: OpenSSL::SSL::SSLContexts suports callbacks:
679
231247c0 » gotoyuzo
2003-07-23 * ext/openssl: imported.
680 val = ossl_sslctx_get_cert_store(self);
681 if(!NIL_P(val)){
682 /*
683 * WORKAROUND:
684 * X509_STORE can count references, but
685 * X509_STORE_free() doesn't care it.
686 * So we won't increment it but mark it by ex_data.
687 */
688 store = GetX509StorePtr(val); /* NO NEED TO DUP */
689 SSL_CTX_set_cert_store(ctx, store);
690 SSL_CTX_set_ex_data(ctx, ossl_ssl_ex_store_p, (void*)1);
691 }
692
2e0b6e28 » gotoyuzo
2003-10-29 * ext/openssl/lib/openssl/buffering.rb (Buffering#initialize):
693 val = ossl_sslctx_get_extra_cert(self);
694 if(!NIL_P(val)){
5675cdbd » matz
2006-02-03 * eval.c: unify ruby_class (for method definition) and ruby_cbase
695 rb_block_call(val, rb_intern("each"), 0, 0, ossl_sslctx_add_extra_chain_cert_i, self);
2e0b6e28 » gotoyuzo
2003-10-29 * ext/openssl/lib/openssl/buffering.rb (Buffering#initialize):
696 }
697
231247c0 » gotoyuzo
2003-07-23 * ext/openssl: imported.
698 /* private key may be bundled in certificate file. */
699 val = ossl_sslctx_get_cert(self);
700 cert = NIL_P(val) ? NULL : GetX509CertPtr(val); /* NO DUP NEEDED */
701 val = ossl_sslctx_get_key(self);
702 key = NIL_P(val) ? NULL : GetPKeyPtr(val); /* NO DUP NEEDED */
703 if (cert && key) {
704 if (!SSL_CTX_use_certificate(ctx, cert)) {
705 /* Adds a ref => Safe to FREE */
29b0d9d9 » emboss
2011-11-23 * ext/openssl/ossl_pkey_dsa.c: remove redundant colon from error
706 ossl_raise(eSSLError, "SSL_CTX_use_certificate");
231247c0 » gotoyuzo
2003-07-23 * ext/openssl: imported.
707 }
708 if (!SSL_CTX_use_PrivateKey(ctx, key)) {
709 /* Adds a ref => Safe to FREE */
29b0d9d9 » emboss
2011-11-23 * ext/openssl/ossl_pkey_dsa.c: remove redundant colon from error
710 ossl_raise(eSSLError, "SSL_CTX_use_PrivateKey");
231247c0 » gotoyuzo
2003-07-23 * ext/openssl: imported.
711 }
712 if (!SSL_CTX_check_private_key(ctx)) {
29b0d9d9 » emboss
2011-11-23 * ext/openssl/ossl_pkey_dsa.c: remove redundant colon from error
713 ossl_raise(eSSLError, "SSL_CTX_check_private_key");
231247c0 » gotoyuzo
2003-07-23 * ext/openssl: imported.
714 }
715 }
716
717 val = ossl_sslctx_get_client_ca(self);
718 if(!NIL_P(val)){
719 if(TYPE(val) == T_ARRAY){
21568705 » matz
2006-09-02 * ruby.h (struct RArray): embed small arrays.
720 for(i = 0; i < RARRAY_LEN(val); i++){
721 client_ca = GetX509CertPtr(RARRAY_PTR(val)[i]);
231247c0 » gotoyuzo
2003-07-23 * ext/openssl: imported.
722 if (!SSL_CTX_add_client_CA(ctx, client_ca)){
723 /* Copies X509_NAME => FREE it. */
724 ossl_raise(eSSLError, "SSL_CTX_add_client_CA");
725 }
726 }
727 }
728 else{
729 client_ca = GetX509CertPtr(val); /* NO DUP NEEDED. */
730 if (!SSL_CTX_add_client_CA(ctx, client_ca)){
731 /* Copies X509_NAME => FREE it. */
732 ossl_raise(eSSLError, "SSL_CTX_add_client_CA");
733 }
734 }
735 }
736
737 val = ossl_sslctx_get_ca_file(self);
738 ca_file = NIL_P(val) ? NULL : StringValuePtr(val);
739 val = ossl_sslctx_get_ca_path(self);
740 ca_path = NIL_P(val) ? NULL : StringValuePtr(val);
741 if(ca_file || ca_path){
742 if (!SSL_CTX_load_verify_locations(ctx, ca_file, ca_path))
743 rb_warning("can't set verify locations");
744 }
745
746 val = ossl_sslctx_get_verify_mode(self);
747 verify_mode = NIL_P(val) ? SSL_VERIFY_NONE : NUM2INT(val);
748 SSL_CTX_set_verify(ctx, verify_mode, ossl_ssl_verify_callback);
55054497 » gotoyuzo
2005-03-09 * ext/openssl/ossl_ssl.c: OpenSSL::SSL::SSLContexts suports callbacks:
749 if (RTEST(ossl_sslctx_get_client_cert_cb(self)))
750 SSL_CTX_set_client_cert_cb(ctx, ossl_client_cert_cb);
231247c0 » gotoyuzo
2003-07-23 * ext/openssl: imported.
751
752 val = ossl_sslctx_get_timeout(self);
753 if(!NIL_P(val)) SSL_CTX_set_timeout(ctx, NUM2LONG(val));
754
755 val = ossl_sslctx_get_verify_dep(self);
643f90d8 » nurse
2011-03-24 * ext/openssl/ossl_rand.c (ossl_rand_egd_bytes): use NUM2INT because
756 if(!NIL_P(val)) SSL_CTX_set_verify_depth(ctx, NUM2INT(val));
231247c0 » gotoyuzo
2003-07-23 * ext/openssl: imported.
757
758 val = ossl_sslctx_get_options(self);
3ff2f9f3 » nahi
2012-02-08 * ext/openssl/ossl_ssl.c: Add SSL constants and allow to unset SSL
759 if(!NIL_P(val)) {
760 SSL_CTX_set_options(ctx, NUM2LONG(val));
761 } else {
762 SSL_CTX_set_options(ctx, SSL_OP_ALL);
763 }
25e6db3e » emboss
2012-08-31 * ext/openssl/extconf.rb: Check existence of OPENSSL_NPN_NEGOTIATED.
764
765 #ifdef HAVE_OPENSSL_NPN_NEGOTIATED
766 val = rb_iv_get(self, "@npn_protocols");
767 if (!NIL_P(val)) {
768 ssl_npn_encode_protocols(self, val);
769 SSL_CTX_set_next_protos_advertised_cb(ctx, ssl_npn_advertise_cb, (void *) self);
770 OSSL_Debug("SSL NPN advertise callback added");
771 }
772 if (RTEST(rb_iv_get(self, "@npn_select_cb"))) {
773 SSL_CTX_set_next_proto_select_cb(ctx, ssl_npn_select_cb, (void *) self);
774 OSSL_Debug("SSL NPN select callback added");
775 }
776 #endif
777
231247c0 » gotoyuzo
2003-07-23 * ext/openssl: imported.
778 rb_obj_freeze(self);
779
7aea792d » gotoyuzo
2005-05-22 * ext/openssl/lib/openssl/ssl.rb (OpenSSL::SSL::SSLServer#intialize):
780 val = ossl_sslctx_get_sess_id_ctx(self);
781 if (!NIL_P(val)){
782 StringValue(val);
6c0f5402 » nobu
2008-07-22 * ext/openssl: suppress warnings.
783 if (!SSL_CTX_set_session_id_context(ctx, (unsigned char *)RSTRING_PTR(val),
3a16cc24 » nurse
2011-03-24 * ext/openssl/ossl.c: surpress warning: shorten-64-to-32.
