67
67
"verify_callback", "options", "cert_store", "extra_chain_cert",
68
68
"client_cert_cb", "tmp_dh_callback", "session_id_context",
69
69
"session_get_cb", "session_new_cb", "session_remove_cb",
70
#ifdef HAVE_SSL_SET_TLSEXT_HOST_NAME
72
75
#define ossl_ssl_get_io(o) rb_iv_get((o),"@io")
84
87
#define ossl_ssl_set_tmp_dh(o,v) rb_iv_set((o),"@tmp_dh",(v))
86
89
static const char *ossl_ssl_attr_readers[] = { "io", "context", };
87
static const char *ossl_ssl_attrs[] = { "sync_close", };
90
static const char *ossl_ssl_attrs[] = {
91
#ifdef HAVE_SSL_SET_TLSEXT_HOST_NAME
89
97
ID ID_callback_state;
96
104
SSL_METHOD *(*func)(void);
97
105
} ossl_ssl_method_tab[] = {
98
#define OSSL_SSL_METHOD_ENTRY(name) { #name, name##_method }
106
#define OSSL_SSL_METHOD_ENTRY(name) { #name, (SSL_METHOD *(*)(void))name##_method }
99
107
OSSL_SSL_METHOD_ENTRY(TLSv1),
100
108
OSSL_SSL_METHOD_ENTRY(TLSv1_server),
101
109
OSSL_SSL_METHOD_ENTRY(TLSv1_client),
296
304
ossl_call_session_get_cb(VALUE ary)
298
306
VALUE ssl_obj, sslctx_obj, cb;
300
308
Check_Type(ary, T_ARRAY);
301
309
ssl_obj = rb_ary_entry(ary, 0);
343
351
ossl_call_session_new_cb(VALUE ary)
345
353
VALUE ssl_obj, sslctx_obj, cb;
347
355
Check_Type(ary, T_ARRAY);
348
356
ssl_obj = rb_ary_entry(ary, 0);
457
static VALUE ossl_sslctx_setup(VALUE self);
459
#ifdef HAVE_SSL_SET_TLSEXT_HOST_NAME
461
ossl_call_servername_cb(VALUE ary)
463
VALUE ssl_obj, sslctx_obj, cb, ret_obj;
465
Check_Type(ary, T_ARRAY);
466
ssl_obj = rb_ary_entry(ary, 0);
468
sslctx_obj = rb_iv_get(ssl_obj, "@context");
469
if (NIL_P(sslctx_obj)) return Qnil;
470
cb = rb_iv_get(sslctx_obj, "@servername_cb");
471
if (NIL_P(cb)) return Qnil;
473
ret_obj = rb_funcall(cb, rb_intern("call"), 1, ary);
474
if (rb_obj_is_kind_of(ret_obj, cSSLContext)) {
478
ossl_sslctx_setup(ret_obj);
479
Data_Get_Struct(ssl_obj, SSL, ssl);
480
Data_Get_Struct(ret_obj, SSL_CTX, ctx2);
481
SSL_set_SSL_CTX(ssl, ctx2);
482
} else if (!NIL_P(ret_obj)) {
483
rb_raise(rb_eArgError, "servername_cb must return an OpenSSL::SSL::SSLContext object or nil");
490
ssl_servername_cb(SSL *ssl, int *ad, void *arg)
492
VALUE ary, ssl_obj, ret_obj;
495
const char *servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
498
return SSL_TLSEXT_ERR_OK;
500
if ((ptr = SSL_get_ex_data(ssl, ossl_ssl_ex_ptr_idx)) == NULL)
501
return SSL_TLSEXT_ERR_ALERT_FATAL;
502
ssl_obj = (VALUE)ptr;
503
ary = rb_ary_new2(2);
504
rb_ary_push(ary, ssl_obj);
505
rb_ary_push(ary, rb_str_new2(servername));
507
