diff options
| author | gotoyuzo <gotoyuzo@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2007-12-22 08:31:53 +0000 |
|---|---|---|
| committer | gotoyuzo <gotoyuzo@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2007-12-22 08:31:53 +0000 |
| commit | 8729ba2be9165bbb5aa368af7d7a253f4babae82 (patch) | |
| tree | 5936b85b869207c2e61fb7820c487181a4b04336 /ext | |
| parent | ed9b8604f049f9127e9b2752eea9d3c205407e19 (diff) | |
| download | ruby-8729ba2be9165bbb5aa368af7d7a253f4babae82.tar.gz ruby-8729ba2be9165bbb5aa368af7d7a253f4babae82.tar.xz ruby-8729ba2be9165bbb5aa368af7d7a253f4babae82.zip | |
* ext/openssl/lib/net/ssl.rb (OpenSSL::SSL::SSLContext.build): removed.
* ext/openssl/lib/net/ssl.rb (OpenSSL::SSL::SSLContext#set_params):
new method to set suitable SSL parameters.
* lib/net/pop.rb, lib/net/http.rb, lib/net/imap.rb,
test/openssl/test_ssl.rb: follow above change.
* test/net/http/test_https.rb: refine error case.
git-svn-id: http://svn.ruby-lang.org/repos/ruby/trunk@14479 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'ext')
| -rw-r--r-- | ext/openssl/lib/openssl/ssl.rb | 42 |
1 files changed, 20 insertions, 22 deletions
diff --git a/ext/openssl/lib/openssl/ssl.rb b/ext/openssl/lib/openssl/ssl.rb index 71726801c..948c55f25 100644 --- a/ext/openssl/lib/openssl/ssl.rb +++ b/ext/openssl/lib/openssl/ssl.rb @@ -21,30 +21,28 @@ require "fcntl" module OpenSSL module SSL class SSLContext - class <<self - def build(params={}) - default_params = { - :ssl_version => "SSLv23", - :verify_mode => OpenSSL::SSL::VERIFY_PEER, - :ciphers => "ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW", - :options => OpenSSL::SSL::OP_ALL, - } - params = default_params.merge(params) - ctx = new() - params.each{|name, value| ctx.__send__("#{name}=", value) } - ctx.verify_mode ||= OpenSSL::SSL::VERIFY_NONE - if ctx.verify_mode != OpenSSL::SSL::VERIFY_NONE - unless ctx.ca_file or ctx.ca_path or - ctx.cert_store or ctx.verify_callback - ctx.cert_store = OpenSSL::X509::Store.new - if defined?(OpenSSL::X509::V_FLAG_CRL_CHECK_ALL) - ctx.cert_store.flags = OpenSSL::X509::V_FLAG_CRL_CHECK_ALL - end - ctx.cert_store.set_default_paths - end + DEFAULT_PARAMS = { + :ssl_version => "SSLv23", + :verify_mode => OpenSSL::SSL::VERIFY_PEER, + :ciphers => "ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW", + :options => OpenSSL::SSL::OP_ALL, + } + + DEFAULT_CERT_STORE = OpenSSL::X509::Store.new + DEFAULT_CERT_STORE.set_default_paths + if defined?(OpenSSL::X509::V_FLAG_CRL_CHECK_ALL) + DEFAULT_CERT_STORE.flags = OpenSSL::X509::V_FLAG_CRL_CHECK_ALL + end + + def set_params(params={}) + params = DEFAULT_PARAMS.merge(params) + params.each{|name, value| self.__send__("#{name}=", value) } + if self.verify_mode != OpenSSL::SSL::VERIFY_NONE + unless self.ca_file or self.ca_path or self.cert_store + self.cert_store = DEFAULT_CERT_STORE end - return ctx end + return params end end |