Skip to content

Commit

Permalink
Add renegotiation cb (#121)
Browse files Browse the repository at this point in the history
* Add support for renegotiation_cb on SSLContext
lampad authored and kares committed Feb 16, 2017
1 parent b1bac76 commit 279bd0a
Showing 3 changed files with 28 additions and 0 deletions.
1 change: 1 addition & 0 deletions src/main/java/org/jruby/ext/openssl/SSLContext.java
Original file line number Diff line number Diff line change
@@ -175,6 +175,7 @@ public static void createSSLContext(final Ruby runtime, final RubyModule SSL) {
SSLContext.addReadWriteAttribute(context, "session_id_context");
SSLContext.addReadWriteAttribute(context, "tmp_dh_callback");
SSLContext.addReadWriteAttribute(context, "servername_cb");
SSLContext.addReadWriteAttribute(context, "renegotiation_cb");

SSLContext.defineAlias("ssl_timeout", "timeout");
SSLContext.defineAlias("ssl_timeout=", "timeout=");
14 changes: 14 additions & 0 deletions src/main/java/org/jruby/ext/openssl/SSLSocket.java
Original file line number Diff line number Diff line change
@@ -241,6 +241,7 @@ private IRubyObject connectImpl(final ThreadContext context, final boolean block
handshakeStatus = engine.getHandshakeStatus();
initialHandshake = true;
}
callRenegotiationCallback(context);
final IRubyObject ex = doHandshake(blocking, exception);
if ( ex != null ) return ex; // :wait_readable | :wait_writable
}
@@ -324,6 +325,7 @@ private IRubyObject acceptImpl(final ThreadContext context, final boolean blocki
handshakeStatus = engine.getHandshakeStatus();
initialHandshake = true;
}
callRenegotiationCallback(context);
final IRubyObject ex = doHandshake(blocking, exception);
if ( ex != null ) return ex; // :wait_readable | :wait_writable
}
@@ -591,6 +593,18 @@ private int writeToChannel(ByteBuffer buffer, boolean blocking) throws IOExcepti
private void finishInitialHandshake() {
initialHandshake = false;
}

private void callRenegotiationCallback(final ThreadContext context) throws RaiseException {
IRubyObject renegotiationCallback = sslContext.getInstanceVariable("@renegotiation_cb");
if(renegotiationCallback == null || renegotiationCallback.isNil()) {
return;
}
else {
// the return of the Proc is not important
// Can throw ruby exception to "disallow" renegotiations
renegotiationCallback.callMethod(context, "call", this);
}
}

public int write(ByteBuffer src, boolean blocking) throws SSLException, IOException {
if ( initialHandshake ) {
13 changes: 13 additions & 0 deletions src/test/ruby/ssl/test_ssl.rb
Original file line number Diff line number Diff line change
@@ -185,4 +185,17 @@ def test_connect_nonblock_would_block
end
end if RUBY_VERSION > '1.9'

def test_renegotiation_cb
num_handshakes = 0
renegotiation_cb = Proc.new { |ssl| num_handshakes += 1 }
ctx_proc = Proc.new { |ctx| ctx.renegotiation_cb = renegotiation_cb }
start_server(PORT, OpenSSL::SSL::VERIFY_NONE, true, {:ctx_proc => ctx_proc}) do |server, port|
sock = TCPSocket.new("127.0.0.1", port)
ssl = OpenSSL::SSL::SSLSocket.new(sock)
ssl.connect
assert_equal(1, num_handshakes)
ssl.close
end
end

end

0 comments on commit 279bd0a

Please sign in to comment.