Safely write a file in binary mode on all platforms.
Looks for a gem dependency file at path and activates the gems in the file if found. If the file is not found an ArgumentError is raised.
If path is not given the RUBYGEMS_GEMDEPS environment variable is used, but if no file is found no exception is raised.
If ‘-’ is given for path RubyGems searches up from the current working directory for gem dependency files (gem.deps.rb, Gemfile, Isolate) and activates the gems in the first one found.
You can run this automatically when rubygems starts. To enable, set the RUBYGEMS_GEMDEPS environment variable to either the path of your gem dependencies file or “-” to auto-discover in parent directories.
NOTE: Enabling automatic discovery on multiuser systems can lead to execution of arbitrary code when used from directories outside your control.
The path to standard location of the user’s configuration directory.
The path to standard location of the user’s .gemrc file.
Default gem load path
Returns a time returned by POSIX clock_gettime() function.
p Process.clock_gettime(Process::CLOCK_MONOTONIC) #=> 896053.968060096
clock_id specifies a kind of clock. It is specified as a constant which begins with Process::CLOCK_ such as Process::CLOCK_REALTIME and Process::CLOCK_MONOTONIC.
The supported constants depends on OS and version. Ruby provides following types of clock_id if available.
CLOCK_REALTIME
SUSv2 to 4, Linux 2.5.63, FreeBSD 3.0, NetBSD 2.0, OpenBSD 2.1, macOS 10.12
CLOCK_MONOTONIC
SUSv3 to 4, Linux 2.5.63, FreeBSD 3.0, NetBSD 2.0, OpenBSD 3.4, macOS 10.12
CLOCK_PROCESS_CPUTIME_ID
SUSv3 to 4, Linux 2.5.63, FreeBSD 9.3, OpenBSD 5.4, macOS 10.12
CLOCK_THREAD_CPUTIME_ID
SUSv3 to 4, Linux 2.5.63, FreeBSD 7.1, OpenBSD 5.4, macOS 10.12
CLOCK_VIRTUAL
FreeBSD 3.0, OpenBSD 2.1
CLOCK_PROF
FreeBSD 3.0, OpenBSD 2.1
CLOCK_REALTIME_FAST
FreeBSD 8.1
CLOCK_REALTIME_PRECISE
FreeBSD 8.1
CLOCK_REALTIME_COARSE
Linux 2.6.32
CLOCK_REALTIME_ALARM
Linux 3.0
CLOCK_MONOTONIC_FAST
FreeBSD 8.1
CLOCK_MONOTONIC_PRECISE
FreeBSD 8.1
CLOCK_MONOTONIC_COARSE
Linux 2.6.32
CLOCK_MONOTONIC_RAW
Linux 2.6.28, macOS 10.12
CLOCK_MONOTONIC_RAW_APPROX
macOS 10.12
CLOCK_BOOTTIME
Linux 2.6.39
CLOCK_BOOTTIME_ALARM
Linux 3.0
CLOCK_UPTIME
FreeBSD 7.0, OpenBSD 5.5
CLOCK_UPTIME_FAST
FreeBSD 8.1
CLOCK_UPTIME_RAW
macOS 10.12
CLOCK_UPTIME_RAW_APPROX
macOS 10.12
CLOCK_UPTIME_PRECISE
FreeBSD 8.1
CLOCK_SECOND
FreeBSD 8.1
CLOCK_TAI
Linux 3.10
Note that SUS stands for Single Unix Specification. SUS contains POSIX and clock_gettime is defined in the POSIX part. SUS defines CLOCK_REALTIME mandatory but CLOCK_MONOTONIC, CLOCK_PROCESS_CPUTIME_ID and CLOCK_THREAD_CPUTIME_ID are optional.
Also, several symbols are accepted as clock_id. There are emulations for clock_gettime().
For example, Process::CLOCK_REALTIME is defined as :GETTIMEOFDAY_BASED_CLOCK_REALTIME when clock_gettime() is not available.
Emulations for CLOCK_REALTIME:
Use gettimeofday() defined by SUS. (SUSv4 obsoleted it, though.) The resolution is 1 microsecond.
Use time() defined by ISO C. The resolution is 1 second.
Emulations for CLOCK_MONOTONIC:
Use mach_absolute_time(), available on Darwin. The resolution is CPU dependent.
Use the result value of times() defined by POSIX. POSIX defines it as “times() shall return the elapsed real time, in clock ticks, since an arbitrary point in the past (for example, system start-up time)”. For example, GNU/Linux returns a value based on jiffies and it is monotonic. However, 4.4BSD uses gettimeofday() and it is not monotonic. (FreeBSD uses clock_gettime(CLOCK_MONOTONIC) instead, though.) The resolution is the clock tick. “getconf CLK_TCK” command shows the clock ticks per second. (The clock ticks per second is defined by HZ macro in older systems.) If it is 100 and clock_t is 32 bits integer type, the resolution is 10 millisecond and cannot represent over 497 days.
