class OpenSSL::SSL::SSLContext
An SSLContext is used to set various options regarding certificates, algorithms, verification, session caching, etc. The SSLContext is used to create an SSLSocket.
All attributes must be set before creating an SSLSocket as the SSLContext will be frozen afterward.
Constants
- DEFAULT_CERT_STORE
- DEFAULT_PARAMS
- DEFAULT_TMP_DH_CALLBACK
- METHODS
-
The list of available SSL/TLS methods. This constant is only provided for backwards compatibility.
- SESSION_CACHE_BOTH
-
Both client and server sessions are added to the session cache
- SESSION_CACHE_CLIENT
-
Client sessions are added to the session cache
- SESSION_CACHE_NO_AUTO_CLEAR
-
Normally the session cache is checked for expired sessions every 255 connections. Since this may lead to a delay that cannot be controlled, the automatic flushing may be disabled and
flush_sessionscan be called explicitly. - SESSION_CACHE_NO_INTERNAL
-
Enables both
SESSION_CACHE_NO_INTERNAL_LOOKUPandSESSION_CACHE_NO_INTERNAL_STORE. - SESSION_CACHE_NO_INTERNAL_LOOKUP
-
Always perform external lookups of sessions even if they are in the internal cache.
This flag has no effect on clients
- SESSION_CACHE_NO_INTERNAL_STORE
-
Never automatically store sessions in the internal store.
- SESSION_CACHE_OFF
-
No session caching for client or server
- SESSION_CACHE_SERVER
-
Server sessions are added to the session cache
Public Class Methods
(?tls_version version) → void
Source
# File vendor/bundle/ruby/4.0.0/gems/rbs-4.0.3/stdlib/openssl/0/openssl.rbs, line 8797
def initialize: (?tls_version version) -> void
Creates a new SSL context.
If an argument is given, ssl_version= is called with the value. Note that this form is deprecated. New applications should use min_version= and
max_version= as necessary.
Public Instance Methods
(X509::Certificate certificate, PKey::PKey pkey, ?Array[X509::Certificate] extra_certs) → self
Source
# File vendor/bundle/ruby/4.0.0/gems/rbs-4.0.3/stdlib/openssl/0/openssl.rbs, line 7994
def add_certificate: (X509::Certificate certificate, PKey::PKey pkey, ?Array[X509::Certificate] extra_certs) -> self
Adds a certificate to the context. pkey must be a corresponding private key with certificate.
Multiple certificates with different public key type can be added by repeated calls of this method, and OpenSSL will choose the most appropriate certificate during the handshake.
cert=, key=, and extra_chain_cert= are old accessor methods for setting certificate and internally call this method.
Parameters
- certificate
-
A certificate. An instance of
OpenSSL::X509::Certificate. - pkey
-
The private key for certificate. An instance of
OpenSSL::PKey::PKey. - extra_certs
-
Optional. An array of
OpenSSL::X509::Certificate. When sending a certificate chain, the certificates specified by this are sent following certificate, in the order in the array.
Example
rsa_cert = OpenSSL::X509::Certificate.new(...) rsa_pkey = OpenSSL::PKey.read(...) ca_intermediate_cert = OpenSSL::X509::Certificate.new(...) ctx.add_certificate(rsa_cert, rsa_pkey, [ca_intermediate_cert]) ecdsa_cert = ... ecdsa_pkey = ... another_ca_cert = ... ctx.add_certificate(ecdsa_cert, ecdsa_pkey, [another_ca_cert])
# File vendor/bundle/ruby/4.0.0/gems/rbs-4.0.3/stdlib/openssl/0/openssl.rbs, line 8006
def alpn_protocols: () -> Array[String]?
An Enumerable of Strings. Each String represents a protocol to be advertised as the list of supported protocols for Application-Layer Protocol Negotiation. Supported in OpenSSL 1.0.2 and higher. Has no effect on the server side. If not set explicitly, the ALPN extension will not be included in the handshake.
Example
ctx.alpn_protocols = ["http/1.1", "spdy/2", "h2"]
# File vendor/bundle/ruby/4.0.0/gems/rbs-4.0.3/stdlib/openssl/0/openssl.rbs, line 8018
def alpn_protocols=: (Array[String]) -> Array[String]
An Enumerable of Strings. Each String represents a protocol to be advertised as the list of supported protocols for Application-Layer Protocol Negotiation. Supported in OpenSSL 1.0.2 and higher. Has no effect on the server side. If not set explicitly, the ALPN extension will not be included in the handshake.