ret_obj = rb_protect((VALUE(*)_((VALUE)))ossl_call_servername_cb, ary, &state);
509
rb_ivar_set(ssl_obj, ID_callback_state, INT2NUM(state));
510
return SSL_TLSEXT_ERR_ALERT_FATAL;
513
return SSL_TLSEXT_ERR_OK;
451
519
* ctx.setup => Qtrue # first time
581
649
SSL_CTX_sess_set_remove_cb(ctx, ossl_sslctx_session_remove_cb);
582
650
OSSL_Debug("SSL SESSION remove callback added");
653
#ifdef HAVE_SSL_SET_TLSEXT_HOST_NAME
654
val = rb_iv_get(self, "@servername_cb");
656
SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb);
657
OSSL_Debug("SSL TLSEXT servername callback added");
902
982
Data_Get_Struct(self, SSL, ssl);
984
#ifdef HAVE_SSL_SET_TLSEXT_HOST_NAME
985
VALUE hostname = rb_iv_get(self, "@hostname");
904
988
v_ctx = ossl_ssl_get_ctx(self);
905
989
Data_Get_Struct(v_ctx, SSL_CTX, ctx);
911
995
DATA_PTR(self) = ssl;
997
#ifdef HAVE_SSL_SET_TLSEXT_HOST_NAME
998
if (!NIL_P(hostname)) {
999
if (SSL_set_tlsext_host_name(ssl, StringValuePtr(hostname)) != 1)
1000
ossl_raise(eSSLError, "SSL_set_tlsext_host_name:");
913
1003
io = ossl_ssl_get_io(self);
914
1004
GetOpenFile(io, fptr);
915
1005
rb_io_check_readable(fptr);
933
1023
#define ssl_get_error(ssl, ret) SSL_get_error(ssl, ret)
1027
write_would_block(int nonblock)
1030
VALUE exc = ossl_exc_new(eSSLError, "write would block");
1031
rb_extend_object(exc, rb_mWaitWritable);
1037
read_would_block(int nonblock)
1040
VALUE exc = ossl_exc_new(eSSLError, "read would block");
1041
rb_extend_object(exc, rb_mWaitReadable);
937
ossl_start_ssl(VALUE self, int (*func)(), const char *funcname)
1047
ossl_start_ssl(VALUE self, int (*func)(), const char *funcname, int nonblock)
946
1056
Data_Get_Struct(self, SSL, ssl);
947
1057
GetOpenFile(ossl_ssl_get_io(self), fptr);
949
if((ret = func(ssl)) > 0) break;
1061
cb_state = rb_ivar_get(self, ID_callback_state);
1062
if (!NIL_P(cb_state))
1063
rb_jump_tag(NUM2INT(cb_state));
950
1068
switch((ret2 = ssl_get_error(ssl, ret))){
951
1069
case SSL_ERROR_WANT_WRITE:
1070
write_would_block(nonblock);
952
1071
rb_io_wait_writable(FPTR_TO_FD(fptr));
954
1073
case SSL_ERROR_WANT_READ:
1074
read_would_block(nonblock);
955
1075
rb_io_wait_readable(FPTR_TO_FD(fptr));
957
1077
case SSL_ERROR_SYSCALL:
977
1093
ossl_ssl_connect(VALUE self)
979
1095
ossl_ssl_setup(self);
980
return ossl_start_ssl(self, SSL_connect, "SSL_connect");
1096
return ossl_start_ssl(self, SSL_connect, "SSL_connect", 0);
1101
* ssl.connect_nonblock => self
1103
* initiate the TLS/SSL handshake as a client in non-blocking manner.