784 RSTRING_LENINT(val))){
29b0d9d9 » emboss
2011-11-23 * ext/openssl/ossl_pkey_dsa.c: remove redundant colon from error
785 ossl_raise(eSSLError, "SSL_CTX_set_session_id_context");
7aea792d » gotoyuzo
2005-05-22 * ext/openssl/lib/openssl/ssl.rb (OpenSSL::SSL::SSLServer#intialize):
786 }
787 }
788
a05e89ca » technorama
2007-04-02 * ext/openssl/ossl_{ssl.[ch],ssl_session.c}},
789 if (RTEST(rb_iv_get(self, "@session_get_cb"))) {
790 SSL_CTX_sess_set_get_cb(ctx, ossl_sslctx_session_get_cb);
791 OSSL_Debug("SSL SESSION get callback added");
792 }
793 if (RTEST(rb_iv_get(self, "@session_new_cb"))) {
794 SSL_CTX_sess_set_new_cb(ctx, ossl_sslctx_session_new_cb);
795 OSSL_Debug("SSL SESSION new callback added");
796 }
797 if (RTEST(rb_iv_get(self, "@session_remove_cb"))) {
798 SSL_CTX_sess_set_remove_cb(ctx, ossl_sslctx_session_remove_cb);
799 OSSL_Debug("SSL SESSION remove callback added");
800 }
7361a2ec » technorama
2009-01-24 * ext/openssl/ossl_ssl.c: Server Name Indication support.
801
802 #ifdef HAVE_SSL_SET_TLSEXT_HOST_NAME
803 val = rb_iv_get(self, "@servername_cb");
804 if (!NIL_P(val)) {
805 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb);
806 OSSL_Debug("SSL TLSEXT servername callback added");
807 }
808 #endif
809
231247c0 » gotoyuzo
2003-07-23 * ext/openssl: imported.
810 return Qtrue;
811 }
812
813 static VALUE
814 ossl_ssl_cipher_to_ary(SSL_CIPHER *cipher)
815 {
816 VALUE ary;
817 int bits, alg_bits;
818
819 ary = rb_ary_new2(4);
820 rb_ary_push(ary, rb_str_new2(SSL_CIPHER_get_name(cipher)));
821 rb_ary_push(ary, rb_str_new2(SSL_CIPHER_get_version(cipher)));
822 bits = SSL_CIPHER_get_bits(cipher, &alg_bits);
823 rb_ary_push(ary, INT2FIX(bits));
824 rb_ary_push(ary, INT2FIX(alg_bits));
825
826 return ary;
827 }
828
9ce7494c » technorama
2007-04-03 * ext/openssl/ossl_ssl.c: Add documentation.
829 /*
830 * call-seq:
831 * ctx.ciphers => [[name, version, bits, alg_bits], ...]
41bfc7a7 » drbrain
2010-12-06 Add toplevel documentation for OpenSSL
832 *
833 * The list of ciphers configured for this context.
9ce7494c » technorama
2007-04-03 * ext/openssl/ossl_ssl.c: Add documentation.
834 */
231247c0 » gotoyuzo
2003-07-23 * ext/openssl: imported.
835 static VALUE
836 ossl_sslctx_get_ciphers(VALUE self)
837 {
838 SSL_CTX *ctx;
839 STACK_OF(SSL_CIPHER) *ciphers;
840 SSL_CIPHER *cipher;
841 VALUE ary;
842 int i, num;
843
844 Data_Get_Struct(self, SSL_CTX, ctx);
845 if(!ctx){
846 rb_warning("SSL_CTX is not initialized.");
847 return Qnil;
848 }
849 ciphers = ctx->cipher_list;
850
851 if (!ciphers)
852 return rb_ary_new();
853
78e3dfd9 » nurse
2010-06-11 * ext/openssl/ossl_ssl.c (ossl_sslctx_get_ciphers):
854 num = sk_SSL_CIPHER_num(ciphers);
231247c0 » gotoyuzo
2003-07-23 * ext/openssl: imported.
855 ary = rb_ary_new2(num);
856 for(i = 0; i < num; i++){
78e3dfd9 » nurse
2010-06-11 * ext/openssl/ossl_ssl.c (ossl_sslctx_get_ciphers):
857 cipher = sk_SSL_CIPHER_value(ciphers, i);
231247c0 » gotoyuzo
2003-07-23 * ext/openssl: imported.
858 rb_ary_push(ary, ossl_ssl_cipher_to_ary(cipher));
859 }
860 return ary;
861 }
862
9ce7494c » technorama
2007-04-03 * ext/openssl/ossl_ssl.c: Add documentation.
863 /*
864 * call-seq:
865 * ctx.ciphers = "cipher1:cipher2:..."
866 * ctx.ciphers = [name, ...]
867 * ctx.ciphers = [[name, version, bits, alg_bits], ...]
ff3e943d » drbrain
2010-11-29 Improve documentation for URI::Common#encode_www_form, OpenSSL::SSL::…
868 *
869 * Sets the list of available ciphers for this context. Note in a server
870 * context some ciphers require the appropriate certificates. For example, an
871 * RSA cipher can only be chosen when an RSA certificate is available.
872 *
873 * See also OpenSSL::Cipher and OpenSSL::Cipher::ciphers
9ce7494c » technorama
2007-04-03 * ext/openssl/ossl_ssl.c: Add documentation.
874 */
231247c0 » gotoyuzo
2003-07-23 * ext/openssl: imported.
875 static VALUE
876 ossl_sslctx_set_ciphers(VALUE self, VALUE v)
877 {
878 SSL_CTX *ctx;
879 VALUE str, elem;
880 int i;
881
882 rb_check_frozen(self);
55054497 » gotoyuzo
2005-03-09 * ext/openssl/ossl_ssl.c: OpenSSL::SSL::SSLContexts suports callbacks:
883 if (NIL_P(v))
884 return v;
885 else if (TYPE(v) == T_ARRAY) {
1b3ca9aa » gotoyuzo
2006-03-15 * ext/openssl/ossl_ssl.c, ext/openssl/ossl_nsspki.c: should use
886 str = rb_str_new(0, 0);
21568705 » matz
2006-09-02 * ruby.h (struct RArray): embed small arrays.
887 for (i = 0; i < RARRAY_LEN(v); i++) {
231247c0 » gotoyuzo
2003-07-23 * ext/openssl: imported.
888 elem = rb_ary_entry(v, i);
889 if (TYPE(elem) == T_ARRAY) elem = rb_ary_entry(elem, 0);
890 elem = rb_String(elem);
891 rb_str_append(str, elem);
21568705 » matz
2006-09-02 * ruby.h (struct RArray): embed small arrays.
892 if (i < RARRAY_LEN(v)-1) rb_str_cat2(str, ":");
231247c0 » gotoyuzo
2003-07-23 * ext/openssl: imported.
893 }
894 } else {
895 str = v;
896 StringValue(str);
897 }
898
2edbb9d0 » matz
2004-12-15 * lib/set.rb (Set#==): [ruby-dev:25206]
899 Data_Get_Struct(self, SSL_CTX, ctx);
900 if(!ctx){
901 ossl_raise(eSSLError, "SSL_CTX is not initialized.");
902 return Qnil;
903 }
25c50cd1 » matz
2006-08-31 * ruby.h (struct RString): embed small strings.
904 if (!SSL_CTX_set_cipher_list(ctx, RSTRING_PTR(str))) {
29b0d9d9 » emboss
2011-11-23 * ext/openssl/ossl_pkey_dsa.c: remove redundant colon from error
905 ossl_raise(eSSLError, "SSL_CTX_set_cipher_list");
231247c0 » gotoyuzo
2003-07-23 * ext/openssl: imported.
