2
2
class SSLSocket < Socket
4
HAVE_NONBLOCK = [:connect_nonblock, :read_nonblock, :write_nonblock].all? {|m|
5
OpenSSL::SSL::SSLSocket.public_method_defined?(m)
4
8
def initialize(data = {})
10
11
# create ssl context
11
12
ssl_context = OpenSSL::SSL::SSLContext.new
13
ssl_context.ciphers = @data[:ciphers]
14
ssl_context.ssl_version = @data[:ssl_version] if @data[:ssl_version]
13
15
if @data[:ssl_verify_peer]
14
16
# turn verification on
15
17
ssl_context.verify_mode = OpenSSL::SSL::VERIFY_PEER
17
if @data[:ssl_ca_path]
18
ssl_context.ca_path = @data[:ssl_ca_path]
19
elsif @data[:ssl_ca_file]
20
ssl_context.ca_file = @data[:ssl_ca_file]
19
if ca_path = ENV['SSL_CERT_DIR'] || @data[:ssl_ca_path]
20
ssl_context.ca_path = ca_path
21
elsif ca_file = ENV['SSL_CERT_FILE'] || @data[:ssl_ca_file]
22
ssl_context.ca_file = ca_file
21
23
else # attempt default, fallback to bundled
22
24
ssl_context.cert_store = OpenSSL::X509::Store.new
23
if !defined?(OpenSSL::Config::DEFAULT_CONFIG_FILE) || File.exists?(OpenSSL::Config::DEFAULT_CONFIG_FILE)
24
ssl_context.cert_store.set_default_paths
26
ssl_context.cert_store.add_file(DEFAULT_CA_FILE)
25
ssl_context.cert_store.set_default_paths
27
# workaround issue #257 (JRUBY-6970)
28
ca_file = DEFAULT_CA_FILE
29
ca_file.gsub!(/^jar:/, "") if ca_file =~ /^jar:file:\//
32
ssl_context.cert_store.add_file(ca_file)
34
Excon.display_warning("Excon unable to add file to cert store, ignoring: #{ca_file}\n[#{e.class}] #{e.message}")
47
request = 'CONNECT ' << @data[:host] << ':' << @data[:port] << Excon::HTTP_1_1
48
request << 'Host: ' << @data[:host] << ':' << @data[:port] << Excon::CR_NL
55
request = 'CONNECT ' << @data[:host] << port_string(@data) << Excon::HTTP_1_1
56
request << 'Host: ' << @data[:host] << port_string(@data) << Excon::CR_NL
50
58
if @data[:proxy][:password] || @data[:proxy][:user]
51
59
auth = ['' << @data[:proxy][:user].to_s << ':' << @data[:proxy][:password].to_s].pack('m').delete(Excon::CR_NL)
84
def read(max_length=nil)
85
check_nonblock_support
90
check_nonblock_support
96
def check_nonblock_support
97
95
# backwards compatability for things lacking nonblock
98
if !DEFAULT_NONBLOCK && @data[:nonblock]
99
Excon.display_warning("Excon nonblock is not supported by your OpenSSL::SSL::SSLSocket")
100
@data[:nonblock] = false
105
check_nonblock_support
96
@nonblock = HAVE_NONBLOCK && @nonblock