Class HTTPClient::SSLConfig
In: lib/httpclient/ssl_config.rb
Parent: Object

Represents SSL configuration for HTTPClient instance. The implementation depends on OpenSSL.

Trust Anchor Control

SSLConfig loads ‘httpclient/cacert.p7s’ as a trust anchor (trusted certificate(s)) with set_trust_ca in initialization time. This means that HTTPClient instance trusts some CA certificates by default, like Web browsers. ‘httpclient/cacert.p7s’ is created by the author and included in released package.

‘cacert.p7s’ is automatically generated from JDK 1.6.

You may want to change trust anchor by yourself. Call clear_cert_store then set_trust_ca for that purpose.

Methods

Included Modules

OpenSSL

Constants

DIST_CERT = <<__DIST_CERT__ -----BEGIN CERTIFICATE----- MIID/TCCAuWgAwIBAgIBATANBgkqhkiG9w0BAQ0FADBLMQswCQYDVQQGEwJKUDER MA8GA1UECgwIY3Rvci5vcmcxFDASBgNVBAsMC0RldmVsb3BtZW50MRMwEQYDVQQD DApodHRwY2xpZW50MB4XDTA5MDUyMTEyMzkwNVoXDTM3MTIzMTIzNTk1OVowSzEL MAkGA1UEBhMCSlAxETAPBgNVBAoMCGN0b3Iub3JnMRQwEgYDVQQLDAtEZXZlbG9w bWVudDETMBEGA1UEAwwKaHR0cGNsaWVudDCCASIwDQYJKoZIhvcNAQEBBQADggEP ADCCAQoCggEBAM2PlkdTH97zvIHoPIMj87wnNvpqIQUD7L/hlysO0XBsmR/XZUeU ZKB10JQqMXviWpTnU9KU6xGTx3EI4wfd2dpLwH/d4d7K4LngW1kY7kJlZeJhakno GzQ40RSI9WkQ0R9KOE888f7OkTBafcL8UyWFVIMhQBw2d9iNl4Jc69QojayCDoSX XbbEP0n8yi7HwIU3RFuX6DtMpOx4/1K7Z002ccOGJ3J9kHgeDQSQtF42cQYC7qj2 67I/OQgnB7ycxTCP0E7bdXQg+zqsngrhaoNn/+I+CoO7nD4t4uQ+B4agALh4PPxs bQD9MCL+VurNGLYv0HVd+ZlLblpddC9PLTsCAwEAAaOB6zCB6DAPBgNVHRMBAf8E BTADAQH/MDEGCWCGSAGG+EIBDQQkFiJSdWJ5L09wZW5TU0wgR2VuZXJhdGVkIENl cnRpZmljYXRlMB0GA1UdDgQWBBRAnB6XlMoOcm7HVAw+JWxY205PHTAOBgNVHQ8B Af8EBAMCAQYwcwYDVR0jBGwwaoAUQJwel5TKDnJux1QMPiVsWNtOTx2hT6RNMEsx CzAJBgNVBAYTAkpQMREwDwYDVQQKDAhjdG9yLm9yZzEUMBIGA1UECwwLRGV2ZWxv cG1lbnQxEzARBgNVBAMMCmh0dHBjbGllbnSCAQEwDQYJKoZIhvcNAQENBQADggEB ABVFepybD5XqsBnOn/oDHvK0xAPMF4Ap4Ht1yMQLObg8paVhANSdqIevPlCr/mPL DRjcy+J1fCnE6lCfsfLdTgAjirqt8pm92NccxmJ8hTmMd3LWC1n+eYWaolqTCVRM Bpe8UY9enyXrFoudHlr9epr18E6As6VrCSfpXFZkD9WHVSWpzkB3qATu5qcDCzCH bI0755Mdm/1hKJCD4l69h3J3OhRIEUPJfHnPvM5wtiyC2dcE9itwE/wdVzBJeIBX JQm+Qj+K8qXcRTzZZGIBjw2n46xJgW6YncNCHU/WWfNCYwdkngHS/aN8IbEjhCwf viXFisVrDN/+pZZGMf67ZaY= -----END CERTIFICATE----- __DIST_CERT__
DIST_CERT_SHA1 = <<__DIST_CERT__ -----BEGIN CERTIFICATE----- MIID/TCCAuWgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJKUDER MA8GA1UECgwIY3Rvci5vcmcxFDASBgNVBAsMC0RldmVsb3BtZW50MRMwEQYDVQQD DApodHRwY2xpZW50MB4XDTA5MDYyNTE0MjUzN1oXDTEwMTIzMTIzNTk1OVowSzEL MAkGA1UEBhMCSlAxETAPBgNVBAoMCGN0b3Iub3JnMRQwEgYDVQQLDAtEZXZlbG9w bWVudDETMBEGA1UEAwwKaHR0cGNsaWVudDCCASIwDQYJKoZIhvcNAQEBBQADggEP ADCCAQoCggEBAM2PlkdTH97zvIHoPIMj87wnNvpqIQUD7L/hlysO0XBsmR/XZUeU ZKB10JQqMXviWpTnU9KU6xGTx3EI4wfd2dpLwH/d4d7K4LngW1kY7kJlZeJhakno GzQ40RSI9WkQ0R9KOE888f7OkTBafcL8UyWFVIMhQBw2d9iNl4Jc69QojayCDoSX XbbEP0n8yi7HwIU3RFuX6DtMpOx4/1K7Z002ccOGJ3J9kHgeDQSQtF42cQYC7qj2 67I/OQgnB7ycxTCP0E7bdXQg+zqsngrhaoNn/+I+CoO7nD4t4uQ+B4agALh4PPxs bQD9MCL+VurNGLYv0HVd+ZlLblpddC9PLTsCAwEAAaOB6zCB6DAPBgNVHRMBAf8E BTADAQH/MDEGCWCGSAGG+EIBDQQkFiJSdWJ5L09wZW5TU0wgR2VuZXJhdGVkIENl cnRpZmljYXRlMB0GA1UdDgQWBBRAnB6XlMoOcm7HVAw+JWxY205PHTAOBgNVHQ8B Af8EBAMCAQYwcwYDVR0jBGwwaoAUQJwel5TKDnJux1QMPiVsWNtOTx2hT6RNMEsx CzAJBgNVBAYTAkpQMREwDwYDVQQKDAhjdG9yLm9yZzEUMBIGA1UECwwLRGV2ZWxv cG1lbnQxEzARBgNVBAMMCmh0dHBjbGllbnSCAQIwDQYJKoZIhvcNAQEFBQADggEB AGKhgByl/ur6SBFFKJcISJONFRaxf2ji0l6ut9XO1H2BSOSRjUbsFDWdWZG+D24Q JKKseSWPWAC5uHq00sBWkvmtip+duESPeDEdumdBhdiUUgGamW2Ew2y4yAdAVDeG t1p2fs8SylQN6AMTG/+R+MGHxhvg+UELYLcvAjjcDW2VhDQaJ1eFEfcMW1zRtvvh LJmVErouwFKyAjwhbF6sNxmToSnbO1ciWwIILMsOBNHMETCp+SzkRDIRWIkm6m+q RwRyYoHysODGvnu8VXS1hGRr2GIxeBga7dAGa2VLE/iUQ0d4lEskYU+6C4ZLyAWF O89dvLNRzpL10MaWCYVREks= -----END CERTIFICATE----- __DIST_CERT__