Emulations for CLOCK_PROCESS_CPUTIME_ID:
Use getrusage() defined by SUS. getrusage() is used with RUSAGE_SELF to obtain the time only for the calling process (excluding the time for child processes). The result is addition of user time (ru_utime) and system time (ru_stime). The resolution is 1 microsecond.
Use times() defined by POSIX. The result is addition of user time (tms_utime) and system time (tms_stime). tms_cutime and tms_cstime are ignored to exclude the time for child processes. The resolution is the clock tick. “getconf CLK_TCK” command shows the clock ticks per second. (The clock ticks per second is defined by HZ macro in older systems.) If it is 100, the resolution is 10 millisecond.
Use clock() defined by ISO C. The resolution is 1/CLOCKS_PER_SEC. CLOCKS_PER_SEC is the C-level macro defined by time.h. SUS defines CLOCKS_PER_SEC is 1000000. Non-Unix systems may define it a different value, though. If CLOCKS_PER_SEC is 1000000 as SUS, the resolution is 1 microsecond. If CLOCKS_PER_SEC is 1000000 and clock_t is 32 bits integer type, it cannot represent over 72 minutes.
If the given clock_id is not supported, Errno::EINVAL is raised.
unit specifies a type of the return value.
number of seconds as a float (default)
number of milliseconds as a float
number of microseconds as a float
number of seconds as an integer
number of milliseconds as an integer
number of microseconds as an integer
number of nanoseconds as an integer
The underlying function, clock_gettime(), returns a number of nanoseconds. Float object (IEEE 754 double) is not enough to represent the return value for CLOCK_REALTIME. If the exact nanoseconds value is required, use :nanoseconds as the unit.
The origin (zero) of the returned value varies. For example, system start up time, process start up time, the Epoch, etc.
The origin in CLOCK_REALTIME is defined as the Epoch (1970-01-01 00:00:00 UTC). But some systems count leap seconds and others doesn’t. So the result can be interpreted differently across systems. Time.now is recommended over CLOCK_REALTIME.
This integer returns the current initial length of the buffer.
This sets the initial length of the buffer to length, if length > 0, otherwise its value isn’t changed.
Get the subject’s key identifier from the subjectKeyIdentifier exteension, as described in RFC5280 Section 4.2.1.2.
Returns the binary String key identifier or nil or raises ASN1::ASN1Error.
Get the issuing certificate’s key identifier from the authorityKeyIdentifier extension, as described in RFC5280 Section 4.2.1.1
Returns the binary String keyIdentifier or nil or raises ASN1::ASN1Error.
Creates a new DH instance from scratch by generating the private and public components alike.
size is an integer representing the desired key size. Keys smaller than 1024 bits should be considered insecure.
generator is a small number > 1, typically 2 or 5.
Creates a new DSA instance by generating a private/public key pair from scratch.
size is an integer representing the desired key size.
Verifies whether the signature is valid given the message digest input. It does so by validating sig using the public key of this DSA instance.
digest is a message digest of the original input data to be signed
sig is a DSA signature value
dsa = OpenSSL::PKey::DSA.new(2048) doc = "Sign me" digest = OpenSSL::Digest.digest('SHA1', doc) sig = dsa.syssign(digest) puts dsa.sysverify(digest, sig) # => true
Creates a new EC instance with a new random private and public key.
Generates an RSA keypair. size is an integer representing the desired key size. Keys smaller than 1024 should be considered insecure. exponent is an odd number normally 3, 17, or 65537.
This method is called automatically when a new SSLSocket is created. However, it is not thread-safe and must be called before creating SSLSocket objects in a multi-threaded program.
Sends “close notify” to the peer and tries to shut down the SSL connection gracefully.
If sync_close is set to true, the underlying IO is also closed.
Creates a new instance of SSLSocket. remotehost_ and remoteport_ are used to open TCPSocket. If localhost_ and localport_ are specified, then those parameters are used on the local end to establish the connection. If context is provided, the SSL Sockets initial params will be taken from the context.
sock = OpenSSL::SSL::SSLSocket.open('localhost', 443) sock.connect # Initiates a connection to localhost:443
with SSLContext:
ctx = OpenSSL::SSL::SSLContext.new sock = OpenSSL::SSL::SSLSocket.open('localhost', 443, context: ctx) sock.connect # Initiates a connection to localhost:443 with SSLContext
Initiates an SSL/TLS handshake with a server. The handshake may be started after unencrypted data has been sent over the socket.
Waits for a SSL/TLS client to initiate a handshake. The handshake may be started after unencrypted data has been sent over the socket.
Sends “close notify” to the peer and tries to shut down the SSL connection gracefully.
The X509 certificate for this socket endpoint.
Returns the cipher suite actually used in the current session, or nil if no session has been established.