class Qpid::Proton::SSL

The SSL support for Transport.

A Transport may be configured ot use SLL for encryption and/or authentication. A Transport can be configured as either the SSL client or the server. An SSL client is the party that proctively establishes a connection to an SSL server. An SSL server is the party that accepts a connection request from the remote SSL client.

If either the client or the server needs to identify itself with the remote node, it must have its SSL certificate configured.

@see SSLDomain#credentials For setting the SSL certificate.

If either the client or the server needs to verify the identify of the remote node, it must have its database of trusted CAs configured.

@see SSLDomain#trusted_ca_db Setting the CA database.

An SSL server connection may allow the remote client to connect without SS (i.e., “in the clear”).

@see SSLDomain#allow_unsecured_client Allowing unsecured clients.

The level of verification required of the remote may be configured.

@see SSLDomain#peer_authentication Setting peer authentication.

Support for SSL client session resume is provided as well.

@see SSLDomain @see resume_status

Constants

PROTON_METHOD_PREFIX

@private

RESUME_NEW

Session renegotiated and not resumed.

RESUME_REUSED

Session resumed from the previous session.

RESUME_UNKNOWN

Session resume state is unkonnwn or not supported.

Public Class Methods

create(transport, domain, session_details = nil) click to toggle source

@private

# File lib/core/ssl.rb, line 78
def self.create(transport, domain, session_details = nil)
  result = nil
  # like python, make sure we're not creating a different SSL
  # object for a transport with an existing SSL object
  if transport.ssl?
    transport.instance_eval { result = @ssl }
    if ((!domain.nil? && (result.domain != domain)) ||
        (!session_details.nil? && (result.session_details != session_details)))
      raise SSLException.new("cannot re-configure existing SSL object")
    end
  else
    impl = Cproton.pn_ssl(transport.impl)
    session_id = nil
    session_id = session_details.session_id unless session_details.nil?
    result = SSL.new(impl, domain, session_details, session_id)
  end
  return result
end
new(impl, domain, session_details, session_id) click to toggle source
# File lib/core/ssl.rb, line 99
def initialize(impl, domain, session_details, session_id)
  @impl = impl
  @domain = domain.impl unless domain.nil?
  @session_details = session_details
  @session_id = session_id
  Cproton.pn_ssl_init(@impl, @domain, @session_id)
end
present?() click to toggle source

Returns whether SSL is supported.

@return [Boolean] True if SSL support is available.

# File lib/core/ssl.rb, line 73
def self.present?
  Cproton.pn_ssl_present
end

Public Instance Methods

cipher_name() click to toggle source

Returns the cipher name that is currently in used.

Gets the text description of the cipher that is currently active, or returns nil if SSL is not active. Note that the cipher in use my change over time due to renegotiation or other changes to the SSL layer.

@return [String, nil] The cipher name.

# File lib/core/ssl.rb, line 117
def cipher_name
  rc, name = Cproton.pn_ssl_get_cipher_name(@impl, 128)
  return name if rc
  nil
end
peer_hostname() click to toggle source

Gets the peer hostname.

@return [String] The peer hostname.

# File lib/core/ssl.rb, line 150
def peer_hostname
  (error, name) = Cproton.pn_ssl_get_peer_hostname(@impl, 1024)
  raise SSLError.new if error < 0
  return name
end
protocol_name() click to toggle source

Returns the name of the SSL protocol that is currently active, or returns nil if SSL is nota ctive. Not that the protocol may change over time due to renegotation.

@return [String, nil] The protocol name.

# File lib/core/ssl.rb, line 129
def protocol_name
  rc, name = Cproton.pn_ssl_get_protocol_name(@impl, 128)
  name if rc
end
resume_status() click to toggle source

Checks whether or not the state has resumed.

Used for client session resume. When called on an active session, it indicates wehther the state has been resumed from a previous session.

NOTE: This is a best-effort service - there is no guarantee that the remote server will accept the resumed parameters. The remote server may choose to ignore these parameters, and request a renegotation instead.

# File lib/core/ssl.rb, line 143
def resume_status
  Cproton.pn_ssl_resume_status(@impl)
end