OpenSSL::SSL

Module

Use SSLContext to set up the parameters for a TLS (former SSL) connection. Both client and server TLS connections are supported, SSLSocket and SSLServer may be used in conjunction with an instance of SSLContext to set up connections.

Class Methods

verify_certificate_identity(cert, hostname)

ext/openssl/lib/openssl/ssl.rb View on GitHub

          
            # File tmp/rubies/ruby-2.4.10/ext/openssl/lib/openssl/ssl.rb, line 157
def verify_certificate_identity(cert, hostname)
  should_verify_common_name = true
  cert.extensions.each{|ext|
    next if ext.oid != "subjectAltName"
    ostr = OpenSSL::ASN1.decode(ext.to_der).value.last
    sequence = OpenSSL::ASN1.decode(ostr.value)
    sequence.value.each{|san|
      case san.tag
      when 2 # dNSName in GeneralName (RFC5280)
        should_verify_common_name = false
        return true if verify_hostname(hostname, san.value)
      when 7 # iPAddress in GeneralName (RFC5280)
        should_verify_common_name = false
        # follows GENERAL_NAME_print() in x509v3/v3_alt.c
        if san.value.size == 4
          return true if san.value.unpack('C*').join('.') == hostname
        elsif san.value.size == 16
          return true if san.value.unpack('n*').map { |e| sprintf("%X", e) }.join(':') == hostname
        end
      end
    }
  }
  if should_verify_common_name
    cert.subject.to_a.each{|oid, value|
      if oid == "CN"
        return true if verify_hostname(hostname, value)
      end
    }
  end
  return false
end

No documentation available

Instance Methods

verify_certificate_identity(cert, hostname)

ext/openssl/lib/openssl/ssl.rb View on GitHub

          
            # File tmp/rubies/ruby-2.4.10/ext/openssl/lib/openssl/ssl.rb, line 157
def verify_certificate_identity(cert, hostname)
  should_verify_common_name = true
  cert.extensions.each{|ext|
    next if ext.oid != "subjectAltName"
    ostr = OpenSSL::ASN1.decode(ext.to_der).value.last
    sequence = OpenSSL::ASN1.decode(ostr.value)
    sequence.value.each{|san|
      case san.tag
      when 2 # dNSName in GeneralName (RFC5280)
        should_verify_common_name = false
        return true if verify_hostname(hostname, san.value)
      when 7 # iPAddress in GeneralName (RFC5280)
        should_verify_common_name = false
        # follows GENERAL_NAME_print() in x509v3/v3_alt.c
        if san.value.size == 4
          return true if san.value.unpack('C*').join('.') == hostname
        elsif san.value.size == 16
          return true if san.value.unpack('n*').map { |e| sprintf("%X", e) }.join(':') == hostname
        end
      end
    }
  }
  if should_verify_common_name
    cert.subject.to_a.each{|oid, value|
      if oid == "CN"
        return true if verify_hostname(hostname, value)
      end
    }
  end
  return false
end

No documentation available