Project

General

Profile

Bug #8758 » 0001-DOC-adding-basic-documentation-to-SSLServer.patch

lisukorin (Rafał Lisowski), 08/09/2013 08:55 AM

View differences:

ChangeLog
1
Fri Aug  9 01:13:18 2013  Rafał Lisowski  <lisukorin@gmail.com>
2
	* ext/openssl/ssl.rb: [DOC] adding basic documentation
3
	  to SSLServer.
4

  
1 5
Fri Aug  9 00:10:32 2013  Nobuyoshi Nakada  <nobu@ruby-lang.org>
2 6

  
3 7
	* enumerator.c (lazy_zip_func): fix non-single argument.  fix
ext/openssl/lib/openssl/ssl.rb
148 148
      end
149 149
    end
150 150

  
151
    ##
152
    #
153
    # SSLServer represents a TCP/IP server socket with Secure Sockets Layer.
154
    #
155
    # A simple SSL server may look like:
156
    #
157
    #   require 'socket'
158
    #   require 'openssl'
159
    #
160
    #   tcp_serv = TCPServer.new("127.0.0.1", 28561)
161
    #
162
    #   ssl_context = OpenSSL::SSL::SSLContext.new
163
    #   ssl_context.ca_file = 'ca.pem'
164
    #   ssl_context.cert = OpenSSL::X509::Certificate.new( File.open( 'cert.cert' ))
165
    #   ssl_context.key = OpenSSL::PKey::RSA.new( File.open( 'priv.key' ))
166
    #   ssl_context.ciphers = 'HIGH:MEDIUM'
167
    #   ssl_context.ssl_version = 'TLSv1'
168
    #   flags = OpenSSL::SSL::VERIFY_PEER|OpenSSL::SSL::VERIFY_FAIL_IF_NO_PEER_CERT
169
    #   ssl_context.verify_mode = flags
170
    #
171
    #   ssl_serv = OpenSSL::SSL::SSLServer.new( tcp_serv, ssl_context )
172
    #
173
    #   socket = ssl_serv.accept
174
    #   socket.puts Time.now
175
    #   socket.close
176
    #
177
    # Note that cert.cert and priv.key can be in one pem file.
178
    # In that case pass the same file to both context methods (cert and key).
179
    #
180
    # OpenSSL provides detailed instruction how generate certificates using Ruby.
181
    #
182
    # To manually test above server one can use
183
    # openssl s_client[http://www.openssl.org/docs/apps/s_client.html] eg
184
    #
185
    #   $ openssl s_client -host localhost -port 28561 -tls1 -cert ./cert.pem
186
    #
151 187
    class SSLServer
152 188
      include SocketForwarder
189
      # if true then #accept works exactly the same
190
      # as TCPServer#accept
153 191
      attr_accessor :start_immediately
154 192

  
193
      # Create a new SSLServer.
194
      # * +srv+ is a TCPServer instance
195
      # * +ctx+ is a OpenSSL::SSL::SSLContext instance
155 196
      def initialize(svr, ctx)
156 197
        @svr = svr
157 198
        @ctx = ctx
......
164 205
        @start_immediately = true
165 206
      end
166 207

  
208
      # Returns TCPServer passed as an first argument to initializer.
167 209
      def to_io
168 210
        @svr
169 211
      end
170 212

  
213
      # See TCPServer#listen for details.
171 214
      def listen(backlog=5)
172 215
        @svr.listen(backlog)
173 216
      end
174 217

  
218
      # See BasicSocket#shutdown for details.
175 219
      def shutdown(how=Socket::SHUT_RDWR)
176 220
        @svr.shutdown(how)
177 221
      end
178 222

  
223
      # Works similar to TCPServer#accept.
179 224
      def accept
180 225
        sock = @svr.accept
181 226
        begin
......
189 234
        end
190 235
      end
191 236

  
237
      # See IO#close for details.
192 238
      def close
193 239
        @svr.close
194 240
      end