906 }
55054497 » gotoyuzo
2005-03-09 * ext/openssl/ossl_ssl.c: OpenSSL::SSL::SSLContexts suports callbacks:
907
908 return v;
231247c0 » gotoyuzo
2003-07-23 * ext/openssl: imported.
909 }
910
a05e89ca » technorama
2007-04-02 * ext/openssl/ossl_{ssl.[ch],ssl_session.c}},
911 /*
912 * call-seq:
913 * ctx.session_add(session) -> true | false
914 *
41bfc7a7 » drbrain
2010-12-06 Add toplevel documentation for OpenSSL
915 * Adds +session+ to the session cache
a05e89ca » technorama
2007-04-02 * ext/openssl/ossl_{ssl.[ch],ssl_session.c}},
916 */
917 static VALUE
918 ossl_sslctx_session_add(VALUE self, VALUE arg)
919 {
920 SSL_CTX *ctx;
921 SSL_SESSION *sess;
922
923 Data_Get_Struct(self, SSL_CTX, ctx);
924 SafeGetSSLSession(arg, sess);
925
926 return SSL_CTX_add_session(ctx, sess) == 1 ? Qtrue : Qfalse;
927 }
928
929 /*
930 * call-seq:
931 * ctx.session_remove(session) -> true | false
932 *
41bfc7a7 » drbrain
2010-12-06 Add toplevel documentation for OpenSSL
933 * Removes +session+ from the session cache
a05e89ca » technorama
2007-04-02 * ext/openssl/ossl_{ssl.[ch],ssl_session.c}},
934 */
935 static VALUE
936 ossl_sslctx_session_remove(VALUE self, VALUE arg)
937 {
938 SSL_CTX *ctx;
939 SSL_SESSION *sess;
940
941 Data_Get_Struct(self, SSL_CTX, ctx);
942 SafeGetSSLSession(arg, sess);
943
944 return SSL_CTX_remove_session(ctx, sess) == 1 ? Qtrue : Qfalse;
945 }
946
947 /*
948 * call-seq:
41bfc7a7 » drbrain
2010-12-06 Add toplevel documentation for OpenSSL
949 * ctx.session_cache_mode -> Integer
a05e89ca » technorama
2007-04-02 * ext/openssl/ossl_{ssl.[ch],ssl_session.c}},
950 *
41bfc7a7 » drbrain
2010-12-06 Add toplevel documentation for OpenSSL
951 * The current session cache mode.
a05e89ca » technorama
2007-04-02 * ext/openssl/ossl_{ssl.[ch],ssl_session.c}},
952 */
953 static VALUE
954 ossl_sslctx_get_session_cache_mode(VALUE self)
955 {
956 SSL_CTX *ctx;
957
958 Data_Get_Struct(self, SSL_CTX, ctx);
959
960 return LONG2NUM(SSL_CTX_get_session_cache_mode(ctx));
961 }
962
963 /*
964 * call-seq:
41bfc7a7 » drbrain
2010-12-06 Add toplevel documentation for OpenSSL
965 * ctx.session_cache_mode=(integer) -> Integer
a05e89ca » technorama
2007-04-02 * ext/openssl/ossl_{ssl.[ch],ssl_session.c}},
966 *
41bfc7a7 » drbrain
2010-12-06 Add toplevel documentation for OpenSSL
967 * Sets the SSL session cache mode. Bitwise-or together the desired
968 * SESSION_CACHE_* constants to set. See SSL_CTX_set_session_cache_mode(3) for
969 * details.
a05e89ca » technorama
2007-04-02 * ext/openssl/ossl_{ssl.[ch],ssl_session.c}},
970 */
971 static VALUE
972 ossl_sslctx_set_session_cache_mode(VALUE self, VALUE arg)
973 {
974 SSL_CTX *ctx;
975
976 Data_Get_Struct(self, SSL_CTX, ctx);
977
978 SSL_CTX_set_session_cache_mode(ctx, NUM2LONG(arg));
979
980 return arg;
981 }
982
983 /*
984 * call-seq:
41bfc7a7 » drbrain
2010-12-06 Add toplevel documentation for OpenSSL
985 * ctx.session_cache_size -> Integer
a05e89ca » technorama
2007-04-02 * ext/openssl/ossl_{ssl.[ch],ssl_session.c}},
986 *
41bfc7a7 » drbrain
2010-12-06 Add toplevel documentation for OpenSSL
987 * Returns the current session cache size. Zero is used to represent an
988 * unlimited cache size.
a05e89ca » technorama
2007-04-02 * ext/openssl/ossl_{ssl.[ch],ssl_session.c}},
989 */
990 static VALUE
991 ossl_sslctx_get_session_cache_size(VALUE self)
992 {
993 SSL_CTX *ctx;
994
995 Data_Get_Struct(self, SSL_CTX, ctx);
996
997 return LONG2NUM(SSL_CTX_sess_get_cache_size(ctx));
998 }
999
1000 /*
1001 * call-seq:
41bfc7a7 » drbrain
2010-12-06 Add toplevel documentation for OpenSSL
1002 * ctx.session_cache_size=(integer) -> Integer
a05e89ca » technorama
2007-04-02 * ext/openssl/ossl_{ssl.[ch],ssl_session.c}},
1003 *
41bfc7a7 » drbrain
2010-12-06 Add toplevel documentation for OpenSSL
1004 * Sets the session cache size. Returns the previously valid session cache
1005 * size. Zero is used to represent an unlimited session cache size.
a05e89ca » technorama
2007-04-02 * ext/openssl/ossl_{ssl.[ch],ssl_session.c}},
1006 */
1007 static VALUE
1008 ossl_sslctx_set_session_cache_size(VALUE self, VALUE arg)
1009 {
1010 SSL_CTX *ctx;
1011
1012 Data_Get_Struct(self, SSL_CTX, ctx);
1013
1014 SSL_CTX_sess_set_cache_size(ctx, NUM2LONG(arg));
1015
1016 return arg;
1017 }
1018
1019 /*
1020 * call-seq:
1021 * ctx.session_cache_stats -> Hash
1022 *
41bfc7a7 » drbrain
2010-12-06 Add toplevel documentation for OpenSSL
1023 * Returns a Hash containing the following keys:
1024 *
1025 * :accept:: Number of started SSL/TLS handshakes in server mode
1026 * :accept_good:: Number of established SSL/TLS sessions in server mode
1027 * :accept_renegotiate:: Number of start renegotiations in server mode
1028 * :cache_full:: Number of sessions that were removed due to cache overflow
1029 * :cache_hits:: Number of successfully reused connections
1030 * :cache_misses:: Number of sessions proposed by clients that were not found
1031 * in the cache
1032 * :cache_num:: Number of sessions in the internal session cache
1033 * :cb_hits:: Number of sessions retrieved from the external cache in server
1034 * mode
1035 * :connect:: Number of started SSL/TLS handshakes in client mode
1036 * :connect_good:: Number of established SSL/TLS sessions in client mode
1037 * :connect_renegotiate:: Number of start renegotiations in client mode
1038 * :timeouts:: Number of sessions proposed by clients that were found in the
1039 * cache but had expired due to timeouts
a05e89ca » technorama
2007-04-02 * ext/openssl/ossl_{ssl.[ch],ssl_session.c}},
1040 */
1041 static VALUE
1042 ossl_sslctx_get_session_cache_stats(VALUE self)
1043 {
1044 SSL_CTX *ctx;
1045 VALUE hash;
1046
1047 Data_Get_Struct(self, SSL_CTX, ctx);
1048
1049 hash = rb_hash_new();
45acd59d » technorama
2008-04-20 * ext/openssl/ossl_ssl.c: Switch stats hash key from string to symbol.
