Register a Gem::Specification
for default gem.
Two formats for the specification are supported:
MRI 2.0 style, where spec.files contains unprefixed require names. The spec’s filenames will be registered as-is.
New style, where spec.files contains files prefixed with paths from spec.require_paths. The prefixes are stripped before registering the spec’s filenames. Unprefixed files are omitted.
Paths where RubyGems’ .rb files and bin files are installed
The default signing certificate chain path
Default options for gem commands for Ruby packagers.
The options here should be structured as an array of string “gem” command names as keys and a string of the default options as values.
Example:
def self.operating_system_defaults
{ 'install' => '--no-rdoc --no-ri --env-shebang', 'update' => '--no-rdoc --no-ri --env-shebang' }
end
Encodes this DH
to its DER encoding. Note that any existing per-session public/private keys will not get encoded, just the Diffie-Hellman parameters will be encoded.
Encodes this DSA
to its DER encoding.
See the OpenSSL
documentation for i2d_ECPrivateKey_bio()
Outputs this keypair in DER encoding.
Verifies data using the Probabilistic Signature Scheme (RSA-PSS).
The return value is true
if the signature is valid, false
otherwise. RSAError
will be raised if an error occurs.
See sign_pss
for the signing operation and an example code.
A String
containing the message digest algorithm name.
A String
. The data to be signed.
The length in octets of the salt. Two special values are reserved: :digest
means the digest length, and :auto
means automatically determining the length based on the signature.
The hash algorithm used in MGF1.
Sets the lower bound on the supported SSL/TLS protocol version. The version may be specified by an integer constant named OpenSSL::SSL::*_VERSION, a Symbol
, or nil
which means “any version”.
Be careful that you don’t overwrite OpenSSL::SSL::OP_NO_{SSL,TLS}v* options by options=
once you have called min_version=
or max_version=
.
ctx = OpenSSL::SSL::SSLContext.new ctx.min_version = OpenSSL::SSL::TLS1_1_VERSION ctx.max_version = OpenSSL::SSL::TLS1_2_VERSION sock = OpenSSL::SSL::SSLSocket.new(tcp_sock, ctx) sock.connect # Initiates a connection using either TLS 1.1 or TLS 1.2
Sets the upper bound of the supported SSL/TLS protocol version. See min_version=
for the possible values.
Sets the SSL/TLS protocol version for the context. This forces connections to use only the specified protocol version. This is deprecated and only provided for backwards compatibility. Use min_version=
and max_version=
instead.
As the name hints, this used to call the SSL_CTX_set_ssl_version() function which sets the SSL
method used for connections created from the context. As of Ruby/OpenSSL 2.1, this accessor method is implemented to call min_version=
and max_version=
instead.
Adds a certificate to the context. pkey must be a corresponding private key with certificate.
Multiple certificates with different public key type can be added by repeated calls of this method, and OpenSSL
will choose the most appropriate certificate during the handshake.
cert=
, key=
, and extra_chain_cert=
are old accessor methods for setting certificate and internally call this method.
A certificate. An instance of OpenSSL::X509::Certificate
.
The private key for certificate. An instance of OpenSSL::PKey::PKey
.
Optional. An array of OpenSSL::X509::Certificate
. When sending a certificate chain, the certificates specified by this are sent following certificate, in the order in the array.
rsa_cert = OpenSSL::X509::Certificate.new(...) rsa_pkey = OpenSSL::PKey.read(...) ca_intermediate_cert = OpenSSL::X509::Certificate.new(...) ctx.add_certificate(rsa_cert, rsa_pkey, [ca_intermediate_cert]) ecdsa_cert = ... ecdsa_pkey = ... another_ca_cert = ... ctx.add_certificate(ecdsa_cert, ecdsa_pkey, [another_ca_cert])
Initiates the SSL/TLS handshake as a client in non-blocking manner.
# emulates blocking connect begin ssl.connect_nonblock rescue IO::WaitReadable IO.select([s2]) retry rescue IO::WaitWritable IO.select(nil, [s2]) retry end
By specifying a keyword argument exception to false
, you can indicate that connect_nonblock
should not raise an IO::WaitReadable
or IO::WaitWritable
exception, but return the symbol :wait_readable
or :wait_writable
instead.
Initiates the SSL/TLS handshake as a server in non-blocking manner.
# emulates blocking accept begin ssl.accept_nonblock rescue IO::WaitReadable IO.select([s2]) retry rescue IO::WaitWritable IO.select(nil, [s2]) retry end
By specifying a keyword argument exception to false
, you can indicate that accept_nonblock
should not raise an IO::WaitReadable
or IO::WaitWritable
exception, but return the symbol :wait_readable
or :wait_writable
instead.
A non-blocking version of sysread
. Raises an SSLError
if reading would block. If “exception: false” is passed, this method returns a symbol of :wait_readable, :wait_writable, or nil, rather than raising an exception.
Reads length bytes from the SSL
connection. If a pre-allocated buffer is provided the data will be written into it.
Writes string to the SSL
connection in a non-blocking manner. Raises an SSLError
if writing would block.
Returns a String
representing the SSL/TLS version that was negotiated for the connection, for example “TLSv1.2”.
Returns the result of the peer certificates verification. See verify(1) for error values and descriptions.
If no peer certificate was presented X509_V_OK is returned.
Returns the last Finished message sent