Use SSLContext to set up the parameters for a TLS (former SSL) connection. Both client and server TLS connections are supported, SSLSocket and SSLServer may be used in conjunction with an instance of SSLContext to set up connections.
Deprecated in OpenSSL 1.1.0.
Deprecated in OpenSSL 1.1.0.
Deprecated in OpenSSL 0.9.8q and 1.0.0c.
Deprecated in OpenSSL 1.0.1h and 1.0.2.
Deprecated in OpenSSL 1.1.0.
Deprecated in OpenSSL 0.9.7h and 0.9.8b.
Deprecated in OpenSSL 1.1.0.
Deprecated in OpenSSL 1.1.0.
Deprecated in OpenSSL 1.1.0.
Deprecated in OpenSSL 1.1.0.
Deprecated in OpenSSL 1.1.0.
Deprecated in OpenSSL 1.0.1k and 1.0.2.
Deprecated in OpenSSL 1.1.0.
Deprecated in OpenSSL 1.0.1.
Deprecated in OpenSSL 1.0.1.
Deprecated in OpenSSL 1.1.0.
Deprecated in OpenSSL 1.1.0.
SSL 2.0
SSL 3.0
TLS 1.0
TLS 1.1
TLS 1.2
TLS 1.3
# File tmp/rubies/ruby-2.5.9/ext/openssl/lib/openssl/ssl.rb, line 262
def verify_certificate_identity(cert, hostname)
should_verify_common_name = true
cert.extensions.each{|ext|
next if ext.oid != "subjectAltName"
ostr = OpenSSL::ASN1.decode(ext.to_der).value.last
sequence = OpenSSL::ASN1.decode(ostr.value)
sequence.value.each{|san|
case san.tag
when 2 # dNSName in GeneralName (RFC5280)
should_verify_common_name = false
return true if verify_hostname(hostname, san.value)
when 7 # iPAddress in GeneralName (RFC5280)
should_verify_common_name = false
# follows GENERAL_NAME_print() in x509v3/v3_alt.c
if san.value.size == 4
return true if san.value.unpack('C*').join('.') == hostname
elsif san.value.size == 16
return true if san.value.unpack('n*').map { |e| sprintf("%X", e) }.join(':') == hostname
end
end
}
}
if should_verify_common_name
cert.subject.to_a.each{|oid, value|
if oid == "CN"
return true if verify_hostname(hostname, value)
end
}
end
return false
end
# File tmp/rubies/ruby-2.5.9/ext/openssl/lib/openssl/ssl.rb, line 262
def verify_certificate_identity(cert, hostname)
should_verify_common_name = true
cert.extensions.each{|ext|
next if ext.oid != "subjectAltName"
ostr = OpenSSL::ASN1.decode(ext.to_der).value.last
sequence = OpenSSL::ASN1.decode(ostr.value)
sequence.value.each{|san|
case san.tag
when 2 # dNSName in GeneralName (RFC5280)
should_verify_common_name = false
return true if verify_hostname(hostname, san.value)
when 7 # iPAddress in GeneralName (RFC5280)
should_verify_common_name = false
# follows GENERAL_NAME_print() in x509v3/v3_alt.c
if san.value.size == 4
return true if san.value.unpack('C*').join('.') == hostname
elsif san.value.size == 16
return true if san.value.unpack('n*').map { |e| sprintf("%X", e) }.join(':') == hostname
end
end
}
}
if should_verify_common_name
cert.subject.to_a.each{|oid, value|
if oid == "CN"
return true if verify_hostname(hostname, value)
end
}
end
return false
end