Example
ctx.alpn_protocols = ["http/1.1", "spdy/2", "h2"]
# File vendor/bundle/ruby/4.0.0/gems/rbs-4.0.3/stdlib/openssl/0/openssl.rbs, line 8036
def alpn_select_cb: () -> (^(Array[String]) -> String? | nil)
A callback invoked on the server side when the server needs to select a protocol from the list sent by the client. Supported in OpenSSL 1.0.2 and higher. The callback must return a protocol of those advertised by the client. If none is acceptable, raising an error in the callback will cause the handshake to fail. Not setting this callback explicitly means not supporting the ALPN extension on the server - any protocols advertised by the client will be ignored.
Example
ctx.alpn_select_cb = lambda do |protocols| # inspect the protocols and select one protocols.first end
# File vendor/bundle/ruby/4.0.0/gems/rbs-4.0.3/stdlib/openssl/0/openssl.rbs, line 8054
def alpn_select_cb=: (^(Array[String]) -> String? alpn_select_callback) -> void
A callback invoked on the server side when the server needs to select a protocol from the list sent by the client. Supported in OpenSSL 1.0.2 and higher. The callback must return a protocol of those advertised by the client. If none is acceptable, raising an error in the callback will cause the handshake to fail. Not setting this callback explicitly means not supporting the ALPN extension on the server - any protocols advertised by the client will be ignored.
Example
ctx.alpn_select_cb = lambda do |protocols| # inspect the protocols and select one protocols.first end
# File vendor/bundle/ruby/4.0.0/gems/rbs-4.0.3/stdlib/openssl/0/openssl.rbs, line 8059
def ca_file: () -> String
The path to a file containing a PEM-format CA certificate
# File vendor/bundle/ruby/4.0.0/gems/rbs-4.0.3/stdlib/openssl/0/openssl.rbs, line 8064
def ca_file=: (String ca_file) -> String
The path to a file containing a PEM-format CA certificate
# File vendor/bundle/ruby/4.0.0/gems/rbs-4.0.3/stdlib/openssl/0/openssl.rbs, line 8071
def ca_path: () -> String?
The path to a directory containing CA certificates in PEM format.
Files are looked up by subject’s X509 name’s hash value.
# File vendor/bundle/ruby/4.0.0/gems/rbs-4.0.3/stdlib/openssl/0/openssl.rbs, line 8078
def ca_path=: (String ca_path) -> String
The path to a directory containing CA certificates in PEM format.
Files are looked up by subject’s X509 name’s hash value.
() → X509::Certificate?
Source
# File vendor/bundle/ruby/4.0.0/gems/rbs-4.0.3/stdlib/openssl/0/openssl.rbs, line 8086
def cert: () -> X509::Certificate?
Context certificate
The cert, key, and extra_chain_cert attributes are deprecated. It is recommended to use add_certificate instead.
(X509::Certificate cert) → X509::Certificate
Source
# File vendor/bundle/ruby/4.0.0/gems/rbs-4.0.3/stdlib/openssl/0/openssl.rbs, line 8094
def cert=: (X509::Certificate cert) -> X509::Certificate
Context certificate
The cert, key, and extra_chain_cert attributes are deprecated. It is recommended to use add_certificate instead.
() → X509::Store?
Source
# File vendor/bundle/ruby/4.0.0/gems/rbs-4.0.3/stdlib/openssl/0/openssl.rbs, line 8099
def cert_store: () -> X509::Store?
An OpenSSL::X509::Store used for certificate verification.
(X509::Store store) → X509::Store
Source
# File vendor/bundle/ruby/4.0.0/gems/rbs-4.0.3/stdlib/openssl/0/openssl.rbs, line 8104
def cert_store=: (X509::Store store) -> X509::Store
An OpenSSL::X509::Store used for certificate verification.
# File vendor/bundle/ruby/4.0.0/gems/rbs-4.0.3/stdlib/openssl/0/openssl.rbs, line 8112
def ciphers: () -> Array[[ String, String, Integer, Integer ]]
The list of cipher suites configured for this context.
(Array[[ String, String, Integer, Integer ]] ciphers) → void
(Array[String] ciphers) → void
(String colon_sep_ciphers) → void
Source
# File vendor/bundle/ruby/4.0.0/gems/rbs-4.0.3/stdlib/openssl/0/openssl.rbs, line 8129
def ciphers=: (Array[[ String, String, Integer, Integer ]] ciphers) -> void
| (Array[String] ciphers) -> void
| (String colon_sep_ciphers) -> void
Sets the list of available cipher suites for TLS 1.2 and below for this context.