1050 rb_hash_aset(hash, ID2SYM(rb_intern("cache_num")), LONG2NUM(SSL_CTX_sess_number(ctx)));
1051 rb_hash_aset(hash, ID2SYM(rb_intern("connect")), LONG2NUM(SSL_CTX_sess_connect(ctx)));
1052 rb_hash_aset(hash, ID2SYM(rb_intern("connect_good")), LONG2NUM(SSL_CTX_sess_connect_good(ctx)));
1053 rb_hash_aset(hash, ID2SYM(rb_intern("connect_renegotiate")), LONG2NUM(SSL_CTX_sess_connect_renegotiate(ctx)));
1054 rb_hash_aset(hash, ID2SYM(rb_intern("accept")), LONG2NUM(SSL_CTX_sess_accept(ctx)));
1055 rb_hash_aset(hash, ID2SYM(rb_intern("accept_good")), LONG2NUM(SSL_CTX_sess_accept_good(ctx)));
1056 rb_hash_aset(hash, ID2SYM(rb_intern("accept_renegotiate")), LONG2NUM(SSL_CTX_sess_accept_renegotiate(ctx)));
1057 rb_hash_aset(hash, ID2SYM(rb_intern("cache_hits")), LONG2NUM(SSL_CTX_sess_hits(ctx)));
1058 rb_hash_aset(hash, ID2SYM(rb_intern("cb_hits")), LONG2NUM(SSL_CTX_sess_cb_hits(ctx)));
1059 rb_hash_aset(hash, ID2SYM(rb_intern("cache_misses")), LONG2NUM(SSL_CTX_sess_misses(ctx)));
1060 rb_hash_aset(hash, ID2SYM(rb_intern("cache_full")), LONG2NUM(SSL_CTX_sess_cache_full(ctx)));
1061 rb_hash_aset(hash, ID2SYM(rb_intern("timeouts")), LONG2NUM(SSL_CTX_sess_timeouts(ctx)));
a05e89ca » technorama
2007-04-02 * ext/openssl/ossl_{ssl.[ch],ssl_session.c}},
1062
1063 return hash;
1064 }
1065
1066
1067 /*
1068 * call-seq:
1069 * ctx.flush_sessions(time | nil) -> self
1070 *
41bfc7a7 » drbrain
2010-12-06 Add toplevel documentation for OpenSSL
1071 * Removes sessions in the internal cache that have expired at +time+.
a05e89ca » technorama
2007-04-02 * ext/openssl/ossl_{ssl.[ch],ssl_session.c}},
1072 */
1073 static VALUE
1074 ossl_sslctx_flush_sessions(int argc, VALUE *argv, VALUE self)
1075 {
1076 VALUE arg1;
1077 SSL_CTX *ctx;
1078 time_t tm = 0;
1079
1080 rb_scan_args(argc, argv, "01", &arg1);
1081
1082 Data_Get_Struct(self, SSL_CTX, ctx);
1083
1084 if (NIL_P(arg1)) {
1085 tm = time(0);
1086 } else if (rb_obj_is_instance_of(arg1, rb_cTime)) {
1087 tm = NUM2LONG(rb_funcall(arg1, rb_intern("to_i"), 0));
1088 } else {
26cb830d » emboss
2011-06-22 * ext/openssl/ossl.h: Introduced OSSL_BIO_reset macro for PEM/DER
1089 ossl_raise(rb_eArgError, "arg must be Time or nil");
a05e89ca » technorama
2007-04-02 * ext/openssl/ossl_{ssl.[ch],ssl_session.c}},
1090 }
1091
1f46af14 » nobu
2009-03-13 * ext/openssl/openssl_missing.h (i2d_of_void): cast for callbacks.
1092 SSL_CTX_flush_sessions(ctx, (long)tm);
a05e89ca » technorama
2007-04-02 * ext/openssl/ossl_{ssl.[ch],ssl_session.c}},
1093
1094 return self;
1095 }
1096
231247c0 » gotoyuzo
2003-07-23 * ext/openssl: imported.
1097 /*
1098 * SSLSocket class
1099 */
ee22fad4 » yugui
2013-05-13 * ext/openssl/ossl_ssl.c: Disabled OpenSSL::SSL::SSLSocket if
1100 #ifndef OPENSSL_NO_SOCK
231247c0 » gotoyuzo
2003-07-23 * ext/openssl: imported.
1101 static void
1102 ossl_ssl_shutdown(SSL *ssl)
1103 {
369b0950 » nahi
2011-06-24 * ext/openssl/ossl_ssl.c (ossl_ssl_shutdown): Try to shutdown SSL
1104 int i, rc;
1105
231247c0 » gotoyuzo
2003-07-23 * ext/openssl: imported.
1106 if (ssl) {
369b0950 » nahi
2011-06-24 * ext/openssl/ossl_ssl.c (ossl_ssl_shutdown): Try to shutdown SSL
1107 /* 4 is from SSL_smart_shutdown() of mod_ssl.c (v2.2.19) */
1108 /* It says max 2x pending + 2x data = 4 */
1109 for (i = 0; i < 4; ++i) {
1110 /*
1111 * Ignore the case SSL_shutdown returns -1. Empty handshake_func
1112 * must not happen.
1113 */
1114 if (rc = SSL_shutdown(ssl))
1115 break;
1116 }
6c8a2fe2 » nahi
2011-07-25 * ext/openssl/ossl_ssl.c (ossl_ssl_shutdown): Avoid randomly generated
1117 SSL_clear(ssl);
50ba64ab » emboss
2012-05-26 * ext/openssl/ossl_ssl.c: Allow disabling client-side renegotiation.
1118 ERR_clear_error();
231247c0 » gotoyuzo
2003-07-23 * ext/openssl: imported.
1119 }
1120 }
1121
1122 static void
1123 ossl_ssl_free(SSL *ssl)
1124 {
1125 SSL_free(ssl);
1126 }
1127
1128 static VALUE
1129 ossl_ssl_s_alloc(VALUE klass)
1130 {
1131 return Data_Wrap_Struct(klass, 0, ossl_ssl_free, NULL);
1132 }
1133
9ce7494c » technorama
2007-04-03 * ext/openssl/ossl_ssl.c: Add documentation.
1134 /*
1135 * call-seq:
1136 * SSLSocket.new(io) => aSSLSocket
1137 * SSLSocket.new(io, ctx) => aSSLSocket
1138 *
41bfc7a7 » drbrain
2010-12-06 Add toplevel documentation for OpenSSL
1139 * Creates a new SSL socket from +io+ which must be a real ruby object (not an
ee0478bc » zzak
2013-05-31 * ext/openssl/ossl_ssl.c: Add missing paren in rdoc [Fix GH-321]
1140 * IO-like object that responds to read/write).
41bfc7a7 » drbrain
2010-12-06 Add toplevel documentation for OpenSSL
1141 *
1142 * If +ctx+ is provided the SSL Sockets initial params will be taken from
1143 * the context.
9ce7494c » technorama
2007-04-03 * ext/openssl/ossl_ssl.c: Add documentation.
1144 *
1145 * The OpenSSL::Buffering module provides additional IO methods.
1146 *
1147 * This method will freeze the SSLContext if one is provided;
1148 * however, session management is still allowed in the frozen SSLContext.
1149 */
231247c0 » gotoyuzo
2003-07-23 * ext/openssl: imported.
