Class | DRb::DRbSSLSocket::SSLConfig |
In: |
lib/drb/ssl.rb
|
Parent: | Object |
DEFAULT | = | { :SSLCertificate => nil, :SSLPrivateKey => nil, :SSLClientCA => nil, :SSLCACertificatePath => nil, :SSLCACertificateFile => nil, :SSLVerifyMode => ::OpenSSL::SSL::VERIFY_NONE, :SSLVerifyDepth => nil, :SSLVerifyCallback => nil, # custom verification :SSLCertificateStore => nil, # Must specify if you use auto generated certificate. :SSLCertName => nil, # e.g. [["CN","fqdn.example.com"]] :SSLCertComment => "Generated by Ruby/OpenSSL" |
# File lib/drb/ssl.rb, line 27 27: def initialize(config) 28: @config = config 29: @cert = config[:SSLCertificate] 30: @pkey = config[:SSLPrivateKey] 31: @ssl_ctx = nil 32: end
# File lib/drb/ssl.rb, line 45 45: def accept(tcp) 46: ssl = OpenSSL::SSL::SSLSocket.new(tcp, @ssl_ctx) 47: ssl.sync = true 48: ssl.accept 49: ssl 50: end
# File lib/drb/ssl.rb, line 38 38: def connect(tcp) 39: ssl = ::OpenSSL::SSL::SSLSocket.new(tcp, @ssl_ctx) 40: ssl.sync = true 41: ssl.connect 42: ssl 43: end
# File lib/drb/ssl.rb, line 52 52: def setup_certificate 53: if @cert && @pkey 54: return 55: end 56: 57: rsa = OpenSSL::PKey::RSA.new(512){|p, n| 58: next unless self[:verbose] 59: case p 60: when 0; $stderr.putc "." # BN_generate_prime 61: when 1; $stderr.putc "+" # BN_generate_prime 62: when 2; $stderr.putc "*" # searching good prime, 63: # n = #of try, 64: # but also data from BN_generate_prime 65: when 3; $stderr.putc "\n" # found good prime, n==0 - p, n==1 - q, 66: # but also data from BN_generate_prime 67: else; $stderr.putc "*" # BN_generate_prime 68: end 69: } 70: 71: cert = OpenSSL::X509::Certificate.new 72: cert.version = 3 73: cert.serial = 0 74: name = OpenSSL::X509::Name.new(self[:SSLCertName]) 75: cert.subject = name 76: cert.issuer = name 77: cert.not_before = Time.now 78: cert.not_after = Time.now + (365*24*60*60) 79: cert.public_key = rsa.public_key 80: 81: ef = OpenSSL::X509::ExtensionFactory.new(nil,cert) 82: cert.extensions = [ 83: ef.create_extension("basicConstraints","CA:FALSE"), 84: ef.create_extension("subjectKeyIdentifier", "hash") ] 85: ef.issuer_certificate = cert 86: cert.add_extension(ef.create_extension("authorityKeyIdentifier", 87: "keyid:always,issuer:always")) 88: if comment = self[:SSLCertComment] 89: cert.add_extension(ef.create_extension("nsComment", comment)) 90: end 91: cert.sign(rsa, OpenSSL::Digest::SHA1.new) 92: 93: @cert = cert 94: @pkey = rsa 95: end
# File lib/drb/ssl.rb, line 97 97: def setup_ssl_context 98: ctx = ::OpenSSL::SSL::SSLContext.new 99: ctx.cert = @cert 100: ctx.key = @pkey 101: ctx.client_ca = self[:SSLClientCA] 102: ctx.ca_path = self[:SSLCACertificatePath] 103: ctx.ca_file = self[:SSLCACertificateFile] 104: ctx.verify_mode = self[:SSLVerifyMode] 105: ctx.verify_depth = self[:SSLVerifyDepth] 106: ctx.verify_callback = self[:SSLVerifyCallback] 107: ctx.cert_store = self[:SSLCertificateStore] 108: @ssl_ctx = ctx 109: end