Note in a server context some ciphers require the appropriate certificates. For example, an RSA cipher suite can only be chosen when an RSA certificate is available.
This method does not affect TLS 1.3 connections. See also #ciphersuites=.
# File vendor/bundle/ruby/4.0.0/gems/rbs-4.0.3/stdlib/openssl/0/openssl.rbs, line 8136
def client_ca: () -> (Array[X509::Certificate] | X509::Certificate)
A certificate or Array of certificates that will be sent to the client.
(Array[X509::Certificate] | X509::Certificate client_ca) → void
Source
# File vendor/bundle/ruby/4.0.0/gems/rbs-4.0.3/stdlib/openssl/0/openssl.rbs, line 8141
def client_ca=: (Array[X509::Certificate] | X509::Certificate client_ca) -> void
A certificate or Array of certificates that will be sent to the client.
() → (^(Session) → [ X509::Certificate, PKey::PKey ]? | nil)
Source
# File vendor/bundle/ruby/4.0.0/gems/rbs-4.0.3/stdlib/openssl/0/openssl.rbs, line 8151
def client_cert_cb: () -> (^(Session) -> [ X509::Certificate, PKey::PKey ]? | nil)
A callback invoked when a client certificate is requested by a server and no certificate has been set.
The callback is invoked with a Session and must return an Array containing an OpenSSL::X509::Certificate and an OpenSSL::PKey. If any other value is returned the handshake is suspended.
(^(Session) → [ X509::Certificate, PKey::PKey ]? client_cert_cb) → void
Source
# File vendor/bundle/ruby/4.0.0/gems/rbs-4.0.3/stdlib/openssl/0/openssl.rbs, line 8161
def client_cert_cb=: (^(Session) -> [ X509::Certificate, PKey::PKey ]? client_cert_cb) -> void
A callback invoked when a client certificate is requested by a server and no certificate has been set.
The callback is invoked with a Session and must return an Array containing an OpenSSL::X509::Certificate and an OpenSSL::PKey. If any other value is returned the handshake is suspended.
# File vendor/bundle/ruby/4.0.0/gems/rbs-4.0.3/stdlib/openssl/0/openssl.rbs, line 8188
def ecdh_curves=: (String ecdh_curves) -> String
Sets the list of supported groups for key agreement for this context.
For a TLS client, the list is directly used in the “supported_groups” extension. For a server, the list is used by OpenSSL to determine the set of shared supported groups. OpenSSL will pick the most appropriate one from it.
ecdh_curves= is a deprecated alias for #groups=.
See also the man page SSL_CTX_set1_groups_list(3).
Example
ctx1 = OpenSSL::SSL::SSLContext.new ctx1.groups = "X25519:P-256:P-224" svr = OpenSSL::SSL::SSLServer.new(tcp_svr, ctx1) Thread.new { svr.accept } ctx2 = OpenSSL::SSL::SSLContext.new ctx2.groups = "P-256" cli = OpenSSL::SSL::SSLSocket.new(tcp_sock, ctx2) cli.connect p cli.tmp_key.group.curve_name # => "prime256v1" (is an alias for NIST P-256)
() → nil
Source
# File vendor/bundle/ruby/4.0.0/gems/rbs-4.0.3/stdlib/openssl/0/openssl.rbs, line 8196
def enable_fallback_scsv: () -> nil
Activate TLS_FALLBACK_SCSV for this context. See RFC 7507.
() → Array[X509::Certificate]?
Source
# File vendor/bundle/ruby/4.0.0/gems/rbs-4.0.3/stdlib/openssl/0/openssl.rbs, line 8204
def extra_chain_cert: () -> Array[X509::Certificate]?
An Array of extra X509 certificates to be added to the certificate chain.
The cert, key, and extra_chain_cert attributes are deprecated. It is recommended to use add_certificate instead.
# File vendor/bundle/ruby/4.0.0/gems/rbs-4.0.3/stdlib/openssl/0/openssl.rbs, line 8212
def extra_chain_cert=: (Array[X509::Certificate] extra_certs) -> Array[X509::Certificate]
An Array of extra X509 certificates to be added to the certificate chain.
The cert, key, and extra_chain_cert attributes are deprecated. It is recommended to use add_certificate instead.
