* lib/net/http.rb: spin off https code again.

* lib/net/https.rb: new file. * ext/openssl/lib/net/https.rb: removed. moved to net/https with modifications. * ext/openssl/lib/net/protocol.rb: removed. merged with net/http. * lib/net/protocol.rb: new class BufferedIO. * lib/net/protocol.rb: InternetMessageIO < BufferedIO. * lib/net/protocol.rb: BufferedIO.new takes an IO. * lib/net/smtp.rb: follow InternetMessageIO's change. * lib/net/pop.rb: ditto. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@5908 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2022-11-09 12:17:21 -05:00 · 2004-03-06 17:08:21 +00:00 · 2004-03-06 17:08:21 +00:00 · 3eedf9156c
commit 3eedf9156c
parent dd53813e38
8 changed files with 379 additions and 392 deletions
--- a/lib/net/https.rb
+++ b/lib/net/https.rb
@ -0,0 +1,177 @@
+=begin
+
+= $RCSfile$ -- SSL/TLS enhancement for Net::HTTP.
+
+== Info
+  'OpenSSL for Ruby 2' project
+  Copyright (C) 2001 GOTOU Yuuzou <gotoyuzo@notwork.org>
+  All rights reserved.
+
+== Licence
+  This program is licenced under the same licence as Ruby.
+  (See the file 'LICENCE'.)
+
+== Requirements
+  This program requires Net 1.2.0 or higher version.
+  You can get it from RAA or Ruby's CVS repository.
+
+== Version
+  $Id$
+  
+  2001-11-06: Contiributed to Ruby/OpenSSL project.
+  2004-03-06: Some code is merged in to net/http.
+
+== Example
+
+Here is a simple HTTP client:
+
+    require 'net/http'
+    require 'uri'
+
+    uri = URI.parse(ARGV[0] || 'http://localhost/')
+    http = Net::HTTP.new(uri.host, uri.port)
+    http.start {
+      http.request_get(uri.path) {|res|
+        print res.body
+      }
+    }
+
+It can be replaced by the following code:
+
+    require 'net/https'
+    require 'uri'
+
+    uri = URI.parse(ARGV[0] || 'https://localhost/')
+    http = Net::HTTP.new(uri.host, uri.port)
+    http.use_ssl = true if uri.scheme == "https"  # enable SSL/TLS
+    http.start {
+      http.request_get(uri.path) {|res|
+        print res.body
+      }
+    }
+
+== class Net::HTTP
+
+=== Instance Methods
+
+: use_ssl?
+    returns true if use SSL/TLS with HTTP.
+
+: use_ssl=((|true_or_false|))
+    sets use_ssl.
+
+: peer_cert
+    return the X.509 certificates the server presented.
+
+: key, key=((|key|))
+    Sets an OpenSSL::PKey::RSA or OpenSSL::PKey::DSA object.
+    (This method is appeared in Michal Rokos's OpenSSL extention.)
+
+: key_file, key_file=((|path|))
+    Sets a private key file to use in PEM format.
+
+: cert, cert=((|cert|))
+    Sets an OpenSSL::X509::Certificate object as client certificate
+    (This method is appeared in Michal Rokos's OpenSSL extention).
+
+: cert_file, cert_file=((|path|))
+    Sets pathname of a X.509 certification file in PEM format.
+
+: ca_file, ca_file=((|path|))
+    Sets path of a CA certification file in PEM format.
+    The file can contrain several CA certificats.
+
+: ca_path, ca_path=((|path|))
+    Sets path of a CA certification directory containing certifications
+    in PEM format.
+
+: verify_mode, verify_mode=((|mode|))
+    Sets the flags for server the certification verification at
+    begining of SSL/TLS session.
+    OpenSSL::SSL::VERIFY_NONE or OpenSSL::SSL::VERIFY_PEER is acceptable.
+
+: verify_callback, verify_callback=((|proc|))
+    Sets the verify callback for the server certification verification.
+
+: verify_depth, verify_depth=((|num|))
+    Sets the maximum depth for the certificate chain verification.
+
+: cert_store, cert_store=((|store|))
+    Sets the X509::Store to verify peer certificate.
+
+: ssl_timeout, ssl_timeout=((|sec|))
+    Sets the SSL timeout seconds.
+
+=end
+
+require 'net/http'
+require 'openssl'
+
+module Net
+
+  class HTTP
+    remove_method :use_ssl?
+    def use_ssl?
+      @use_ssl
+    end
+
+    alias use_ssl use_ssl?   # for backward compatibility
+
+    # Turn on/off SSL.
+    # This flag must be set before starting session.
+    # If you change use_ssl value after session started,
+    # a Net::HTTP object raises IOError.
+    def use_ssl=(flag)
+      flag = (flag ? true : false)
+      raise IOError, "use_ssl value changed but session already started" \
+          if started? and @use_ssl != flag
+      if flag and not @ssl_context
+        @ssl_context = OpenSSL::SSL::SSLContext.new
+      end
+      @use_ssl = flag
+    end
+
+    def self.ssl_context_accessor(name)
+      module_eval(<<-End, __FILE__, __LINE__ + 1)
+        def #{name}
+          return nil unless @ssl_context
+          @ssl_context.#{name}
+        end
+
+        def #{name}=(val)
+          @ssl_context ||= OpenSSL::SSL::SSLContext.new
+          @ssl_context.#{name} = val
+        end
+      End
+    end
+
+    ssl_context_accessor :key
+    ssl_context_accessor :cert
+    ssl_context_accessor :ca_file
+    ssl_context_accessor :ca_path
+    ssl_context_accessor :verify_mode
+    ssl_context_accessor :verify_callback
+    ssl_context_accessor :verify_depth
+    ssl_context_accessor :cert_store
+
+    def ssl_timeout
+      return nil unless @ssl_context
+      @ssl_context.timeout
+    end
+
+    def ssl_timeout=(sec)
+      raise ArgumentError, 'Net::HTTP#ssl_timeout= called but use_ssl=false' \
+          unless use_ssl?
+      @ssl_context ||= OpenSSL::SSL::SSLContext.new
+      @ssl_context.timeout = sec
+    end
+
+    alias timeout= ssl_timeout=   # for backward compatibility
+
+    def peer_cert
+      return nil if not use_ssl? or not @socket
+      @socket.io.peer_cert
+    end
+  end
+
+end