Reads length bytes from the SSL connection. If a pre-allocated buffer is provided the data will be written into it.
A description of the current connection state. This is for diagnostic purposes only.
Sets the server hostname used for SNI. This needs to be set before SSLSocket#connect.
See TCPServer#listen for details.
Returns a String representation of the Distinguished Name. format is one of:
If format is omitted, the largely broken and traditional OpenSSL format (X509_NAME_oneline() format) is chosen.
Use of this method is discouraged. None of the formats other than OpenSSL::X509::Name::RFC2253 is standardized and may show an inconsistent behavior through OpenSSL versions.
It is recommended to use to_utf8 instead, which is equivalent to calling name.to_s(OpenSSL::X509::Name::RFC2253).force_encoding("UTF-8").
Returns the error code of stctx. This is typically called after verify is done, or from the verification callback set to OpenSSL::X509::Store#verify_callback=.
See also the man page X509_STORE_CTX_get_error(3).
Sets the error code of stctx. This is used by the verification callback set to OpenSSL::X509::Store#verify_callback=.
See also the man page X509_STORE_CTX_set_error(3).
Sets the trust settings of the context. This overrides the default value set by Store#trust=.
See also the man page X509_VERIFY_PARAM_set_trust(3).
Returns the PEM encoding of this SPKI.
Creates an OpenSSL::OCSP::Response from status and basic_response.
Returns the status of the response.
Returns an Array of statuses for this response. Each status contains a CertificateId, the status (0 for good, 1 for revoked, 2 for unknown), the reason for the status, the revocation time, the time of this update, the time for the next update and a list of OpenSSL::X509::Extension.
This should be superseded by BasicResponse#responses and find_response that return SingleResponse.
Returns an Array of SingleResponse for this BasicResponse.
Used primarily to check if an OpenSSL::X509::Certificate#public_key compares to its private key.
x509 = OpenSSL::X509::Certificate.new(pem_encoded_certificate) rsa_key = OpenSSL::PKey::RSA.new(pem_encoded_private_key) rsa_key.compare?(x509.public_key) => true | false
Returns one of GRANTED, GRANTED_WITH_MODS, REJECTION, WAITING, REVOCATION_WARNING or REVOCATION_NOTIFICATION. A timestamp token has been created only in case status is equal to GRANTED or GRANTED_WITH_MODS.
If a timestamp token is present, this returns it in the form of a OpenSSL::PKCS7.