(Time time) → self
Source
# File vendor/bundle/ruby/4.0.0/gems/rbs-4.0.3/stdlib/openssl/0/openssl.rbs, line 8220
def flush_sessions: (Time time) -> self
Removes sessions in the internal cache that have expired at time.
() → untyped
This method is called automatically when a new SSLSocket is created. However, it is not thread-safe and must be called before creating SSLSocket objects in a multi-threaded program.
() → PKey::PKey?
Source
# File vendor/bundle/ruby/4.0.0/gems/rbs-4.0.3/stdlib/openssl/0/openssl.rbs, line 8235
def key: () -> PKey::PKey?
Context private key
The cert, key, and extra_chain_cert attributes are deprecated. It is recommended to use add_certificate instead.
(PKey::PKey) → PKey::PKey
Source
# File vendor/bundle/ruby/4.0.0/gems/rbs-4.0.3/stdlib/openssl/0/openssl.rbs, line 8243
def key=: (PKey::PKey) -> PKey::PKey
Context private key
The cert, key, and extra_chain_cert attributes are deprecated. It is recommended to use add_certificate instead.
(tls_version version) → tls_version
Source
# File vendor/bundle/ruby/4.0.0/gems/rbs-4.0.3/stdlib/openssl/0/openssl.rbs, line 8254
def max_version=: (tls_version version) -> tls_version
Sets the upper bound of the supported SSL/TLS protocol version. See
min_version= for the possible values.
(tls_version version) → tls_version
Source
# File vendor/bundle/ruby/4.0.0/gems/rbs-4.0.3/stdlib/openssl/0/openssl.rbs, line 8274
def min_version=: (tls_version version) -> tls_version
Sets the lower bound on the supported SSL/TLS protocol version. The version may be specified by an integer constant named OpenSSL::SSL::*_VERSION, a Symbol, or nil which means “any version”.
Example
ctx = OpenSSL::SSL::SSLContext.new ctx.min_version = OpenSSL::SSL::TLS1_1_VERSION ctx.max_version = OpenSSL::SSL::TLS1_2_VERSION sock = OpenSSL::SSL::SSLSocket.new(tcp_sock, ctx) sock.connect # Initiates a connection using either TLS 1.1 or TLS 1.2
() → untyped
Source
# File vendor/bundle/ruby/4.0.0/gems/rbs-4.0.3/stdlib/openssl/0/openssl.rbs, line 8286
def npn_protocols: () -> untyped
An Enumerable of Strings. Each String represents a protocol to be advertised as the list of supported protocols for Next Protocol Negotiation. Supported in OpenSSL 1.0.1 and higher. Has no effect on the client side. If not set explicitly, the NPN extension will not be sent by the server in the handshake.
Example
ctx.npn_protocols = ["http/1.1", "spdy/2"]
(untyped) → untyped
Source
# File vendor/bundle/ruby/4.0.0/gems/rbs-4.0.3/stdlib/openssl/0/openssl.rbs, line 8298
def npn_protocols=: (untyped) -> untyped
An Enumerable of Strings. Each String represents a protocol to be advertised as the list of supported protocols for Next Protocol Negotiation. Supported in OpenSSL 1.0.1 and higher. Has no effect on the client side. If not set explicitly, the NPN extension will not be sent by the server in the handshake.
Example
ctx.npn_protocols = ["http/1.1", "spdy/2"]
() → untyped
Source
# File vendor/bundle/ruby/4.0.0/gems/rbs-4.0.3/stdlib/openssl/0/openssl.rbs, line 8316
def npn_select_cb: () -> untyped
A callback invoked on the client side when the client needs to select a protocol from the list sent by the server. Supported in OpenSSL 1.0.1 and higher. The client MUST select a protocol of those advertised by the server. If none is acceptable, raising an error in the callback will cause the handshake to fail. Not setting this callback explicitly means not supporting the NPN extension on the client - any protocols advertised by the server will be ignored.
Example
ctx.npn_select_cb = lambda do |protocols| # inspect the protocols and select one protocols.first end
(untyped) → untyped
Source
# File vendor/bundle/ruby/4.0.0/gems/rbs-4.0.3/stdlib/openssl/0/openssl.rbs, line 8334
def npn_select_cb=: (untyped) -> untyped
A callback invoked on the client side when the client needs to select a protocol from the list sent by the server. Supported in OpenSSL 1.0.1 and higher. The client MUST select a protocol of those advertised by the server. If none is acceptable, raising an error in the callback will cause the handshake to fail. Not setting this callback explicitly means not supporting the NPN extension on the client - any protocols advertised by the server will be ignored.
