module OpenSSL::SSL

Use SSLContext to set up the parameters for a TLS (former SSL) connection. Both client and server TLS connections are supported, SSLSocket and SSLServer may be used in conjunction with an instance of SSLContext to set up connections.

let rdoc know about mOSSL

Public Class Methods

verify_certificate_identity(cert, hostname) click to toggle source

# File ext/openssl/lib/openssl/ssl.rb, line 136
def verify_certificate_identity(cert, hostname)
 should_verify_common_name = true
 cert.extensions.each{|ext|
 next if ext.oid != "subjectAltName"
 ostr = OpenSSL::ASN1.decode(ext.to_der).value.last
 sequence = OpenSSL::ASN1.decode(ostr.value)
 sequence.value.each{|san|
 case san.tag
 when 2 # dNSName in GeneralName (RFC5280)
 should_verify_common_name = false
 return true if verify_hostname(hostname, san.value)
 when 7 # iPAddress in GeneralName (RFC5280)
 should_verify_common_name = false
 # follows GENERAL_NAME_print() in x509v3/v3_alt.c
 if san.value.size == 4
 return true if san.value.unpack('C*').join('.') == hostname
 elsif san.value.size == 16
 return true if san.value.unpack('n*').map { |e| sprintf("%X", e) }.join(':') == hostname
 end
 end
 }
 }
 if should_verify_common_name
 cert.subject.to_a.each{|oid, value|
 if oid == "CN"
 return true if verify_hostname(hostname, value)
 end
 }
 end
 return false
end

Private Instance Methods

verify_certificate_identity(cert, hostname) click to toggle source

# File ext/openssl/lib/openssl/ssl.rb, line 136
def verify_certificate_identity(cert, hostname)
 should_verify_common_name = true
 cert.extensions.each{|ext|
 next if ext.oid != "subjectAltName"
 ostr = OpenSSL::ASN1.decode(ext.to_der).value.last
 sequence = OpenSSL::ASN1.decode(ostr.value)
 sequence.value.each{|san|
 case san.tag
 when 2 # dNSName in GeneralName (RFC5280)
 should_verify_common_name = false
 return true if verify_hostname(hostname, san.value)
 when 7 # iPAddress in GeneralName (RFC5280)
 should_verify_common_name = false
 # follows GENERAL_NAME_print() in x509v3/v3_alt.c
 if san.value.size == 4
 return true if san.value.unpack('C*').join('.') == hostname
 elsif san.value.size == 16
 return true if san.value.unpack('n*').map { |e| sprintf("%X", e) }.join(':') == hostname
 end
 end
 }
 }
 if should_verify_common_name
 cert.subject.to_a.each{|oid, value|
 if oid == "CN"
 return true if verify_hostname(hostname, value)
 end
 }
 end
 return false
end