1105
* # emulates blocking connect
1107
* ssl.connect_nonblock
1108
* rescue IO::WaitReadable
1111
* rescue IO::WaitWritable
1112
* IO.select(nil, [s2])
1118
ossl_ssl_connect_nonblock(VALUE self)
1120
ossl_ssl_setup(self);
1121
return ossl_start_ssl(self, SSL_connect, "SSL_connect", 1);
988
1129
ossl_ssl_accept(VALUE self)
990
1131
ossl_ssl_setup(self);
991
return ossl_start_ssl(self, SSL_accept, "SSL_accept");
1132
return ossl_start_ssl(self, SSL_accept, "SSL_accept", 0);
996
* ssl.sysread(length) => string
997
* ssl.sysread(length, buffer) => buffer
1000
* * +length+ is a positive integer.
1001
* * +buffer+ is a string used to store the result.
1137
* ssl.accept_nonblock => self
1139
* initiate the TLS/SSL handshake as a server in non-blocking manner.
1141
* # emulates blocking accept
1143
* ssl.accept_nonblock
1144
* rescue IO::WaitReadable
1147
* rescue IO::WaitWritable
1148
* IO.select(nil, [s2])
1004
ossl_ssl_read(int argc, VALUE *argv, VALUE self)
1154
ossl_ssl_accept_nonblock(VALUE self)
1156
ossl_ssl_setup(self);
1157
return ossl_start_ssl(self, SSL_accept, "SSL_accept", 1);
1161
ossl_ssl_read_internal(int argc, VALUE *argv, VALUE self, int nonblock)
1007
1164
int ilen, nread = 0;
1021
1178
Data_Get_Struct(self, SSL, ssl);
1022
1179
GetOpenFile(ossl_ssl_get_io(self), fptr);
1024
if(SSL_pending(ssl) <= 0)
1181
if(!nonblock && SSL_pending(ssl) <= 0)
1025
1182
rb_thread_wait_fd(FPTR_TO_FD(fptr));
1027
1184
nread = SSL_read(ssl, RSTRING_PTR(str), RSTRING_LEN(str));
1031
1188
case SSL_ERROR_ZERO_RETURN:
1032
1189
rb_eof_error();
1033
1190
case SSL_ERROR_WANT_WRITE:
1191
write_would_block(nonblock);
1034
1192
rb_io_wait_writable(FPTR_TO_FD(fptr));
1036
1194
case SSL_ERROR_WANT_READ:
1195
read_would_block(nonblock);
1037
1196
rb_io_wait_readable(FPTR_TO_FD(fptr));
1039
1198
case SSL_ERROR_SYSCALL:
1048
ID id_sysread = rb_intern("sysread");
1207
ID meth = nonblock ? rb_intern("read_nonblock") : rb_intern("sysread");
1049
1208
rb_warning("SSL session is not started yet.");
1050
return rb_funcall(ossl_ssl_get_io(self), id_sysread, 2, len, str);
1209
return rb_funcall(ossl_ssl_get_io(self), meth, 2, len, str);
1062
* ssl.syswrite(string) => integer
1065
ossl_ssl_write(VALUE self, VALUE str)
1222
* ssl.sysread(length) => string
1223
* ssl.sysread(length, buffer) => buffer
1226
* * +length+ is a positive integer.
1227
* * +buffer+ is a string used to store the result.
1230
ossl_ssl_read(int argc, VALUE *argv, VALUE self)
1232
return ossl_ssl_read_internal(argc, argv, self, 0);
1237
* ssl.sysread_nonblock(length) => string
1238
* ssl.sysread_nonblock(length, buffer) => buffer
1241
* * +length+ is a positive integer.
1242
* * +buffer+ is a string used to store the result.
