Writes string to the SSL
connection in a non-blocking manner. Raises an SSLError
if writing would block.
Returns the ALPN protocol string that was finally selected by the server during the handshake.
Returns the protocol string that was finally selected by the client during the handshake.
Parses the string representation of a distinguished name. Two different forms are supported:
OpenSSL format (X509_NAME_oneline()
) used by to_s
. For example: /DC=com/DC=example/CN=nobody
OpenSSL format (X509_NAME_print()
) used by to_s(OpenSSL::X509::Name::COMPAT). For example: DC=com, DC=example, CN=nobody
Neither of them is standardized and has quirks and inconsistencies in handling of escaped characters or multi-valued RDNs.
Use of this method is discouraged in new applications. See Name.parse_rfc2253
and to_utf8
for the alternative.
Returns the human readable error string corresponding to the error code retrieved by error
.
See also the man page X509_verify_cert_error_string(3).
The long name of the ObjectId
, as defined in <openssl/objects.h>.
Adds a nonce to the OCSP
request. If no nonce is given a random one will be generated.
The nonce is used to prevent replay attacks but some servers do not support it.
Checks the nonce validity for this request and response.
The return value is one of the following:
nonce in request only.
nonces both present and not equal.
nonces present and equal.
nonces both absent.
nonce present in response only.
For most responses, clients can check result > 0. If a responder doesn’t handle nonces result.nonzero?
may be necessary. A result of 0
is always an error.
Adds nonce to this response. If no nonce was provided a random nonce will be added.
Adds a certificate status for certificate_id. status is the status, and must be one of these:
OpenSSL::OCSP::V_CERTSTATUS_GOOD
OpenSSL::OCSP::V_CERTSTATUS_REVOKED
OpenSSL::OCSP::V_CERTSTATUS_UNKNOWN
reason and revocation_time can be given only when status is OpenSSL::OCSP::V_CERTSTATUS_REVOKED. reason describes the reason for the revocation, and must be one of OpenSSL::OCSP::REVOKED_STATUS_* constants. revocation_time is the time when the certificate is revoked.
this_update and next_update indicate the time at which the status is verified to be correct and the time at or before which newer information will be available, respectively. next_update is optional.
extensions is an Array
of OpenSSL::X509::Extension
to be included in the SingleResponse
. This is also optional.
Note that the times, revocation_time, this_update and next_update can be specified in either of Integer
or Time
object. If they are Integer
, it is treated as the relative seconds from the current time.
Returns the status of the certificate identified by the certid. The return value may be one of these constant:
V_CERTSTATUS_GOOD
V_CERTSTATUS_REVOKED
V_CERTSTATUS_UNKNOWN
When the status is V_CERTSTATUS_REVOKED, the time at which the certificate was revoked can be retrieved by revocation_time
.
In cases of failure this field may contain an array of strings further describing the origin of the failure.
Create an exception with class klass
and message