Initiates the SSL/TLS handshake as a server in non-blocking manner.
# emulates blocking accept begin ssl.accept_nonblock rescue IO::WaitReadable IO.select([s2]) retry rescue IO::WaitWritable IO.select(nil, [s2]) retry end
By specifying a keyword argument exception to false, you can indicate that accept_nonblock should not raise an IO::WaitReadable or IO::WaitWritable exception, but return the symbol :wait_readable or :wait_writable instead.
A non-blocking version of sysread. Raises an SSLError if reading would block. If “exception: false” is passed, this method returns a symbol of :wait_readable, :wait_writable, or nil, rather than raising an exception.
Reads length bytes from the SSL connection. If a pre-allocated buffer is provided the data will be written into it.
The X509 certificate for this socket’s peer.
Returns the certificate which caused the error.
See also the man page X509_STORE_CTX_get_current_cert(3).
The short name of the ObjectId, as defined in <openssl/objects.h>.
The long name of the ObjectId, as defined in <openssl/objects.h>.
Adds a nonce to the OCSP request. If no nonce is given a random one will be generated.
The nonce is used to prevent replay attacks but some servers do not support it.
Checks the nonce validity for this request and response.
The return value is one of the following:
nonce in request only.
nonces both present and not equal.
nonces present and equal.
nonces both absent.
nonce present in response only.
For most responses, clients can check result > 0. If a responder doesn’t handle nonces result.nonzero? may be necessary. A result of 0 is always an error.
Copies the nonce from request into this response. Returns 1 on success and 0 on failure.
Adds nonce to this response. If no nonce was provided a random nonce will be added.
Returns a SingleResponse whose CertId matches with certificate_id, or nil if this BasicResponse does not contain it.
Checks the validity of thisUpdate and nextUpdate fields of this SingleResponse. This checks the current time is within the range thisUpdate to nextUpdate.
It is possible that the OCSP request takes a few seconds or the time is not accurate. To avoid rejecting a valid response, this method allows the times to be within nsec seconds of the current time.
Some responders don’t set the nextUpdate field. This may cause a very old response to be considered valid. The maxsec parameter can be used to limit the age of responses.
Returns the status of the certificate identified by the certid. The return value may be one of these constant:
V_CERTSTATUS_GOOD
V_CERTSTATUS_REVOKED
V_CERTSTATUS_UNKNOWN
When the status is V_CERTSTATUS_REVOKED, the time at which the certificate was revoked can be retrieved by revocation_time.
Returns the ln (long name) of the hash algorithm used to generate the issuerNameHash and the issuerKeyHash values.
Specify whether the response shall contain the timestamp authority’s certificate or not. The default value is true.
Indicates whether the response shall contain the timestamp authority’s certificate or not.
Adds path as the hash dir to be looked up by the store.
See also the man page X509_LOOKUP_hash_dir(3).
Adds the OpenSSL::X509::Certificate cert to the certificate store.
See also the man page X509_STORE_add_cert(3).
@api private