Returns the cipher suite actually used in the current session, or nil if no session has been established.
A description of the current connection state. This is for diagnostic purposes only.
Sets the server hostname used for SNI. This needs to be set before SSLSocket#connect
.
See TCPServer#listen
for details.
Verifies the signature of the certificate, with the public key key. key must be an instance of OpenSSL::PKey
.
Checks that cert signature is made with PRIVversion of this PUBLIC ‘key’
This adds a new ObjectId
to the internal tables. Where object_id is the numerical form, short_name is the short name, and long_name is the long name.
Returns true
if successful. Raises an OpenSSL::ASN1::ASN1Error
if it fails.
key - the public key to be used for verifying the SPKI
signature
Returns true
if the signature is valid, false
otherwise. To verify an SPKI
, the public key contained within the SPKI
should be used.
Verifies this request using the given certificates and store. certificates is an array of OpenSSL::X509::Certificate
, store is an OpenSSL::X509::Store
.
Note that false
is returned if the request does not have a signature. Use signed?
to check whether the request is signed or not.
Returns the status of the response.
Returns an Array
of statuses for this response. Each status contains a CertificateId
, the status (0 for good, 1 for revoked, 2 for unknown), the reason for the status, the revocation time, the time of this update, the time for the next update and a list of OpenSSL::X509::Extension
.
This should be superseded by BasicResponse#responses
and find_response
that return SingleResponse
.
Verifies the signature of the response using the given certificates and store. This works in the similar way as OpenSSL::OCSP::Request#verify
.
Returns the serial number of the certificate for which status is being requested.
To verify the String
signature, digest, an instance of OpenSSL::Digest
, must be provided to re-compute the message digest of the original data, also a String
. The return value is true
if the signature is valid, false
otherwise. A PKeyError
is raised should errors occur. Any previous state of the Digest
instance is irrelevant to the validation outcome, the digest instance is reset to its initial state during the operation.
data = 'Sign me!' digest = OpenSSL::Digest.new('SHA256') pkey = OpenSSL::PKey::RSA.new(2048) signature = pkey.sign(digest, data) pub_key = pkey.public_key puts pub_key.verify(digest, signature, data) # => true
Returns one of GRANTED
, GRANTED_WITH_MODS
, REJECTION
, WAITING
, REVOCATION_WARNING
or REVOCATION_NOTIFICATION
. A timestamp token has been created only in case status
is equal to GRANTED
or GRANTED_WITH_MODS
.