Adds a certificate to the context. pkey must be a corresponding private key with certificate.
Multiple certificates with different public key type can be added by repeated calls of this method, and OpenSSL
will choose the most appropriate certificate during the handshake.
cert=
, key=
, and extra_chain_cert=
are old accessor methods for setting certificate and internally call this method.
A certificate. An instance of OpenSSL::X509::Certificate
.
The private key for certificate. An instance of OpenSSL::PKey::PKey
.
Optional. An array of OpenSSL::X509::Certificate
. When sending a certificate chain, the certificates specified by this are sent following certificate, in the order in the array.
rsa_cert = OpenSSL::X509::Certificate.new(...) rsa_pkey = OpenSSL::PKey.read(...) ca_intermediate_cert = OpenSSL::X509::Certificate.new(...) ctx.add_certificate(rsa_cert, rsa_pkey, [ca_intermediate_cert]) ecdsa_cert = ... ecdsa_pkey = ... another_ca_cert = ... ctx.add_certificate(ecdsa_cert, ecdsa_pkey, [another_ca_cert])
OpenSSL
before the version 1.0.2 could handle only one extra chain across all key types. Calling this method discards the chain set previously.
Creates a new X509::Extension
with passed values. See also x509v3_config(5).
If the Request
specified to request the TSA certificate (Request#cert_requested = true), then this field contains the certificate of the timestamp authority.
Adds path as the hash dir to be looked up by the store.
@api private
Takes a token and gets the next token in the Negotiate authentication chain. Token can be Base64
encoded or not. The token can include the “Negotiate” header and it will be stripped. Does not indicate if SEC_I_CONTINUE or SEC_E_OK was returned. Token returned is Base64
encoded w/ all new lines removed.
Ensures that :SSLCertificate and :SSLPrivateKey have been provided or that a new certificate is generated with the other parameters provided.