Raised by Timeout.timeout when the block times out.
Base class for all URI exceptions.
Not a URI.
Not a URI component.
URI is valid, bad usage is not.
RefError is raised when a referenced object has been recycled by the garbage collector
Raised when a mathematical function is evaluated outside of its domain of definition.
For example, since cos returns values in the range -1..1, its inverse function acos is only defined on that interval:
Math.acos(42)
produces:
Math::DomainError: Numerical argument is out of domain - "acos"
Raised on attempt to Ractor#take if there was an uncaught exception in the Ractor. Its cause will contain the original exception, and ractor is the original ractor it was raised in.
r = Ractor.new { raise "Something weird happened" } begin r.take rescue => e p e # => #<Ractor::RemoteError: thrown by remote Ractor.> p e.ractor == r # => true p e.cause # => #<RuntimeError: Something weird happened> end
Raised on an attempt to access an object which was moved in Ractor#send or Ractor.yield.
r = Ractor.new { sleep } ary = [1, 2, 3] r.send(ary, move: true) ary.inspect # Ractor::MovedError (can not send any methods to a moved object)
Raised when an attempt is made to send a message to a closed port, or to retrieve a message from a closed and empty port. Ports may be closed explicitly with Ractor#close_outgoing/close_incoming and are closed implicitly when a Ractor terminates.
r = Ractor.new { sleep(500) } r.close_outgoing r.take # Ractor::ClosedError
ClosedError is a descendant of StopIteration, so the closing of the ractor will break the loops without propagating the error:
r = Ractor.new do loop do msg = receive # raises ClosedError and loop traps it puts "Received: #{msg}" end puts "loop exited" end 3.times{|i| r << i} r.close_incoming r.take puts "Continue successfully"
This will print:
Received: 0 Received: 1 Received: 2 loop exited Continue successfully
Raised by Encoding and String methods when the string being transcoded contains a byte invalid for the either the source or target encoding.
Raised by transcoding methods when a named encoding does not correspond with a known converter.
OpenSSL::OCSP implements Online Certificate Status Protocol requests and responses.
Creating and sending an OCSP request requires a subject certificate that contains an OCSP URL in an authorityInfoAccess extension and the issuer certificate for the subject certificate. First, load the issuer and subject certificates:
subject = OpenSSL::X509::Certificate.new subject_pem issuer = OpenSSL::X509::Certificate.new issuer_pem
To create the request we need to create a certificate ID for the subject certificate so the CA knows which certificate we are asking about:
digest = OpenSSL::Digest.new('SHA1') certificate_id = OpenSSL::OCSP::CertificateId.new subject, issuer, digest
Then create a request and add the certificate ID to it:
request = OpenSSL::OCSP::Request.new request.add_certid certificate_id
Adding a nonce to the request protects against replay attacks but not all CA process the nonce.
request.add_nonce
To submit the request to the CA for verification we need to extract the OCSP URI from the subject certificate:
ocsp_uris = subject.ocsp_uris require 'uri' ocsp_uri = URI ocsp_uris[0]
To submit the request we’ll POST the request to the OCSP URI (per RFC 2560). Note that we only handle HTTP requests and don’t handle any redirects in this example, so this is insufficient for serious use.
require 'net/http' http_response = Net::HTTP.start ocsp_uri.hostname, ocsp_uri.port do |http| http.post ocsp_uri.path, request.to_der, 'content-type' => 'application/ocsp-request' end response = OpenSSL::OCSP::Response.new http_response.body response_basic = response.basic
First we check if the response has a valid signature. Without a valid signature we cannot trust it. If you get a failure here you may be missing a system certificate store or may be missing the intermediate certificates.
store = OpenSSL::X509::Store.new store.set_default_paths unless response_basic.verify [], store then raise 'response is not signed by a trusted certificate' end
The response contains the status information (success/fail). We can display the status as a string:
puts response.status_string #=> successful
Next we need to know the response details to determine if the response matches our request. First we check the nonce. Again, not all CAs support a nonce. See Request#check_nonce for the meanings of the return values.
p request.check_nonce basic_response #=> value from -1 to 3
Then extract the status information for the certificate from the basic response.
single_response = basic_response.find_response(certificate_id) unless single_response raise 'basic_response does not have the status for the certificate' end
Then check the validity. A status issued in the future must be rejected.
unless single_response.check_validity
raise 'this_update is in the future or next_update time has passed'
end
case single_response.cert_status
when OpenSSL::OCSP::V_CERTSTATUS_GOOD
puts 'certificate is still valid'
when OpenSSL::OCSP::V_CERTSTATUS_REVOKED
puts "certificate has been revoked at #{single_response.revocation_time}"
when OpenSSL::OCSP::V_CERTSTATUS_UNKNOWN
puts 'responder doesn't know about the certificate'
end
Flags for regular expression and match last line nodes.