class Qpid::Proton::SSL
The SSL
support for Transport
.
A Transport
may be configured ot use SLL for encryption and/or authentication. A Transport
can be configured as either the SSL
client or the server. An SSL
client is the party that proctively establishes a connection to an SSL
server. An SSL
server is the party that accepts a connection request from the remote SSL
client.
If either the client or the server needs to identify itself with the remote node, it must have its SSL
certificate configured.
@see SSLDomain#credentials
For setting the SSL
certificate.
If either the client or the server needs to verify the identify of the remote node, it must have its database of trusted CAs configured.
@see SSLDomain#trusted_ca_db
Setting the CA database.
An SSL
server connection may allow the remote client to connect without SS (i.e., “in the clear”).
@see SSLDomain#allow_unsecured_client
Allowing unsecured clients.
The level of verification required of the remote may be configured.
@see SSLDomain#peer_authentication
Setting peer authentication.
Support for SSL
client session resume is provided as well.
@see SSLDomain
@see resume_status
Constants
Public Class Methods
@private
# File lib/core/ssl.rb, line 78 def self.create(transport, domain, session_details = nil) result = nil # like python, make sure we're not creating a different SSL # object for a transport with an existing SSL object if transport.ssl? transport.instance_eval { result = @ssl } if ((!domain.nil? && (result.domain != domain)) || (!session_details.nil? && (result.session_details != session_details))) raise SSLException.new("cannot re-configure existing SSL object") end else impl = Cproton.pn_ssl(transport.impl) session_id = nil session_id = session_details.session_id unless session_details.nil? result = SSL.new(impl, domain, session_details, session_id) end return result end
# File lib/core/ssl.rb, line 99 def initialize(impl, domain, session_details, session_id) @impl = impl @domain = domain.impl unless domain.nil? @session_details = session_details @session_id = session_id Cproton.pn_ssl_init(@impl, @domain, @session_id) end
Public Instance Methods
Returns the cipher name that is currently in used.
Gets the text description of the cipher that is currently active, or returns nil if SSL
is not active. Note that the cipher in use my change over time due to renegotiation or other changes to the SSL
layer.
@return [String, nil] The cipher name.
# File lib/core/ssl.rb, line 117 def cipher_name rc, name = Cproton.pn_ssl_get_cipher_name(@impl, 128) return name if rc nil end
Gets the peer hostname.
@return [String] The peer hostname.
# File lib/core/ssl.rb, line 150 def peer_hostname (error, name) = Cproton.pn_ssl_get_peer_hostname(@impl, 1024) raise SSLError.new if error < 0 return name end
Returns the name of the SSL
protocol that is currently active, or returns nil if SSL
is nota ctive. Not that the protocol may change over time due to renegotation.
@return [String, nil] The protocol name.
# File lib/core/ssl.rb, line 129 def protocol_name rc, name = Cproton.pn_ssl_get_protocol_name(@impl, 128) name if rc end
Checks whether or not the state has resumed.
Used for client session resume. When called on an active session, it indicates wehther the state has been resumed from a previous session.
NOTE: This is a best-effort service - there is no guarantee that the remote server will accept the resumed parameters. The remote server may choose to ignore these parameters, and request a renegotation instead.
# File lib/core/ssl.rb, line 143 def resume_status Cproton.pn_ssl_resume_status(@impl) end