Sets n, e, d for the RSA
instance.
Returns the security level for the context.
See also OpenSSL::SSL::SSLContext#security_level=
.
Sets the security level for the context. OpenSSL
limits parameters according to the level. The “parameters” include: ciphersuites, curves, key sizes, certificate signature algorithms, protocol version and so on. For example, level 1 rejects parameters offering below 80 bits of security, such as ciphersuites using MD5 for the MAC or RSA keys shorter than 1024 bits.
Note that attempts to set such parameters with insufficient security are also blocked. You need to lower the level first.
This feature is not supported in OpenSSL
< 1.1.0, and setting the level to other than 0 will raise NotImplementedError
. Level 0 means everything is permitted, the same behavior as previous versions of OpenSSL
.
See the manpage of SSL_CTX_set_security_level(3) for details.
Close the stream for reading. This method is ignored by OpenSSL
as there is no reasonable way to implement it, but exists for compatibility with IO
.
Closes the stream for writing. The behavior of this method depends on the version of OpenSSL
and the TLS protocol in use.
Sends a ‘close_notify’ alert to the peer.
Does not wait for the peer’s ‘close_notify’ alert in response.
In TLS 1.2 and earlier:
On receipt of a ‘close_notify’ alert, responds with a ‘close_notify’ alert of its own and close down the connection immediately, discarding any pending writes.
Therefore, on TLS 1.2, this method will cause the connection to be completely shut down. On TLS 1.3, the connection will remain open for reading only.
A non-blocking version of sysread
. Raises an SSLError
if reading would block. If “exception: false” is passed, this method returns a symbol of :wait_readable, :wait_writable, or nil, rather than raising an exception.
Reads length bytes from the SSL
connection. If a pre-allocated buffer is provided the data will be written into it.
Writes string to the SSL
connection in a non-blocking manner. Raises an SSLError
if writing would block.
Returns the result of the peer certificates verification. See verify(1) for error values and descriptions.
If no peer certificate was presented X509_V_OK is returned.
Returns the protocol string that was finally selected by the client during the handshake.
Converts the name to DER encoding
Returns the human readable error string corresponding to the error code retrieved by error
.
See also the man page X509_verify_cert_error_string(3).
Returns the certificate which caused the error.
See also the man page X509_STORE_CTX_get_current_cert(3).
The long name of the ObjectId
, as defined in <openssl/objects.h>.
Returns the DER encoding of this SPKI
.
Adds a nonce to the OCSP
request. If no nonce is given a random one will be generated.
The nonce is used to prevent replay attacks but some servers do not support it.