Example
ctx.npn_select_cb = lambda do |protocols| # inspect the protocols and select one protocols.first end
# File vendor/bundle/ruby/4.0.0/gems/rbs-4.0.3/stdlib/openssl/0/openssl.rbs, line 8342
def options: () -> Integer
Gets various OpenSSL options.
# File vendor/bundle/ruby/4.0.0/gems/rbs-4.0.3/stdlib/openssl/0/openssl.rbs, line 8357
def options=: (Integer ssl_options) -> Integer
Sets various OpenSSL options. The options are a bit field and can be combined with the bitwise OR operator (|). Available options are defined as constants in OpenSSL::SSL that begin with OP_.
For backwards compatibility, passing nil has the same effect as passing OpenSSL::SSL::OP_ALL.
See also man page SSL_CTX_set_options(3).
() → (^(SSLSocket) → void | nil)
Source
# File vendor/bundle/ruby/4.0.0/gems/rbs-4.0.3/stdlib/openssl/0/openssl.rbs, line 8377
def renegotiation_cb: () -> (^(SSLSocket) -> void | nil)
A callback invoked whenever a new handshake is initiated on an established connection. May be used to disable renegotiation entirely.
The callback is invoked with the active SSLSocket. The callback’s return value is ignored. A normal return indicates “approval” of the renegotiation and will continue the process. To forbid renegotiation and to cancel the process, raise an exception within the callback.
Disable client renegotiation
When running a server, it is often desirable to disable client renegotiation entirely. You may use a callback as follows to implement this feature:
ctx.renegotiation_cb = lambda do |ssl| raise RuntimeError, "Client renegotiation disabled" end
(^(SSLSocket) → void) → void
Source
# File vendor/bundle/ruby/4.0.0/gems/rbs-4.0.3/stdlib/openssl/0/openssl.rbs, line 8397
def renegotiation_cb=: (^(SSLSocket) -> void) -> void
A callback invoked whenever a new handshake is initiated on an established connection. May be used to disable renegotiation entirely.
The callback is invoked with the active SSLSocket. The callback’s return value is ignored. A normal return indicates “approval” of the renegotiation and will continue the process. To forbid renegotiation and to cancel the process, raise an exception within the callback.
Disable client renegotiation
When running a server, it is often desirable to disable client renegotiation entirely. You may use a callback as follows to implement this feature:
ctx.renegotiation_cb = lambda do |ssl| raise RuntimeError, "Client renegotiation disabled" end
() → Integer
Source
# File vendor/bundle/ruby/4.0.0/gems/rbs-4.0.3/stdlib/openssl/0/openssl.rbs, line 8407
def security_level: () -> Integer
Returns the security level for the context.
See also OpenSSL::SSL::SSLContext#security_level=.
# File vendor/bundle/ruby/4.0.0/gems/rbs-4.0.3/stdlib/openssl/0/openssl.rbs, line 8428
def security_level=: (Integer sec_level) -> Integer
Sets the security level for the context. OpenSSL limits parameters according to the level. The “parameters” include: ciphersuites, curves, key sizes, certificate signature algorithms, protocol version and so on. For example, level 1 rejects parameters offering below 80 bits of security, such as ciphersuites using MD5 for the MAC or RSA keys shorter than 1024 bits.
Note that attempts to set such parameters with insufficient security are also blocked. You need to lower the level first.
This feature is not supported in OpenSSL < 1.1.0, and setting the level to other than 0 will raise NotImplementedError. Level 0 means everything is permitted, the same behavior as previous versions of OpenSSL.
See the manpage of SSL_CTX_set_security_level(3) for details.
() → (^(SSLSocket, String) → SSLContext? | nil)
Source
# File vendor/bundle/ruby/4.0.0/gems/rbs-4.0.3/stdlib/openssl/0/openssl.rbs, line 8437
def servername_cb: () -> (^(SSLSocket, String) -> SSLContext? | nil)
A callback invoked at connect time to distinguish between multiple server names.
The callback is invoked with an SSLSocket and a server name. The callback must return an SSLContext for the server name or nil.
(^(SSLSocket, String) → SSLContext?) → ^(SSLSocket, String) → SSLContext?
