Copy a InstanceVariableAndWriteNode node
Copy a InstanceVariableOperatorWriteNode node
Copy a InstanceVariableOrWriteNode node
Copy a LocalVariableOperatorWriteNode node
Validates the Diffie-Hellman parameters associated with this instance. It checks whether a safe prime and a suitable generator are used. If this is not the case, false is returned.
See also the man page EVP_PKEY_param_check(3).
Obtains a list of all predefined curves by the OpenSSL. Curve names are returned as sn.
See the OpenSSL documentation for EC_get_builtin_curves().
Sets saner defaults optimized for the use with HTTP-like protocols.
If a Hash params is given, the parameters are overridden with it. The keys in params must be assignment methods on SSLContext.
If the verify_mode is not VERIFY_NONE and ca_file, ca_path and cert_store are not set then the system default certificate store is used.
Sets the lower bound on the supported SSL/TLS protocol version. The version may be specified by an integer constant named OpenSSL::SSL::*_VERSION, a Symbol, or nil which means “any version”.
Be careful that you don’t overwrite OpenSSL::SSL::OP_NO_{SSL,TLS}v* options by options= once you have called min_version= or max_version=.
ctx = OpenSSL::SSL::SSLContext.new ctx.min_version = OpenSSL::SSL::TLS1_1_VERSION ctx.max_version = OpenSSL::SSL::TLS1_2_VERSION sock = OpenSSL::SSL::SSLSocket.new(tcp_sock, ctx) sock.connect # Initiates a connection using either TLS 1.1 or TLS 1.2
Sets the upper bound of the supported SSL/TLS protocol version. See min_version= for the possible values.
Sets the SSL/TLS protocol version for the context. This forces connections to use only the specified protocol version. This is deprecated and only provided for backwards compatibility. Use min_version= and max_version= instead.
As the name hints, this used to call the SSL_CTX_set_ssl_version() function which sets the SSL method used for connections created from the context. As of Ruby/OpenSSL 2.1, this accessor method is implemented to call min_version= and max_version= instead.
Adds session to the session cache.
Removes session from the session cache.
Removes sessions in the internal cache that have expired at time.
Initiates the SSL/TLS handshake as a client in non-blocking manner.
# emulates blocking connect begin ssl.connect_nonblock rescue IO::WaitReadable IO.select([s2]) retry rescue IO::WaitWritable IO.select(nil, [s2]) retry end
By specifying a keyword argument exception to false, you can indicate that connect_nonblock should not raise an IO::WaitReadable or IO::WaitWritable exception, but return the symbol :wait_readable or :wait_writable instead.
Writes string to the SSL connection in a non-blocking manner. Raises an SSLError if writing would block.
Returns a String representing the SSL/TLS version that was negotiated for the connection, for example “TLSv1.2”.
Returns true if a reused session was negotiated during the handshake.
Parses the UTF-8 string representation of a distinguished name, according to RFC 2253.
See also to_utf8 for the opposite operation.
Parses the string representation of a distinguished name. Two different forms are supported:
OpenSSL format (X509_NAME_oneline()) used by #to_s. For example: /DC=com/DC=example/CN=nobody
OpenSSL format (X509_NAME_print()) used by #to_s(OpenSSL::X509::Name::COMPAT). For example: DC=com, DC=example, CN=nobody
Neither of them is standardized and has quirks and inconsistencies in handling of escaped characters or multi-valued RDNs.
Use of this method is discouraged in new applications. See Name.parse_rfc2253 and to_utf8 for the alternative.