Task description for the rdoc task or its renamed equivalent
Task description for the rerdoc task or its renamed description
Returns the value of a thread local variable that has been set. Note that these are different than fiber local values. For fiber local values, please see Thread#[] and Thread#[]=.
Thread local values are carried along with threads, and do not respect fibers. For example:
Thread.new { Thread.current.thread_variable_set("foo", "bar") # set a thread local Thread.current["foo"] = "bar" # set a fiber local Fiber.new { Fiber.yield [ Thread.current.thread_variable_get("foo"), # get the thread local Thread.current["foo"], # get the fiber local ] }.resume }.join.value # => ['bar', nil]
The value “bar” is returned for the thread local, where nil is returned for the fiber local. The fiber is executed in the same thread, so the thread local values are available.
Sets a thread local with key to value. Note that these are local to threads, and not to fibers. Please see Thread#thread_variable_get and Thread#[] for more information.
For debugging the Ruby/OpenSSL library. Calls CRYPTO_mem_leaks_fp(stderr). Prints detected memory leaks to standard error. This cleans the global state up thus you cannot use any methods of the library after calling this.
Returns true if leaks detected, false otherwise.
This is available only when built with a capable OpenSSL and –enable-debug configure option.
OpenSSL.mem_check_start NOT_GCED = OpenSSL::PKey::RSA.new(256) END { GC.start OpenSSL.print_mem_leaks # will print the leakage }
Verify internal consistency.
This method is implementation specific. Now this method checks generational consistency if RGenGC is supported.
Verify compaction reference consistency.
This method is implementation specific. During compaction, objects that were moved are replaced with T_MOVED objects. No object should have a reference to a T_MOVED object after compaction.
This function doubles the heap to ensure room to move all objects, compacts the heap to make sure everything moves, updates all references, then performs a full GC. If any object contains a reference to a T_MOVED object, that object should be pushed on the mark stack, and will make a SEGV.
Enable to measure GC time. You can get the result with GC.stat(:time). Note that GC time measurement can cause some performance overhead.
Return measure_total_time flag (default: true). Note that measurement can affect the application performance.
This method removes a file system entry path. path shall be a regular file, a directory, or something. If path is a directory, remove it recursively. This method is required to avoid TOCTTOU (time-of-check-to-time-of-use) local security vulnerability of rm_r. rm_r causes security hole when:
Parent directory is world writable (including /tmp).
Removing directory tree includes world writable directory.
The system has symbolic link.
To avoid this security hole, this method applies special preprocess. If path is a directory, this method chown(2) and chmod(2) all removing directories. This requires the current process is the owner of the removing whole directory tree, or is the super user (root).
WARNING: You must ensure that ALL parent directories cannot be moved by other untrusted users. For example, parent directories should not be owned by untrusted users, and should not be world writable except when the sticky bit set.
WARNING: Only the owner of the removing directory tree, or Unix super user (root) should invoke this method. Otherwise this method does not work.
For details of this security vulnerability, see Perl’s case:
For fileutils.rb, this vulnerability is reported in [ruby-dev:26100].
This method removes a file system entry path. path shall be a regular file, a directory, or something. If path is a directory, remove it recursively. This method is required to avoid TOCTTOU (time-of-check-to-time-of-use) local security vulnerability of rm_r. rm_r causes security hole when:
Parent directory is world writable (including /tmp).
Removing directory tree includes world writable directory.
The system has symbolic link.
To avoid this security hole, this method applies special preprocess. If path is a directory, this method chown(2) and chmod(2) all removing directories. This requires the current process is the owner of the removing whole directory tree, or is the super user (root).
WARNING: You must ensure that ALL parent directories cannot be moved by other untrusted users. For example, parent directories should not be owned by untrusted users, and should not be world writable except when the sticky bit set.
WARNING: Only the owner of the removing directory tree, or Unix super user (root) should invoke this method. Otherwise this method does not work.
For details of this security vulnerability, see Perl’s case:
For fileutils.rb, this vulnerability is reported in [ruby-dev:26100].
Returns the value of Gem.source_date_epoch_string, as a Time object.
This is used throughout RubyGems for enabling reproducible builds.
Returns the original source code as an array of lines.
Note that this is an API for ruby internal use, debugging, and research. Do not use this for any other purpose. The compatibility is not guaranteed.
Obtains a list of all predefined curves by the OpenSSL. Curve names are returned as sn.
See the OpenSSL documentation for EC_get_builtin_curves().
See the OpenSSL documentation for EC_KEY_get0_private_key()
See the OpenSSL documentation for EC_KEY_set_private_key()
Returns whether this EC instance has a private key. The private key (BN) can be retrieved with EC#private_key.
Encrypt string with the private key. padding defaults to PKCS1_PADDING. The encrypted string output can be decrypted using public_decrypt.
Deprecated in version 3.0. Consider using PKey::PKey#sign_raw and PKey::PKey#verify_raw, and PKey::PKey#verify_recover instead.
Decrypt string, which has been encrypted with the public key, with the private key. padding defaults to PKCS1_PADDING.
Deprecated in version 3.0. Consider using PKey::PKey#encrypt and PKey::PKey#decrypt instead.
Verifies data using the Probabilistic Signature Scheme (RSA-PSS).
The return value is true if the signature is valid, false otherwise. RSAError will be raised if an error occurs.
See sign_pss for the signing operation and an example code.
A String containing the message digest algorithm name.
A String. The data to be signed.
The length in octets of the salt. Two special values are reserved: :digest means the digest length, and :auto means automatically determining the length based on the signature.
The hash algorithm used in MGF1.
Sets the list of “supported elliptic curves” for this context.
For a TLS client, the list is directly used in the Supported Elliptic Curves Extension. For a server, the list is used by OpenSSL to determine the set of shared curves. OpenSSL will pick the most appropriate one from it.
ctx1 = OpenSSL::SSL::SSLContext.new ctx1.ecdh_curves = "X25519:P-256:P-224" svr = OpenSSL::SSL::SSLServer.new(tcp_svr, ctx1) Thread.new { svr.accept } ctx2 = OpenSSL::SSL::SSLContext.new ctx2.ecdh_curves = "P-256" cli = OpenSSL::SSL::SSLSocket.new(tcp_sock, ctx2) cli.connect p cli.tmp_key.group.curve_name # => "prime256v1" (is an alias for NIST P-256)
Writes string to the SSL connection in a non-blocking manner. Raises an SSLError if writing would block.