1150 static VALUE
1151 ossl_ssl_initialize(int argc, VALUE *argv, VALUE self)
1152 {
1153 VALUE io, ctx;
1154
1155 if (rb_scan_args(argc, argv, "11", &io, &ctx) == 1) {
1156 ctx = rb_funcall(cSSLContext, rb_intern("new"), 0);
1157 }
1158 OSSL_Check_Kind(ctx, cSSLContext);
1159 Check_Type(io, T_FILE);
1160 ossl_ssl_set_io(self, io);
1161 ossl_ssl_set_ctx(self, ctx);
ba64282c » gotoyuzo
2003-08-18 * ext/openssl/ossl_ssl.c: sync_close is moved to SSLSocket as
1162 ossl_ssl_set_sync_close(self, Qfalse);
231247c0 » gotoyuzo
2003-07-23 * ext/openssl: imported.
1163 ossl_sslctx_setup(ctx);
46e08691 » nahi
2009-12-02 * ext/openssl/ossl_ssl.c: initialize @hostname of SSLSocket to avoid
1164
1165 rb_iv_set(self, "@hostname", Qnil);
1166
2e0b6e28 » gotoyuzo
2003-10-29 * ext/openssl/lib/openssl/buffering.rb (Buffering#initialize):
1167 rb_call_super(0, 0);
231247c0 » gotoyuzo
2003-07-23 * ext/openssl: imported.
1168
1169 return self;
1170 }
1171
1172 static VALUE
1173 ossl_ssl_setup(VALUE self)
1174 {
55054497 » gotoyuzo
2005-03-09 * ext/openssl/ossl_ssl.c: OpenSSL::SSL::SSLContexts suports callbacks:
1175 VALUE io, v_ctx, cb;
231247c0 » gotoyuzo
2003-07-23 * ext/openssl: imported.
1176 SSL_CTX *ctx;
1177 SSL *ssl;
5b10c170 » nobu
2007-02-24 * file.c, gc.c, io.c, ruby.h, rubyio.h, win32/win32.h (rb_io_t):
1178 rb_io_t *fptr;
231247c0 » gotoyuzo
2003-07-23 * ext/openssl: imported.
1179
1180 Data_Get_Struct(self, SSL, ssl);
1181 if(!ssl){
7361a2ec » technorama
2009-01-24 * ext/openssl/ossl_ssl.c: Server Name Indication support.
1182 #ifdef HAVE_SSL_SET_TLSEXT_HOST_NAME
1183 VALUE hostname = rb_iv_get(self, "@hostname");
1184 #endif
1185
231247c0 » gotoyuzo
2003-07-23 * ext/openssl: imported.
1186 v_ctx = ossl_ssl_get_ctx(self);
1187 Data_Get_Struct(v_ctx, SSL_CTX, ctx);
1188
1189 ssl = SSL_new(ctx);
1190 if (!ssl) {
29b0d9d9 » emboss
2011-11-23 * ext/openssl/ossl_pkey_dsa.c: remove redundant colon from error
1191 ossl_raise(eSSLError, "SSL_new");
231247c0 » gotoyuzo
2003-07-23 * ext/openssl: imported.
1192 }
1193 DATA_PTR(self) = ssl;
1194
7361a2ec » technorama
2009-01-24 * ext/openssl/ossl_ssl.c: Server Name Indication support.
1195 #ifdef HAVE_SSL_SET_TLSEXT_HOST_NAME
1196 if (!NIL_P(hostname)) {
1197 if (SSL_set_tlsext_host_name(ssl, StringValuePtr(hostname)) != 1)
29b0d9d9 » emboss
2011-11-23 * ext/openssl/ossl_pkey_dsa.c: remove redundant colon from error
1198 ossl_raise(eSSLError, "SSL_set_tlsext_host_name");
7361a2ec » technorama
2009-01-24 * ext/openssl/ossl_ssl.c: Server Name Indication support.
1199 }
1200 #endif
231247c0 » gotoyuzo
2003-07-23 * ext/openssl: imported.
1201 io = ossl_ssl_get_io(self);
1202 GetOpenFile(io, fptr);
1203 rb_io_check_readable(fptr);
1204 rb_io_check_writable(fptr);
3930d3b3 » technorama
2007-04-02 * ext/openssl/{ossl.[ch],ossl_pkey.c} Add documentation.
1205 SSL_set_fd(ssl, TO_SOCKET(FPTR_TO_FD(fptr)));
55054497 » gotoyuzo
2005-03-09 * ext/openssl/ossl_ssl.c: OpenSSL::SSL::SSLContexts suports callbacks:
1206 SSL_set_ex_data(ssl, ossl_ssl_ex_ptr_idx, (void*)self);
1207 cb = ossl_sslctx_get_verify_cb(v_ctx);
1208 SSL_set_ex_data(ssl, ossl_ssl_ex_vcb_idx, (void*)cb);
1209 cb = ossl_sslctx_get_client_cert_cb(v_ctx);
1210 SSL_set_ex_data(ssl, ossl_ssl_ex_client_cert_cb_idx, (void*)cb);
1211 cb = ossl_sslctx_get_tmp_dh_cb(v_ctx);
1212 SSL_set_ex_data(ssl, ossl_ssl_ex_tmp_dh_callback_idx, (void*)cb);
14ba7fab » emboss
2012-06-09 * ext/openssl/ossl_ssl.c: Introduce SSLContext#renegotiation_cb and
1213 SSL_set_info_callback(ssl, ssl_info_cb);
231247c0 » gotoyuzo
2003-07-23 * ext/openssl: imported.
1214 }
1215
1216 return Qtrue;
1217 }
1218
82849c97 » unak
2005-03-07 * ext/openssl/ossl_ssl.c (ossl_start_ssl, ossl_ssl_read,
1219 #ifdef _WIN32
08c07a21 » akr
2011-03-09 * ext/openssl/ossl_ssl.c: parenthesize macro arguments.
1220 #define ssl_get_error(ssl, ret) (errno = rb_w32_map_errno(WSAGetLastError()), SSL_get_error((ssl), (ret)))
82849c97 » unak
2005-03-07 * ext/openssl/ossl_ssl.c (ossl_start_ssl, ossl_ssl_read,
1221 #else
08c07a21 » akr
2011-03-09 * ext/openssl/ossl_ssl.c: parenthesize macro arguments.
1222 #define ssl_get_error(ssl, ret) SSL_get_error((ssl), (ret))
82849c97 » unak
2005-03-07 * ext/openssl/ossl_ssl.c (ossl_start_ssl, ossl_ssl_read,
1223 #endif
1224
25e6db3e » emboss
2012-08-31 * ext/openssl/extconf.rb: Check existence of OPENSSL_NPN_NEGOTIATED.
1225 #define ossl_ssl_data_get_struct(v, ssl) \
1226 do { \
1227 Data_Get_Struct((v), SSL, (ssl)); \
1228 if (!(ssl)) { \
1229 rb_warning("SSL session is not started yet."); \
1230 return Qnil; \
1231 } \
1232 } while (0)
1233
7fd155cf » akr
2009-03-21 * ext/openssl/ossl_ssl.c (write_would_block): defined.
1234 static void
1235 write_would_block(int nonblock)
1236 {
1237 if (nonblock) {
89bda514 » nurse
2013-04-11 Fix typo
1238 VALUE exc = ossl_exc_new(eSSLErrorWaitWritable, "write would block");
7fd155cf » akr
2009-03-21 * ext/openssl/ossl_ssl.c (write_would_block): defined.
1239 rb_exc_raise(exc);
1240 }
1241 }
1242
1243 static void
1244 read_would_block(int nonblock)
1245 {
1246 if (nonblock) {
0626d9b9 » headius
2013-04-08 Fix #6154 by introducing new EAGAIN/EWOULDBLOCK/EINPROGRESS
1247 VALUE exc = ossl_exc_new(eSSLErrorWaitReadable, "read would block");
7fd155cf » akr
2009-03-21 * ext/openssl/ossl_ssl.c (write_would_block): defined.