Source
# File vendor/bundle/ruby/4.0.0/gems/rbs-4.0.3/stdlib/openssl/0/openssl.rbs, line 8446
def servername_cb=: (^(SSLSocket, String) -> SSLContext?) -> ^(SSLSocket, String) -> SSLContext?
A callback invoked at connect time to distinguish between multiple server names.
The callback is invoked with an SSLSocket and a server name. The callback must return an SSLContext for the server name or nil.
(Session) → bool
Source
# File vendor/bundle/ruby/4.0.0/gems/rbs-4.0.3/stdlib/openssl/0/openssl.rbs, line 8454
def session_add: (Session) -> bool
Adds session to the session cache.
Source
# File vendor/bundle/ruby/4.0.0/gems/rbs-4.0.3/stdlib/openssl/0/openssl.rbs, line 8462
def session_cache_mode: () -> Integer
The current session cache mode.
Source
# File vendor/bundle/ruby/4.0.0/gems/rbs-4.0.3/stdlib/openssl/0/openssl.rbs, line 8472
def session_cache_mode=: (Integer) -> Integer
Sets the SSL session cache mode. Bitwise-or together the desired SESSION_CACHE_* constants to set. See SSL_CTX_set_session_cache_mode(3) for details.
Source
# File vendor/bundle/ruby/4.0.0/gems/rbs-4.0.3/stdlib/openssl/0/openssl.rbs, line 8481
def session_cache_size: () -> Integer
Returns the current session cache size. Zero is used to represent an unlimited cache size.
Source
# File vendor/bundle/ruby/4.0.0/gems/rbs-4.0.3/stdlib/openssl/0/openssl.rbs, line 8490
def session_cache_size=: (Integer) -> Integer
Sets the session cache size. Returns the previously valid session cache size. Zero is used to represent an unlimited session cache size.
# File vendor/bundle/ruby/4.0.0/gems/rbs-4.0.3/stdlib/openssl/0/openssl.rbs, line 8535
def session_cache_stats: () -> Hash[Symbol, Integer]
Returns a Hash containing the following keys:
- :accept
-
Number of started SSL/TLS handshakes in server mode
- :accept_good
-
Number of established SSL/TLS sessions in server mode
- :accept_renegotiate
-
Number of start renegotiations in server mode
- :cache_full
-
Number of sessions that were removed due to cache overflow
- :cache_hits
-
Number of successfully reused connections
- :cache_misses
-
Number of sessions proposed by clients that were not found in the cache
- :cache_num
-
Number of sessions in the internal session cache
- :cb_hits
-
Number of sessions retrieved from the external cache in server mode
- :connect
-
Number of started SSL/TLS handshakes in client mode
- :connect_good
-
Number of established SSL/TLS sessions in client mode
- :connect_renegotiate
-
Number of start renegotiations in client mode
- :timeouts
-
Number of sessions proposed by clients that were found in the cache but had expired due to timeouts
# File vendor/bundle/ruby/4.0.0/gems/rbs-4.0.3/stdlib/openssl/0/openssl.rbs, line 8544
def session_get_cb: () -> (^(SSLSocket, Integer) -> Session? | nil)
# File vendor/bundle/ruby/4.0.0/gems/rbs-4.0.3/stdlib/openssl/0/openssl.rbs, line 8553
def session_get_cb=: (^(SSLSocket, Integer) -> Session?) -> void
() → Integer?
Source
# File vendor/bundle/ruby/4.0.0/gems/rbs-4.0.3/stdlib/openssl/0/openssl.rbs, line 8559
def session_id_context: () -> Integer?
Sets the context in which a session can be reused. This allows sessions for multiple applications to be distinguished, for example, by name.
Source
# File vendor/bundle/ruby/4.0.0/gems/rbs-4.0.3/stdlib/openssl/0/openssl.rbs, line 8565
def session_id_context=: (Integer) -> Integer
Sets the context in which a session can be reused. This allows sessions for multiple applications to be distinguished, for example, by name.
() → (^(SSLSocket) → untyped | nil)
Source
# File vendor/bundle/ruby/4.0.0/gems/rbs-4.0.3/stdlib/openssl/0/openssl.rbs, line 8573
def session_new_cb: () -> (^(SSLSocket) -> untyped | nil)
A callback invoked when a new session was negotiated.
The callback is invoked with an SSLSocket. If false is returned the session will be removed from the internal cache.
