diff options
Diffstat (limited to 'ext/openssl/lib/net')
| -rw-r--r-- | ext/openssl/lib/net/ftptls.rb | 43 | ||||
| -rw-r--r-- | ext/openssl/lib/net/https.rb | 188 | ||||
| -rw-r--r-- | ext/openssl/lib/net/protocols.rb | 56 | ||||
| -rw-r--r-- | ext/openssl/lib/net/telnets.rb | 250 |
4 files changed, 0 insertions, 537 deletions
diff --git a/ext/openssl/lib/net/ftptls.rb b/ext/openssl/lib/net/ftptls.rb deleted file mode 100644 index f433457923..0000000000 --- a/ext/openssl/lib/net/ftptls.rb +++ /dev/null @@ -1,43 +0,0 @@ -=begin -= $RCSfile$ -- SSL/TLS enhancement for Net::HTTP. - -= Info - 'OpenSSL for Ruby 2' project - Copyright (C) 2003 Blaz Grilc <farmer@gmx.co.uk> - All rights reserved. - -= Licence - This program is licenced under the same licence as Ruby. - (See the file 'LICENCE'.) - -= Requirements - -= Version - $Id$ - -= Notes - Tested on FreeBSD 5-CURRENT and 4-STABLE - - ruby 1.6.8 (2003-01-17) [i386-freebsd5] - - OpenSSL 0.9.7a Feb 19 2003 - - ruby-openssl-0.2.0.p0 - tested on ftp server: glftpd 1.30 -=end - -require 'socket' -require 'openssl' -require 'net/ftp' - -module Net - class FTPTLS < FTP - def login(user = "anonymous", passwd = nil, acct = nil) - ctx = OpenSSL::SSL::SSLContext.new('SSLv23') - ctx.key = nil - ctx.cert = nil - voidcmd("AUTH TLS") - @sock = OpenSSL::SSL::SSLSocket.new(@sock, ctx) - @sock.connect - super(user, passwd, acct) - voidcmd("PBSZ 0") - end - end -end diff --git a/ext/openssl/lib/net/https.rb b/ext/openssl/lib/net/https.rb deleted file mode 100644 index fb7f53c555..0000000000 --- a/ext/openssl/lib/net/https.rb +++ /dev/null @@ -1,188 +0,0 @@ -=begin -= $RCSfile$ -- SSL/TLS enhancement for Net::HTTP. - -= Info - 'OpenSSL for Ruby 2' project - Copyright (C) 2001 GOTOU Yuuzou <gotoyuzo@notwork.org> - All rights reserved. - -= Licence - This program is licenced under the same licence as Ruby. - (See the file 'LICENCE'.) - -= Requirements - This program requires Net 1.2.0 or higher version. - You can get it from RAA or Ruby's CVS repository. - -= Version - $Id$ - - 2001/11/06: Contiributed to Ruby/OpenSSL project. - -== class Net::HTTP - -== Example - -Simple HTTP client is here: - - require 'net/http' - host, port, path = "localhost", 80, "/" - if %r!http://(.*?)(?::(\d+))?(/.*)! =~ ARGV[0] - host = $1 - port = $2.to_i if $2 - path = $3 - end - h = Net::HTTP.new(host, port) - h.get2(path){ |resp| print resp.body } - -It can be replaced by follow one: - - require 'net/https' - host, port, path = "localhost", 80, "/" - if %r!(https?)://(.*?)(?::(\d+))?(/.*)! =~ ARGV[0] - scheme = $1 - host = $2 - port = $3 ? $3.to_i : ((scheme == "http") ? 80 : 443) - path = $4 - end - h = Net::HTTP.new(host, port) - h.use_ssl = true if scheme == "https" # enable SSL/TLS - h.get2(path){ |resp| print resp.body } - -=== Instance Methods - -: use_ssl - returns ture if use SSL/TLS with HTTP. - -: use_ssl=((|true_or_false|)) - sets use_ssl. - -: peer_cert - return the X.509 certificates the server presented. - -: key=((|key|)) - Sets an OpenSSL::PKey::RSA or OpenSSL::PKey::DSA object. - (This method is appeared in Michal Rokos's OpenSSL extention.) - -: key_file=((|path|)) - Sets a private key file to use in PEM format. - -: cert=((|cert|)) - Sets an OpenSSL::X509::Certificate object as client certificate. - (This method is appeared in Michal Rokos's OpenSSL extention.) - -: cert_file=((|path|)) - Sets pathname of a X.509 certification file in PEM format. - -: ca_file=((|path|)) - Sets path of a CA certification file in PEM format. - The file can contrain several CA certificats. - -: ca_path=((|path|)) - Sets path of a CA certification directory containing certifications - in PEM format. - -: verify_mode=((|mode|)) - Sets the flags for server the certification verification at - begining of SSL/TLS session. - OpenSSL::SSL::VERIFY_NONE or OpenSSL::SSL::VERIFY_PEER is acceptable. - -: verify_callback=((|proc|)) - Sets the verify callback for the server certification verification. - -: verify_depth=((|num|)) - Sets the maximum depth for the certificate chain verification. - -: cert_store=((|store|)) - Sets the X509::Store to verify peer certificate. - -=end - -require 'net/protocols' -require 'net/http' - -module Net - class HTTP - class Conn < HTTPRequest - REQUEST_HAS_BODY=false - RESPONSE_HAS_BODY=false - METHOD="connect" - - def initialize - super nil, nil - end - - def exec( sock, addr, port, ver ) - @socket = sock - request(addr, port, ver) - end - - def request( addr, port, ver ) - @socket.writeline sprintf('CONNECT %s:%s HTTP/%s', addr, port, ver) - @socket.writeline '' - end - end - - module ProxyMod - def edit_path( path ) - if use_ssl - 'https://' + addr_port + path - else - 'http://' + addr_port + path - end - end - end - - def self.socket_type - SSLIO - end - - attr_reader :use_ssl - attr_writer :key, :cert - attr_writer :ca_file, :ca_path - attr_writer :verify_mode, :verify_callback, :verify_depth - attr_writer :cert_store, :timeout - attr_reader :peer_cert - - alias :default_initialize :initialize - - def initialize(*args) - default_initialize(*args) - @key = @cert = @ca_file = @ca_path = @verify_mode = - @verify_callback = @verify_depth = @timeout = @cert_store = nil - @already_connected = false - end - - def use_ssl=(flag) - if @already_connected && !@use_ssl - raise ProtocolError, "connection is alrady set up" - end - @use_ssl = flag - end - - def on_connect - if use_ssl - if proxy? - Conn.new.exec(@socket, @address, @port, "1.0") - resp = HTTPResponse.read_new(@socket) - if resp.code != '200' - raise resp.message - end - end - @socket.key = @key if @key - @socket.cert = @cert if @cert - @socket.ca_file = @ca_file - @socket.ca_path = @ca_path - @socket.verify_mode = @verify_mode - @socket.verify_callback = @verify_callback - @socket.verify_depth = @verify_depth - @socket.timeout = @timeout - @socket.cert_store = @cert_store - @socket.ssl_connect - @peer_cert = @socket.peer_cert - end - @already_connected = true - end - - end -end diff --git a/ext/openssl/lib/net/protocols.rb b/ext/openssl/lib/net/protocols.rb deleted file mode 100644 index 073d4f3027..0000000000 --- a/ext/openssl/lib/net/protocols.rb +++ /dev/null @@ -1,56 +0,0 @@ -=begin -= $RCSfile$ -- SSL/TLS enhancement for Net. - -= Info - 'OpenSSL for Ruby 2' project - Copyright (C) 2001 GOTOU YUUZOU <gotoyuzo@notwork.org> - All rights reserved. - -= Licence - This program is licenced under the same licence as Ruby. - (See the file 'LICENCE'.) - -= Requirements - This program requires Net 1.2.0 or higher version. - You can get it from RAA or Ruby's CVS repository. - -= Version - $Id$ - - 2001/11/06: Contiributed to Ruby/OpenSSL project. -=end - -require 'net/protocol' -require 'forwardable' -require 'openssl' - -module Net - class SSLIO < InternetMessageIO - extend Forwardable - - def_delegators(:@ssl_context, - :key=, :cert=, :key_file=, :cert_file=, - :ca_file=, :ca_path=, - :verify_mode=, :verify_callback=, :verify_depth=, - :timeout=, :cert_store=) - - def initialize(addr, port, otime = nil, rtime = nil, dout = nil) - super - @ssl_context = OpenSSL::SSL::SSLContext.new() - end - - def ssl_connect() - unless @ssl_context.verify_mode - warn "warning: peer certificate won't be verified in this SSL session." - @ssl_context.verify_mode = OpenSSL::SSL::VERIFY_NONE - end - @socket = OpenSSL::SSL::SSLSocket.new(@socket, @ssl_context) - @socket.sync_close = true - @socket.connect - end - - def peer_cert - @socket.peer_cert - end - end -end diff --git a/ext/openssl/lib/net/telnets.rb b/ext/openssl/lib/net/telnets.rb deleted file mode 100644 index c7ecbd717a..0000000000 --- a/ext/openssl/lib/net/telnets.rb +++ /dev/null @@ -1,250 +0,0 @@ -=begin -= $RCSfile$ -- SSL/TLS enhancement for Net::Telnet. - -= Info - 'OpenSSL for Ruby 2' project - Copyright (C) 2001 GOTOU YUUZOU <gotoyuzo@notwork.org> - All rights reserved. - -= Licence - This program is licenced under the same licence as Ruby. - (See the file 'LICENCE'.) - -= Version - $Id$ - - 2001/11/06: Contiributed to Ruby/OpenSSL project. - -== class Net::Telnet - -This class will initiate SSL/TLS session automaticaly if the server -sent OPT_STARTTLS. Some options are added for SSL/TLS. - - host = Net::Telnet::new({ - "Host" => "localhost", - "Port" => "telnets", - ## follows are new options. - 'CertFile' => "user.crt", - 'KeyFile' => "user.key", - 'CAFile' => "/some/where/certs/casert.pem", - 'CAPath' => "/some/where/caserts", - 'VerifyMode' => SSL::VERIFY_PEER, - 'VerifyCallback' => verify_proc - }) - -Or, the new options ('Cert', 'Key' and 'CACert') are available from -Michal Rokos's OpenSSL module. - - cert_data = File.open("user.crt"){|io| io.read } - pkey_data = File.open("user.key"){|io| io.read } - cacert_data = File.open("your_ca.pem"){|io| io.read } - host = Net::Telnet::new({ - "Host" => "localhost", - "Port" => "telnets", - 'Cert' => OpenSSL::X509::Certificate.new(cert_data) - 'Key' => OpenSSL::PKey::RSA.new(pkey_data) - 'CACert' => OpenSSL::X509::Certificate.new(cacert_data) - 'CAFile' => "/some/where/certs/casert.pem", - 'CAPath' => "/some/where/caserts", - 'VerifyMode' => SSL::VERIFY_PEER, - 'VerifyCallback' => verify_proc - }) - -This class is expected to be a superset of usual Net::Telnet. -=end - -require "net/telnet" -require "openssl" - -module Net - class Telnet - attr_reader :ssl - - OPT_STARTTLS = 46.chr # "\056" # "\x2e" # Start TLS - TLS_FOLLOWS = 1.chr # "\001" # "\x01" # FOLLOWS (for STARTTLS) - - alias preprocess_orig preprocess - - def ssl?; @ssl; end - - def preprocess(string) - # combine CR+NULL into CR - string = string.gsub(/#{CR}#{NULL}/no, CR) if @options["Telnetmode"] - - # combine EOL into "\n" - string = string.gsub(/#{EOL}/no, "\n") unless @options["Binmode"] - - string.gsub(/#{IAC}( - [#{IAC}#{AO}#{AYT}#{DM}#{IP}#{NOP}]| - [#{DO}#{DONT}#{WILL}#{WONT}][#{OPT_BINARY}-#{OPT_EXOPL}]| - #{SB}[#{OPT_BINARY}-#{OPT_EXOPL}] - (#{IAC}#{IAC}|[^#{IAC}])+#{IAC}#{SE} - )/xno) do - if IAC == $1 # handle escaped IAC characters - IAC - elsif AYT == $1 # respond to "IAC AYT" (are you there) - self.write("nobody here but us pigeons" + EOL) - '' - elsif DO[0] == $1[0] # respond to "IAC DO x" - if OPT_BINARY[0] == $1[1] - @telnet_option["BINARY"] = true - self.write(IAC + WILL + OPT_BINARY) - elsif OPT_STARTTLS[0] == $1[1] - self.write(IAC + WILL + OPT_STARTTLS) - self.write(IAC + SB + OPT_STARTTLS + TLS_FOLLOWS + IAC + SE) - else - self.write(IAC + WONT + $1[1..1]) - end - '' - elsif DONT[0] == $1[0] # respond to "IAC DON'T x" with "IAC WON'T x" - self.write(IAC + WONT + $1[1..1]) - '' - elsif WILL[0] == $1[0] # respond to "IAC WILL x" - if OPT_BINARY[0] == $1[1] - self.write(IAC + DO + OPT_BINARY) - elsif OPT_ECHO[0] == $1[1] - self.write(IAC + DO + OPT_ECHO) - elsif OPT_SGA[0] == $1[1] - @telnet_option["SGA"] = true - self.write(IAC + DO + OPT_SGA) - else - self.write(IAC + DONT + $1[1..1]) - end - '' - elsif WONT[0] == $1[0] # respond to "IAC WON'T x" - if OPT_ECHO[0] == $1[1] - self.write(IAC + DONT + OPT_ECHO) - elsif OPT_SGA[0] == $1[1] - @telnet_option["SGA"] = false - self.write(IAC + DONT + OPT_SGA) - else - self.write(IAC + DONT + $1[1..1]) - end - '' - elsif SB[0] == $1[0] # respond to "IAC SB xxx IAC SE" - if OPT_STARTTLS[0] == $1[1] && TLS_FOLLOWS[0] == $2[0] - @sock = OpenSSL::SSL::SSLSocket.new(@sock) - @sock.cert_file = @options['CertFile'] - @sock.cert = @options['Cert'] unless @sock.cert - @sock.key_file = @options['KeyFile'] - @sock.key = @options['Key'] unless @sock.key - @sock.ca_cert = @options['CACert'] - @sock.ca_file = @options['CAFile'] - @sock.ca_path = @options['CAPath'] - @sock.timeout = @options['Timeout'] - @sock.verify_mode = @options['VerifyMode'] - @sock.verify_callback = @options['VerifyCallback'] - @sock.verify_depth = @options['VerifyDepth'] - @sock.connect - @ssl = true - end - '' - else - '' - end - end - end # preprocess - - alias waitfor_org waitfor - - def waitfor(options) - time_out = @options["Timeout"] - waittime = @options["Waittime"] - - if options.kind_of?(Hash) - prompt = if options.has_key?("Match") - options["Match"] - elsif options.has_key?("Prompt") - options["Prompt"] - elsif options.has_key?("String") - Regexp.new( Regexp.quote(options["String"]) ) - end - time_out = options["Timeout"] if options.has_key?("Timeout") - waittime = options["Waittime"] if options.has_key?("Waittime") - else - prompt = options - end - - if time_out == false - time_out = nil - end - - line = '' - buf = '' - @rest = '' unless @rest - - until(prompt === line and not IO::select([@sock], nil, nil, waittime)) - unless IO::select([@sock], nil, nil, time_out) - raise TimeoutError, "timed-out; wait for the next data" - end - begin - c = @rest + @sock.sysread(1024 * 1024) - @dumplog.log_dump('<', c) if @options.has_key?("Dump_log") - if @options["Telnetmode"] - pos = 0 - catch(:next){ - while true - case c[pos] - when IAC[0] - case c[pos+1] - when DO[0], DONT[0], WILL[0], WONT[0] - throw :next unless c[pos+2] - pos += 3 - when SB[0] - ret = detect_sub_negotiation(c, pos) - throw :next unless ret - pos = ret - when nil - throw :next - else - pos += 2 - end - when nil - throw :next - else - pos += 1 - end - end - } - - buf = preprocess(c[0...pos]) - @rest = c[pos..-1] - end - @log.print(buf) if @options.has_key?("Output_log") - line.concat(buf) - yield buf if block_given? - rescue EOFError # End of file reached - if line == '' - line = nil - yield nil if block_given? - end - break - end - end - line - end - - private - - def detect_sub_negotiation(data, pos) - return nil if data.length < pos+6 # IAC SB x param IAC SE - pos += 3 - while true - case data[pos] - when IAC[0] - if data[pos+1] == SE[0] - pos += 2 - return pos - else - pos += 2 - end - when nil - return nil - else - pos += 1 - end - end - end - - end -end |