1248 rb_exc_raise(exc);
1249 }
1250 }
1251
a9fb0817 » gotoyuzo
2005-03-05 * ext/openssl/ossl_ssl.c (ossl_start_ssl): should wait for that
1252 static VALUE
7fd155cf » akr
2009-03-21 * ext/openssl/ossl_ssl.c (write_would_block): defined.
1253 ossl_start_ssl(VALUE self, int (*func)(), const char *funcname, int nonblock)
70daacc5 » gotoyuzo
2003-12-06 * ext/openssl/ossl_ssl.c (ossl_start_ssl): new function to wrap
1254 {
a9fb0817 » gotoyuzo
2005-03-05 * ext/openssl/ossl_ssl.c (ossl_start_ssl): should wait for that
1255 SSL *ssl;
5b10c170 » nobu
2007-02-24 * file.c, gc.c, io.c, ruby.h, rubyio.h, win32/win32.h (rb_io_t):
1256 rb_io_t *fptr;
a05e89ca » technorama
2007-04-02 * ext/openssl/ossl_{ssl.[ch],ssl_session.c}},
1257 int ret, ret2;
1258 VALUE cb_state;
1259
1260 rb_ivar_set(self, ID_callback_state, Qnil);
70daacc5 » gotoyuzo
2003-12-06 * ext/openssl/ossl_ssl.c (ossl_start_ssl): new function to wrap
1261
25e6db3e » emboss
2012-08-31 * ext/openssl/extconf.rb: Check existence of OPENSSL_NPN_NEGOTIATED.
1262 ossl_ssl_data_get_struct(self, ssl);
1263
a9fb0817 » gotoyuzo
2005-03-05 * ext/openssl/ossl_ssl.c (ossl_start_ssl): should wait for that
1264 GetOpenFile(ossl_ssl_get_io(self), fptr);
70daacc5 » gotoyuzo
2003-12-06 * ext/openssl/ossl_ssl.c (ossl_start_ssl): new function to wrap
1265 for(;;){
7361a2ec » technorama
2009-01-24 * ext/openssl/ossl_ssl.c: Server Name Indication support.
1266 ret = func(ssl);
1267
1268 cb_state = rb_ivar_get(self, ID_callback_state);
1269 if (!NIL_P(cb_state))
1270 rb_jump_tag(NUM2INT(cb_state));
1271
1272 if (ret > 0)
1273 break;
1274
a05e89ca » technorama
2007-04-02 * ext/openssl/ossl_{ssl.[ch],ssl_session.c}},
1275 switch((ret2 = ssl_get_error(ssl, ret))){
70daacc5 » gotoyuzo
2003-12-06 * ext/openssl/ossl_ssl.c (ossl_start_ssl): new function to wrap
1276 case SSL_ERROR_WANT_WRITE:
7fd155cf » akr
2009-03-21 * ext/openssl/ossl_ssl.c (write_would_block): defined.
1277 write_would_block(nonblock);
3930d3b3 » technorama
2007-04-02 * ext/openssl/{ossl.[ch],ossl_pkey.c} Add documentation.
1278 rb_io_wait_writable(FPTR_TO_FD(fptr));
a9fb0817 » gotoyuzo
2005-03-05 * ext/openssl/ossl_ssl.c (ossl_start_ssl): should wait for that
1279 continue;
70daacc5 » gotoyuzo
2003-12-06 * ext/openssl/ossl_ssl.c (ossl_start_ssl): new function to wrap
1280 case SSL_ERROR_WANT_READ:
7fd155cf » akr
2009-03-21 * ext/openssl/ossl_ssl.c (write_would_block): defined.
1281 read_would_block(nonblock);
3930d3b3 » technorama
2007-04-02 * ext/openssl/{ossl.[ch],ossl_pkey.c} Add documentation.
1282 rb_io_wait_readable(FPTR_TO_FD(fptr));
a9fb0817 » gotoyuzo
2005-03-05 * ext/openssl/ossl_ssl.c (ossl_start_ssl): should wait for that
1283 continue;
1284 case SSL_ERROR_SYSCALL:
913827b6 » emboss
2012-05-25 * ext/openssl/ossl_ssl.c: Revert r35583
1285 if (errno) rb_sys_fail(funcname);
a05e89ca » technorama
2007-04-02 * ext/openssl/ossl_{ssl.[ch],ssl_session.c}},
1286 ossl_raise(eSSLError, "%s SYSCALL returned=%d errno=%d state=%s", funcname, ret2, errno, SSL_state_string_long(ssl));
70daacc5 » gotoyuzo
2003-12-06 * ext/openssl/ossl_ssl.c (ossl_start_ssl): new function to wrap
1287 default:
a05e89ca » technorama
2007-04-02 * ext/openssl/ossl_{ssl.[ch],ssl_session.c}},
1288 ossl_raise(eSSLError, "%s returned=%d errno=%d state=%s", funcname, ret2, errno, SSL_state_string_long(ssl));
70daacc5 » gotoyuzo
2003-12-06 * ext/openssl/ossl_ssl.c (ossl_start_ssl): new function to wrap
1289 }
1290 }
a9fb0817 » gotoyuzo
2005-03-05 * ext/openssl/ossl_ssl.c (ossl_start_ssl): should wait for that
1291
1292 return self;
70daacc5 » gotoyuzo
2003-12-06 * ext/openssl/ossl_ssl.c (ossl_start_ssl): new function to wrap
1293 }
1294
9ce7494c » technorama
2007-04-03 * ext/openssl/ossl_ssl.c: Add documentation.
1295 /*
1296 * call-seq:
1297 * ssl.connect => self
41bfc7a7 » drbrain
2010-12-06 Add toplevel documentation for OpenSSL
1298 *
1299 * Initiates an SSL/TLS handshake with a server. The handshake may be started
1300 * after unencrypted data has been sent over the socket.
9ce7494c » technorama
2007-04-03 * ext/openssl/ossl_ssl.c: Add documentation.
1301 */
231247c0 » gotoyuzo
2003-07-23 * ext/openssl: imported.
1302 static VALUE
1303 ossl_ssl_connect(VALUE self)
1304 {
1305 ossl_ssl_setup(self);
7fd155cf » akr
2009-03-21 * ext/openssl/ossl_ssl.c (write_would_block): defined.
1306 return ossl_start_ssl(self, SSL_connect, "SSL_connect", 0);
1307 }
1308
1309 /*
1310 * call-seq:
1311 * ssl.connect_nonblock => self
5bdeb55a » akr
2009-03-21 rdoc update.
1312 *
41bfc7a7 » drbrain
2010-12-06 Add toplevel documentation for OpenSSL
1313 * Initiates the SSL/TLS handshake as a client in non-blocking manner.
5bdeb55a » akr
2009-03-21 rdoc update.
1314 *
1315 * # emulates blocking connect
1316 * begin
1317 * ssl.connect_nonblock
1318 * rescue IO::WaitReadable
1319 * IO.select([s2])
1320 * retry
1321 * rescue IO::WaitWritable
1322 * IO.select(nil, [s2])
1323 * retry
1324 * end
1325 *
7fd155cf » akr
2009-03-21 * ext/openssl/ossl_ssl.c (write_would_block): defined.
1326 */
1327 static VALUE
1328 ossl_ssl_connect_nonblock(VALUE self)
1329 {
1330 ossl_ssl_setup(self);
1331 return ossl_start_ssl(self, SSL_connect, "SSL_connect", 1);
231247c0 » gotoyuzo
2003-07-23 * ext/openssl: imported.
1332 }
1333
9ce7494c » technorama
2007-04-03 * ext/openssl/ossl_ssl.c: Add documentation.
1334 /*
1335 * call-seq:
1336 * ssl.accept => self
41bfc7a7 » drbrain
2010-12-06 Add toplevel documentation for OpenSSL
1337 *
1338 * Waits for a SSL/TLS client to initiate a handshake. The handshake may be
1339 * started after unencrypted data has been sent over the socket.