# File vendor/bundle/ruby/4.0.0/gems/rbs-4.0.3/stdlib/openssl/0/openssl.rbs, line 8581
def session_new_cb=: (^(SSLSocket) -> untyped) -> ^(SSLSocket) -> untyped
A callback invoked when a new session was negotiated.
The callback is invoked with an SSLSocket. If false is returned the session will be removed from the internal cache.
(Session session) → bool
Source
# File vendor/bundle/ruby/4.0.0/gems/rbs-4.0.3/stdlib/openssl/0/openssl.rbs, line 8589
def session_remove: (Session session) -> bool
Removes session from the session cache.
() → (^(SSLContext, Session) → void | nil)
Source
# File vendor/bundle/ruby/4.0.0/gems/rbs-4.0.3/stdlib/openssl/0/openssl.rbs, line 8600
def session_remove_cb: () -> (^(SSLContext, Session) -> void | nil)
A callback invoked when a session is removed from the internal cache.
The callback is invoked with an SSLContext and a Session.
IMPORTANT NOTE: It is currently not possible to use this safely in a multi-threaded application. The callback is called inside a global lock and it can randomly cause deadlock on Ruby thread switching.
(^(SSLContext, Session) → void) → void
Source
# File vendor/bundle/ruby/4.0.0/gems/rbs-4.0.3/stdlib/openssl/0/openssl.rbs, line 8611
def session_remove_cb=: (^(SSLContext, Session) -> void) -> void
A callback invoked when a session is removed from the internal cache.
The callback is invoked with an SSLContext and a Session.
IMPORTANT NOTE: It is currently not possible to use this safely in a multi-threaded application. The callback is called inside a global lock and it can randomly cause deadlock on Ruby thread switching.
(untyped, untyped) → untyped
Source
# File vendor/bundle/ruby/4.0.0/gems/rbs-4.0.3/stdlib/openssl/0/openssl.rbs, line 8806
def set_minmax_proto_version: (untyped, untyped) -> untyped
Sets the minimum and maximum supported protocol versions. See min_version= and max_version=.
(?untyped params) → untyped
Source
# File vendor/bundle/ruby/4.0.0/gems/rbs-4.0.3/stdlib/openssl/0/openssl.rbs, line 8625
def set_params: (?untyped params) -> untyped
Sets saner defaults optimized for the use with HTTP-like protocols.
If a Hash params is given, the parameters are overridden with it. The keys in params must be assignment methods on SSLContext.
If the verify_mode is not VERIFY_NONE and ca_file, ca_path and cert_store are not set then the system default certificate store is used.
() → untyped
Source
# File vendor/bundle/ruby/4.0.0/gems/rbs-4.0.3/stdlib/openssl/0/openssl.rbs, line 8636
def setup: () -> untyped
This method is called automatically when a new SSLSocket is created. However, it is not thread-safe and must be called before creating SSLSocket objects in a multi-threaded program.
(tls_version meth) → tls_version
Source
# File vendor/bundle/ruby/4.0.0/gems/rbs-4.0.3/stdlib/openssl/0/openssl.rbs, line 8663
def ssl_version=: (tls_version meth) -> tls_version
Sets the SSL/TLS protocol version for the context. This forces connections to use only the specified protocol version. This is deprecated and only provided for backwards compatibility. Use min_version= and max_version= instead.
History
As the name hints, this used to call the SSL_CTX_set_ssl_version() function which sets the SSL method used for connections created from the context. As of Ruby/OpenSSL 2.1, this accessor method is implemented to call min_version= and max_version= instead.
# File vendor/bundle/ruby/4.0.0/gems/rbs-4.0.3/stdlib/openssl/0/openssl.rbs, line 8668
def timeout: () -> Integer?
Maximum session lifetime in seconds.
# File vendor/bundle/ruby/4.0.0/gems/rbs-4.0.3/stdlib/openssl/0/openssl.rbs, line 8673
def timeout=: (Integer) -> Integer
Maximum session lifetime in seconds.
# File vendor/bundle/ruby/4.0.0/gems/rbs-4.0.3/stdlib/openssl/0/openssl.rbs, line 8687
def tmp_dh_callback: () -> (^(Session, Integer, Integer) -> PKey::DH | nil)
A callback invoked when DH parameters are required for ephemeral DH key exchange.
The callback is invoked with the SSLSocket, a flag indicating the use of an export cipher and the keylength required.
The callback must return an OpenSSL::PKey::DH instance of the correct key length.
