class Faye::WebSocket::SslVerifier

def identity_verified?

def identity_verified?
  @last_cert and OpenSSL::SSL.verify_certificate_identity(@last_cert, @hostname)
end

def initialize(hostname, ssl_opts)

def initialize(hostname, ssl_opts)
  @hostname   = hostname
  @ssl_opts   = ssl_opts
  @cert_store = OpenSSL::X509::Store.new
  if root = @ssl_opts[:root_cert_file]
    [root].flatten.each { |ca_path| @cert_store.add_file(ca_path) }
  else
    @cert_store.set_default_paths
  end
end

def parse_cert(cert_text)

def parse_cert(cert_text)
  OpenSSL::X509::Certificate.new(cert_text)
rescue OpenSSL::X509::CertificateError
  nil
end

def should_verify?

def should_verify?
  @ssl_opts[:verify_peer] != false
end

def ssl_handshake_completed

def ssl_handshake_completed
  return unless should_verify?
  unless @last_cert_verified
    raise SSLError, "Unable to verify the server certificate for '#{ @hostname }'"
  end
  unless identity_verified?
    raise SSLError, "Host '#{ @hostname }' does not match the server certificate"
  end
end

def ssl_verify_peer(cert_text)

def ssl_verify_peer(cert_text)
  return true unless should_verify?
  certificate = parse_cert(cert_text)
  unless certificate
    raise SSLError, "Unable to parse SSL certificate for '#{ @hostname }'"
  end
  @last_cert = certificate
  @last_cert_verified = @cert_store.verify(certificate)
  store_cert(certificate) if @last_cert_verified
  true
end

def store_cert(certificate)

def store_cert(certificate)
  @cert_store.add_cert(certificate)
rescue OpenSSL::X509::StoreError => error
  raise error unless error.message =~ /cert already in hash table/
end

Modules

Classes

class Faye::WebSocket::SslVerifier

def identity_verified?

def initialize(hostname, ssl_opts)

def parse_cert(cert_text)

def should_verify?

def ssl_handshake_completed

def ssl_verify_peer(cert_text)

def store_cert(certificate)

Namespace

Instance Methods

Defined in