9ce7494c » technorama
2007-04-03 * ext/openssl/ossl_ssl.c: Add documentation.
1340 */
231247c0 » gotoyuzo
2003-07-23 * ext/openssl: imported.
1341 static VALUE
1342 ossl_ssl_accept(VALUE self)
1343 {
1344 ossl_ssl_setup(self);
7fd155cf » akr
2009-03-21 * ext/openssl/ossl_ssl.c (write_would_block): defined.
1345 return ossl_start_ssl(self, SSL_accept, "SSL_accept", 0);
1346 }
1347
1348 /*
1349 * call-seq:
1350 * ssl.accept_nonblock => self
5bdeb55a » akr
2009-03-21 rdoc update.
1351 *
41bfc7a7 » drbrain
2010-12-06 Add toplevel documentation for OpenSSL
1352 * Initiates the SSL/TLS handshake as a server in non-blocking manner.
5bdeb55a » akr
2009-03-21 rdoc update.
1353 *
1354 * # emulates blocking accept
1355 * begin
1356 * ssl.accept_nonblock
1357 * rescue IO::WaitReadable
1358 * IO.select([s2])
1359 * retry
1360 * rescue IO::WaitWritable
1361 * IO.select(nil, [s2])
1362 * retry
1363 * end
1364 *
7fd155cf » akr
2009-03-21 * ext/openssl/ossl_ssl.c (write_would_block): defined.
1365 */
1366 static VALUE
1367 ossl_ssl_accept_nonblock(VALUE self)
1368 {
1369 ossl_ssl_setup(self);
1370 return ossl_start_ssl(self, SSL_accept, "SSL_accept", 1);
231247c0 » gotoyuzo
2003-07-23 * ext/openssl: imported.
1371 }
1372
1373 static VALUE
cb4d7b1a » akr
2008-12-31 * ext/openssl/lib/openssl/buffering.rb (Buffering#read_nonblock):
1374 ossl_ssl_read_internal(int argc, VALUE *argv, VALUE self, int nonblock)
57f7d8c2 » matz
2008-12-04 * ext/openssl/ossl_ssl.c (ossl_ssl_read_nonblock):
1375 {
231247c0 » gotoyuzo
2003-07-23 * ext/openssl: imported.
1376 SSL *ssl;
1377 int ilen, nread = 0;
988ca605 » tenderlove
2013-08-26 * io.c (io_read_nonblock): support non-blocking reads without raising
1378 int no_exception = 0;
fde5c3ff » gotoyuzo
2004-05-26 * ext/openssl/ossl_ssl.c (ossl_ssl_read): take optional second argument
1379 VALUE len, str;
5b10c170 » nobu
2007-02-24 * file.c, gc.c, io.c, ruby.h, rubyio.h, win32/win32.h (rb_io_t):
1380 rb_io_t *fptr;
988ca605 » tenderlove
2013-08-26 * io.c (io_read_nonblock): support non-blocking reads without raising
1381 VALUE opts = Qnil;
1382
1383 rb_scan_args(argc, argv, "11:", &len, &str, &opts);
1384
1385 if (!NIL_P(opts) && Qfalse == rb_hash_aref(opts, sym_exception))
1386 no_exception = 1;
231247c0 » gotoyuzo
2003-07-23 * ext/openssl: imported.
1387
1388 ilen = NUM2INT(len);
fde5c3ff » gotoyuzo
2004-05-26 * ext/openssl/ossl_ssl.c (ossl_ssl_read): take optional second argument
1389 if(NIL_P(str)) str = rb_str_new(0, ilen);
1390 else{
1391 StringValue(str);
1392 rb_str_modify(str);
1393 rb_str_resize(str, ilen);
1394 }
7b505316 » gotoyuzo
2004-08-22 * ext/openssl/ossl_ssl.c (ossl_ssl_read):
1395 if(ilen == 0) return str;
231247c0 » gotoyuzo
2003-07-23 * ext/openssl: imported.
1396
2edbb9d0 » matz
2004-12-15 * lib/set.rb (Set#==): [ruby-dev:25206]
1397 Data_Get_Struct(self, SSL, ssl);
1398 GetOpenFile(ossl_ssl_get_io(self), fptr);
231247c0 » gotoyuzo
2003-07-23 * ext/openssl: imported.
1399 if (ssl) {
cb4d7b1a » akr
2008-12-31 * ext/openssl/lib/openssl/buffering.rb (Buffering#read_nonblock):
1400 if(!nonblock && SSL_pending(ssl) <= 0)
1401 rb_thread_wait_fd(FPTR_TO_FD(fptr));
932075e8 » gotoyuzo
2003-12-24 * ext/openssl/ossl_ssl.c (ossl_ssl_read): should check for error
1402 for (;;){
3a16cc24 » nurse
2011-03-24 * ext/openssl/ossl.c: surpress warning: shorten-64-to-32.
1403 nread = SSL_read(ssl, RSTRING_PTR(str), RSTRING_LENINT(str));
cb4d7b1a » akr
2008-12-31 * ext/openssl/lib/openssl/buffering.rb (Buffering#read_nonblock):
1404 switch(ssl_get_error(ssl, nread)){
932075e8 » gotoyuzo
2003-12-24 * ext/openssl/ossl_ssl.c (ossl_ssl_read): should check for error
1405 case SSL_ERROR_NONE:
1406 goto end;
1407 case SSL_ERROR_ZERO_RETURN:
988ca605 » tenderlove
2013-08-26 * io.c (io_read_nonblock): support non-blocking reads without raising
1408 if (no_exception) { return Qnil; }
7b505316 » gotoyuzo
2004-08-22 * ext/openssl/ossl_ssl.c (ossl_ssl_read):
1409 rb_eof_error();
932075e8 » gotoyuzo
2003-12-24 * ext/openssl/ossl_ssl.c (ossl_ssl_read): should check for error
1410 case SSL_ERROR_WANT_WRITE:
988ca605 » tenderlove
2013-08-26 * io.c (io_read_nonblock): support non-blocking reads without raising
1411 if (no_exception) { return ID2SYM(rb_intern("wait_writable")); }
7fd155cf » akr
2009-03-21 * ext/openssl/ossl_ssl.c (write_would_block): defined.
1412 write_would_block(nonblock);
3930d3b3 » technorama
2007-04-02 * ext/openssl/{ossl.[ch],ossl_pkey.c} Add documentation.
1413 rb_io_wait_writable(FPTR_TO_FD(fptr));
a9fb0817 » gotoyuzo
2005-03-05 * ext/openssl/ossl_ssl.c (ossl_start_ssl): should wait for that
1414 continue;
932075e8 » gotoyuzo
2003-12-24 * ext/openssl/ossl_ssl.c (ossl_ssl_read): should check for error
1415 case SSL_ERROR_WANT_READ:
988ca605 » tenderlove
2013-08-26 * io.c (io_read_nonblock): support non-blocking reads without raising
1416 if (no_exception) { return ID2SYM(rb_intern("wait_readable")); }
7fd155cf » akr
2009-03-21 * ext/openssl/ossl_ssl.c (write_would_block): defined.