<strong>Deprecated in version 3.0.</strong> Use #tmp_dh= instead.
# File vendor/bundle/ruby/4.0.0/gems/rbs-4.0.3/stdlib/openssl/0/openssl.rbs, line 8701
def tmp_dh_callback=: (^(Session, Integer, Integer) -> PKey::DH) -> void
A callback invoked when DH parameters are required for ephemeral DH key exchange.
The callback is invoked with the SSLSocket, a flag indicating the use of an export cipher and the keylength required.
The callback must return an OpenSSL::PKey::DH instance of the correct key length.
<strong>Deprecated in version 3.0.</strong> Use #tmp_dh= instead.
() → (^(bool, X509::StoreContext) → untyped | nil)
Source
# File vendor/bundle/ruby/4.0.0/gems/rbs-4.0.3/stdlib/openssl/0/openssl.rbs, line 8715
def verify_callback: () -> (^(bool, X509::StoreContext) -> untyped | nil)
A callback for additional certificate verification. The callback is invoked for each certificate in the chain.
The callback is invoked with two values. preverify_ok indicates indicates if the verification was passed (true) or not (false). store_context is an OpenSSL::X509::StoreContext containing the context used for certificate verification.
If the callback returns false, the chain verification is immediately stopped and a bad_certificate alert is then sent.
(^(bool, X509::StoreContext) → untyped) → void
Source
# File vendor/bundle/ruby/4.0.0/gems/rbs-4.0.3/stdlib/openssl/0/openssl.rbs, line 8729
def verify_callback=: (^(bool, X509::StoreContext) -> untyped) -> void
A callback for additional certificate verification. The callback is invoked for each certificate in the chain.
The callback is invoked with two values. preverify_ok indicates indicates if the verification was passed (true) or not (false). store_context is an OpenSSL::X509::StoreContext containing the context used for certificate verification.
If the callback returns false, the chain verification is immediately stopped and a bad_certificate alert is then sent.
() → Integer?
Source
# File vendor/bundle/ruby/4.0.0/gems/rbs-4.0.3/stdlib/openssl/0/openssl.rbs, line 8734
def verify_depth: () -> Integer?
Number of CA certificates to walk when verifying a certificate chain.
Source
# File vendor/bundle/ruby/4.0.0/gems/rbs-4.0.3/stdlib/openssl/0/openssl.rbs, line 8739
def verify_depth=: (Integer) -> Integer
Number of CA certificates to walk when verifying a certificate chain.
() → bool?
Source
# File vendor/bundle/ruby/4.0.0/gems/rbs-4.0.3/stdlib/openssl/0/openssl.rbs, line 8747
def verify_hostname: () -> bool?
Whether to check the server certificate is valid for the hostname.
In order to make this work, verify_mode must be set to VERIFY_PEER and the server hostname must be given by OpenSSL::SSL::SSLSocket#hostname=.
[U] (boolish) → U
Source
# File vendor/bundle/ruby/4.0.0/gems/rbs-4.0.3/stdlib/openssl/0/openssl.rbs, line 8755
def verify_hostname=: [U] (boolish) -> U
Whether to check the server certificate is valid for the hostname.
In order to make this work, verify_mode must be set to VERIFY_PEER and the server hostname must be given by OpenSSL::SSL::SSLSocket#hostname=.
() → verify_mode?
Source
# File vendor/bundle/ruby/4.0.0/gems/rbs-4.0.3/stdlib/openssl/0/openssl.rbs, line 8768
def verify_mode: () -> verify_mode?
Session verification mode.
Valid modes are VERIFY_NONE, VERIFY_PEER, VERIFY_CLIENT_ONCE, VERIFY_FAIL_IF_NO_PEER_CERT and defined on OpenSSL::SSL
The default mode is VERIFY_NONE, which does not perform any verification at all.
See SSL_CTX_set_verify(3) for details.
(verify_mode) → verify_mode
Source
# File vendor/bundle/ruby/4.0.0/gems/rbs-4.0.3/stdlib/openssl/0/openssl.rbs, line 8781
def verify_mode=: (verify_mode) -> verify_mode
Session verification mode.
Valid modes are VERIFY_NONE, VERIFY_PEER, VERIFY_CLIENT_ONCE, VERIFY_FAIL_IF_NO_PEER_CERT and defined on OpenSSL::SSL
The default mode is VERIFY_NONE, which does not perform any verification at all.
See SSL_CTX_set_verify(3) for details.