1245
ossl_ssl_read_nonblock(int argc, VALUE *argv, VALUE self)
1247
return ossl_ssl_read_internal(argc, argv, self, 1);
1251
ossl_ssl_write_internal(VALUE self, VALUE str, int nonblock)
1068
1254
int nwrite = 0;
1079
1265
case SSL_ERROR_NONE:
1081
1267
case SSL_ERROR_WANT_WRITE:
1268
write_would_block(nonblock);
1082
1269
rb_io_wait_writable(FPTR_TO_FD(fptr));
1084
1271
case SSL_ERROR_WANT_READ:
1272
read_would_block(nonblock);
1085
1273
rb_io_wait_readable(FPTR_TO_FD(fptr));
1087
1275
case SSL_ERROR_SYSCALL:
1294
* ssl.syswrite(string) => integer
1297
ossl_ssl_write(VALUE self, VALUE str)
1299
return ossl_ssl_write_internal(self, str, 0);
1304
* ssl.syswrite_nonblock(string) => integer
1307
ossl_ssl_write_nonblock(VALUE self, VALUE str)
1309
return ossl_ssl_write_internal(self, str, 1);
1106
1314
* ssl.sysclose => nil
1196
1404
chain = SSL_get_peer_cert_chain(ssl);
1197
1405
if(!chain) return Qnil;
1198
num = sk_num(chain);
1406
num = sk_X509_num(chain);
1199
1407
ary = rb_ary_new2(num);
1200
1408
for (i = 0; i < num; i++){
1201
cert = (X509*)sk_value(chain, i);
1409
cert = sk_X509_value(chain, i);
1202
1410
rb_ary_push(ary, ossl_x509_new(cert));
1369
1577
for(i = 0; i < numberof(ossl_sslctx_attrs); i++)
1370
1578
rb_attr(cSSLContext, rb_intern(ossl_sslctx_attrs[i]), 1, 1, Qfalse);
1371
1579
rb_define_alias(cSSLContext, "ssl_timeout", "timeout");
1580
rb_define_alias(cSSLContext, "ssl_timeout=", "timeout=");
1372
1581
rb_define_method(cSSLContext, "initialize", ossl_sslctx_initialize, -1);
1373
1582
rb_define_method(cSSLContext, "ssl_version=", ossl_sslctx_set_ssl_version, 1);
1374
1583
rb_define_method(cSSLContext, "ciphers", ossl_sslctx_get_ciphers, 0);
1377
1586
rb_define_method(cSSLContext, "setup", ossl_sslctx_setup, 0);
1380
1589
rb_define_const(cSSLContext, "SESSION_CACHE_OFF", LONG2FIX(SSL_SESS_CACHE_OFF));
1381
1590
rb_define_const(cSSLContext, "SESSION_CACHE_CLIENT", LONG2FIX(SSL_SESS_CACHE_CLIENT)); /* doesn't actually do anything in 0.9.8e */
1382
1591
rb_define_const(cSSLContext, "SESSION_CACHE_SERVER", LONG2FIX(SSL_SESS_CACHE_SERVER));
1417
1626
rb_define_alias(cSSLSocket, "to_io", "io");
1418
1627
rb_define_method(cSSLSocket, "initialize", ossl_ssl_initialize, -1);
1419
1628
rb_define_method(cSSLSocket, "connect", ossl_ssl_connect, 0);
1629
rb_define_method(cSSLSocket, "connect_nonblock", ossl_ssl_connect_nonblock, 0);
1420
1630
rb_define_method(cSSLSocket, "accept", ossl_ssl_accept, 0);
1631
rb_define_method(cSSLSocket, "accept_nonblock", ossl_ssl_accept_nonblock, 0);
1421
1632
rb_define_method(cSSLSocket, "sysread", ossl_ssl_read, -1);
1633
rb_define_private_method(cSSLSocket, "sysread_nonblock", ossl_ssl_read_nonblock, -1);
1422
1634
rb_define_method(cSSLSocket, "syswrite", ossl_ssl_write, 1);
1635
rb_define_private_method(cSSLSocket, "syswrite_nonblock", ossl_ssl_write_nonblock, 1);
1423
1636
rb_define_method(cSSLSocket, "sysclose", ossl_ssl_close, 0);
1424
1637
rb_define_method(cSSLSocket, "cert", ossl_ssl_get_cert, 0);
1425
1638
rb_define_method(cSSLSocket, "peer_cert", ossl_ssl_get_peer_cert, 0);