Sets pub_key and priv_key for the DH instance. priv_key may be nil.
Returns the security level for the context.
See also OpenSSL::SSL::SSLContext#security_level=.
Sets the security level for the context. OpenSSL limits parameters according to the level. The “parameters” include: ciphersuites, curves, key sizes, certificate signature algorithms, protocol version and so on. For example, level 1 rejects parameters offering below 80 bits of security, such as ciphersuites using MD5 for the MAC or RSA keys shorter than 1024 bits.
Note that attempts to set such parameters with insufficient security are also blocked. You need to lower the level first.
This feature is not supported in OpenSSL < 1.1.0, and setting the level to other than 0 will raise NotImplementedError. Level 0 means everything is permitted, the same behavior as previous versions of OpenSSL.
See the manpage of SSL_CTX_set_security_level(3) for details.
A non-blocking version of sysread. Raises an SSLError if reading would block. If “exception: false” is passed, this method returns a symbol of :wait_readable, :wait_writable, or nil, rather than raising an exception.
Reads length bytes from the SSL connection. If a pre-allocated buffer is provided the data will be written into it.
Writes string to the SSL connection in a non-blocking manner. Raises an SSLError if writing would block.
Returns the result of the peer certificates verification. See verify(1) for error values and descriptions.
If no peer certificate was presented X509_V_OK is returned.
Returns the protocol string that was finally selected by the client during the handshake.
Converts the name to DER encoding
Returns the error string corresponding to the error code retrieved by error.
Encodes this ASN1Data into a DER-encoded String value. The result is DER-encoded except for the possibility of infinite length encodings. Infinite length encodings are not allowed in strict DER, so strictly speaking the result of such an encoding would be a BER-encoding.
See ASN1Data#to_der for details. *
See ASN1Data#to_der for details.
The long name of the ObjectId, as defined in <openssl/objects.h>.
Returns the DER encoding of this SPKI.
Adds a nonce to the OCSP request. If no nonce is given a random one will be generated.
The nonce is used to prevent replay attacks but some servers do not support it.
Checks the nonce validity for this request and response.
The return value is one of the following:
nonce in request only.
nonces both present and not equal.
nonces present and equal.
nonces both absent.
nonce present in response only.
For most responses, clients can check result > 0. If a responder doesn’t handle nonces result.nonzero? may be necessary. A result of 0 is always an error.
Returns this request as a DER-encoded string
Returns this response as a DER-encoded string.
Adds nonce to this response. If no nonce was provided a random nonce will be added.