Attributes

cert_store  [R]  OpenSSL::X509::X509::Store used for verification. You can reset the store with clear_cert_store and set the new store with cert_store=.
ciphers  [R]  A String of OpenSSL‘s cipher configuration. Default value is ALL:!ADH:!LOW:!EXP:!MD5:+SSLv2:@STRENGTH See ciphers(1) man in OpenSSL for more detail.
client_cert  [R] 
OpenSSL::X509::Certificate:certificate for SSL client authenticateion.
nil by default. (no client authenticateion)
client_key  [R] 
OpenSSL::PKey::PKey:private key for SSL client authentication.
nil by default. (no client authenticateion)
options  [R]  A number of OpenSSL‘s SSL options. Default value is OpenSSL::SSL::OP_ALL | OpenSSL::SSL::OP_NO_SSLv2
timeout  [R]  SSL timeout in sec. nil by default.
verify_callback  [R]  A callback handler for custom certificate verification. nil by default. If the handler is set, handler.call is invoked just after general OpenSSL‘s verification. handler.call is invoked with 2 arguments, ok and ctx; ok is a result of general OpenSSL‘s verification. ctx is a OpenSSL::X509::StoreContext.
verify_depth  [R]  A number of verify depth. Certification path which length is longer than this depth is not allowed.
verify_mode  [R]  A number which represents OpenSSL‘s verify mode. Default value is OpenSSL::SSL::VERIFY_PEER | OpenSSL::SSL::VERIFY_FAIL_IF_NO_PEER_CERT.

Public Class methods

Public Instance methods

Sets new certificate store (OpenSSL::X509::Store). don‘t use if you don‘t know what it is.

Calling this method resets all existing sessions.

Sets cipher configuration. New value must be a String.

Calling this method resets all existing sessions.

Drops current certificate store (OpenSSL::X509::Store) for SSL and create new one for the next session.

Calling this method resets all existing sessions.

Sets certificate (OpenSSL::X509::Certificate) for SSL client authentication. client_key and client_cert must be a pair.

Calling this method resets all existing sessions.

Sets private key (OpenSSL::PKey::PKey) for SSL client authentication. client_key and client_cert must be a pair.

Calling this method resets all existing sessions.

Default callback for verification: only dumps error.

Sets SSL options. New value must be a combination of # constants OpenSSL::SSL::OP_*

Calling this method resets all existing sessions.

Sample callback method: CAUTION: does not check CRL/ARL.

Sets certificate and private key for SSL client authentication.

cert_file:must be a filename of PEM/DER formatted file.
key_file:must be a filename of PEM/DER formatted file. Key must be an RSA key. If you want to use other PKey algorithm, use client_key=.

Calling this method resets all existing sessions.

Adds CRL for verification.

crl:a OpenSSL::X509::CRL or a filename of a PEM/DER formatted OpenSSL::X509::CRL.

Calling this method resets all existing sessions.

Sets trust anchor certificate(s) for verification.

trust_ca_file_or_hashed_dir:a filename of a PEM/DER formatted OpenSSL::X509::Certificate or a ‘c-rehash‘eddirectory name which stores trusted certificate files.

Calling this method resets all existing sessions.

Sets SSL timeout in sec.

Calling this method resets all existing sessions.

Sets callback handler for custom certificate verification. See verify_callback.

Calling this method resets all existing sessions.

Sets verify depth. New value must be a number.

Calling this method resets all existing sessions.

Sets verify mode of OpenSSL. New value must be a combination of constants OpenSSL::SSL::VERIFY_*

Calling this method resets all existing sessions.

[Validate]