1417 read_would_block(nonblock);
cb4d7b1a » akr
2008-12-31 * ext/openssl/lib/openssl/buffering.rb (Buffering#read_nonblock):
1418 rb_io_wait_readable(FPTR_TO_FD(fptr));
932075e8 » gotoyuzo
2003-12-24 * ext/openssl/ossl_ssl.c (ossl_ssl_read): should check for error
1419 continue;
7b505316 » gotoyuzo
2004-08-22 * ext/openssl/ossl_ssl.c (ossl_ssl_read):
1420 case SSL_ERROR_SYSCALL:
988ca605 » tenderlove
2013-08-26 * io.c (io_read_nonblock): support non-blocking reads without raising
1421 if(ERR_peek_error() == 0 && nread == 0) {
1422 if (no_exception) { return Qnil; }
1423 rb_eof_error();
1424 }
a579d8bf » gotoyuzo
2005-02-15 * ext/openssl/ossl_ssl.c (ossl_ssl_read, ossl_ssl_write): should
1425 rb_sys_fail(0);
932075e8 » gotoyuzo
2003-12-24 * ext/openssl/ossl_ssl.c (ossl_ssl_read): should check for error
1426 default:
29b0d9d9 » emboss
2011-11-23 * ext/openssl/ossl_pkey_dsa.c: remove redundant colon from error
1427 ossl_raise(eSSLError, "SSL_read");
932075e8 » gotoyuzo
2003-12-24 * ext/openssl/ossl_ssl.c (ossl_ssl_read): should check for error
1428 }
231247c0 » gotoyuzo
2003-07-23 * ext/openssl: imported.
1429 }
1430 }
1431 else {
cb4d7b1a » akr
2008-12-31 * ext/openssl/lib/openssl/buffering.rb (Buffering#read_nonblock):
1432 ID meth = nonblock ? rb_intern("read_nonblock") : rb_intern("sysread");
231247c0 » gotoyuzo
2003-07-23 * ext/openssl: imported.
1433 rb_warning("SSL session is not started yet.");
e25f3587 » tenderlove
2014-01-28 * ext/openssl/ossl_ssl.c: pass read_nonblock options to underlying IO
1434 if (nonblock) {
1435 return rb_funcall(ossl_ssl_get_io(self), meth, 3, len, str, opts);
1436 } else {
1437 return rb_funcall(ossl_ssl_get_io(self), meth, 2, len, str);
1438 }
231247c0 » gotoyuzo
2003-07-23 * ext/openssl: imported.
1439 }
1440
932075e8 » gotoyuzo
2003-12-24 * ext/openssl/ossl_ssl.c (ossl_ssl_read): should check for error
1441 end:
25c50cd1 » matz
2006-08-31 * ruby.h (struct RString): embed small strings.
1442 rb_str_set_len(str, nread);
231247c0 » gotoyuzo
2003-07-23 * ext/openssl: imported.
1443 OBJ_TAINT(str);
1444
1445 return str;
1446 }
1447
cb4d7b1a » akr
2008-12-31 * ext/openssl/lib/openssl/buffering.rb (Buffering#read_nonblock):
1448 /*
1449 * call-seq:
1450 * ssl.sysread(length) => string
1451 * ssl.sysread(length, buffer) => buffer
1452 *
41bfc7a7 » drbrain
2010-12-06 Add toplevel documentation for OpenSSL
1453 * Reads +length+ bytes from the SSL connection. If a pre-allocated +buffer+
1454 * is provided the data will be written into it.
cb4d7b1a » akr
2008-12-31 * ext/openssl/lib/openssl/buffering.rb (Buffering#read_nonblock):
1455 */
1456 static VALUE
1457 ossl_ssl_read(int argc, VALUE *argv, VALUE self)
1458 {
1459 return ossl_ssl_read_internal(argc, argv, self, 0);
1460 }
1461
1462 /*
1463 * call-seq:
1464 * ssl.sysread_nonblock(length) => string
1465 * ssl.sysread_nonblock(length, buffer) => buffer
988ca605 » tenderlove
2013-08-26 * io.c (io_read_nonblock): support non-blocking reads without raising
1466 * ssl.sysread_nonblock(length[, buffer [, opts]) => buffer
cb4d7b1a » akr
2008-12-31 * ext/openssl/lib/openssl/buffering.rb (Buffering#read_nonblock):
1467 *
41bfc7a7 » drbrain
2010-12-06 Add toplevel documentation for OpenSSL
1468 * A non-blocking version of #sysread. Raises an SSLError if reading would
988ca605 » tenderlove
2013-08-26 * io.c (io_read_nonblock): support non-blocking reads without raising
1469 * block. If "exception: false" is passed, this method returns a symbol of
00aff4d8 » drbrain
2013-08-27 * ext/openssl/ossl_ssl.c (ossl_ssl_read): Replace duplicate
1470 * :wait_readable, :wait_writable, or nil, rather than raising an exception.
41bfc7a7 » drbrain
2010-12-06 Add toplevel documentation for OpenSSL
1471 *
1472 * Reads +length+ bytes from the SSL connection. If a pre-allocated +buffer+
1473 * is provided the data will be written into it.
cb4d7b1a » akr
2008-12-31 * ext/openssl/lib/openssl/buffering.rb (Buffering#read_nonblock):
1474 */
1475 static VALUE
1476 ossl_ssl_read_nonblock(int argc, VALUE *argv, VALUE self)
1477 {
1478 return ossl_ssl_read_internal(argc, argv, self, 1);
1479 }
1480
231247c0 » gotoyuzo
2003-07-23 * ext/openssl: imported.
1481 static VALUE
988ca605 » tenderlove
2013-08-26 * io.c (io_read_nonblock): support non-blocking reads without raising
1482 ossl_ssl_write_internal(VALUE self, VALUE str, int nonblock, int no_exception)
231247c0 » gotoyuzo
2003-07-23 * ext/openssl: imported.
1483 {
1484 SSL *ssl;
1485 int nwrite = 0;
5b10c170 » nobu
2007-02-24 * file.c, gc.c, io.c, ruby.h, rubyio.h, win32/win32.h (rb_io_t):
1486 rb_io_t *fptr;
231247c0 » gotoyuzo
2003-07-23 * ext/openssl: imported.
1487
1488 StringValue(str);
2edbb9d0 » matz
2004-12-15 * lib/set.rb (Set#==): [ruby-dev:25206]
1489 Data_Get_Struct(self, SSL, ssl);
a9fb0817 » gotoyuzo
2005-03-05 * ext/openssl/ossl_ssl.c (ossl_start_ssl): should wait for that
1490 GetOpenFile(ossl_ssl_get_io(self), fptr);
231247c0 » gotoyuzo
2003-07-23 * ext/openssl: imported.
1491
1492 if (ssl) {
932075e8 » gotoyuzo
2003-12-24 * ext/openssl/ossl_ssl.c (ossl_ssl_read): should check for error
1493 for (;;){
3a16cc24 » nurse
2011-03-24 * ext/openssl/ossl.c: surpress warning: shorten-64-to-32.
1494 nwrite = SSL_write(ssl, RSTRING_PTR(str), RSTRING_LENINT(str));
82849c97 » unak
2005-03-07 * ext/openssl/ossl_ssl.c (ossl_start_ssl, ossl_ssl_read,
1495 switch(ssl_get_error(ssl, nwrite)){
932075e8 » gotoyuzo
2003-12-24 * ext/openssl/ossl_ssl.c (ossl_ssl_read): should check for error
1496 case SSL_ERROR_NONE:
1497 goto end;
1498 case SSL_ERROR_WANT_WRITE:
988ca605 » tenderlove
2013-08-26 * io.c (io_read_nonblock): support non-blocking reads without raising
1499 if (no_exception) { return ID2SYM(rb_intern("wait_writable")); }
7fd155cf » akr
2009-03-21 * ext/openssl/ossl_ssl.c (write_would_block): defined.
1500 write_would_block(nonblock);
3930d3b3 » technorama
2007-04-02 * ext/openssl/{ossl.[ch],ossl_pkey.c} Add documentation.
1501 rb_io_wait_writable(FPTR_TO_FD(fptr));
a9fb0817 » gotoyuzo
2005-03-05 * ext/openssl/ossl_ssl.c (ossl_start_ssl): should wait for that