Writes string to the SSL connection in a non-blocking manner. Raises an SSLError if writing would block.
Returns the result of the peer certificates verification. See verify(1) for error values and descriptions.
If no peer certificate was presented X509_V_OK is returned.
Adds a new entry with the given oid and value to this name. The oid is an object identifier defined in ASN.1. Some common OIDs are:
Country Name
Common Name
Domain Component
Organization Name
Organizational Unit Name
State or Province Name
The optional keyword parameters loc and set specify where to insert the new attribute. Refer to the manpage of X509_NAME_add_entry(3) for details. loc defaults to -1 and set defaults to 0. This appends a single-valued RDN to the end.
Adds a certificate status for certificate_id. status is the status, and must be one of these:
OpenSSL::OCSP::V_CERTSTATUS_GOOD
OpenSSL::OCSP::V_CERTSTATUS_REVOKED
OpenSSL::OCSP::V_CERTSTATUS_UNKNOWN
reason and revocation_time can be given only when status is OpenSSL::OCSP::V_CERTSTATUS_REVOKED. reason describes the reason for the revocation, and must be one of OpenSSL::OCSP::REVOKED_STATUS_* constants. revocation_time is the time when the certificate is revoked.
this_update and next_update indicate the time at which ths status is verified to be correct and the time at or before which newer information will be available, respectively. next_update is optional.
extensions is an Array of OpenSSL::X509::Extension to be included in the SingleResponse. This is also optional.
Note that the times, revocation_time, this_update and next_update can be specified in either of Integer or Time object. If they are Integer, it is treated as the relative seconds from the current time.
Returns the status of the certificate identified by the certid. The return value may be one of these constant:
V_CERTSTATUS_GOOD
V_CERTSTATUS_REVOKED
V_CERTSTATUS_UNKNOWN
When the status is V_CERTSTATUS_REVOKED, the time at which the certificate was revoked can be retrieved by revocation_time.
Returns the ln (long name) of the hash algorithm used to generate the issuerNameHash and the issuerKeyHash values.
See the OpenSSL documentation for EC_KEY_get0_private_key()
See the OpenSSL documentation for EC_KEY_set_private_key()
Returns whether this EC instance has a private key. The private key (BN) can be retrieved with EC#private_key.
Encrypt string with the private key. padding defaults to PKCS1_PADDING. The encrypted string output can be decrypted using public_decrypt.
Decrypt string, which has been encrypted with the public key, with the private key. padding defaults to PKCS1_PADDING.
Verifies data using the Probabilistic Signature Scheme (RSA-PSS).
The return value is true if the signature is valid, false otherwise. RSAError will be raised if an error occurs.
See sign_pss for the signing operation and an example code.
A String containing the message digest algorithm name.
A String. The data to be signed.
The length in octets of the salt. Two special values are reserved: :digest means the digest length, and :auto means automatically determining the length based on the signature.
The hash algorithm used in MGF1.
General callback for OpenSSL verify