Allow gem user to manipulate SSL Context - Githubissues

stompgem / stomp

A ruby gem for sending and receiving messages from a Stomp protocol compliant message queue. Includes: failover logic, ssl support.

http://stomp.github.com

Apache License 2.0

152 stars 80 forks source link

Allow gem user to manipulate SSL Context #105

Closed gmallard closed 9 years ago

gmallard commented 9 years ago

Provide a general way for a gem SSL user to manipulate the ssl context, immediately prior to the connection logic.

gmallard commented 9 years ago

Current thinking is:

Allow the gem user to (indirectly, through SSLParams) do, for example:

ctx.options = OpenSSL::SSL::OP_EPHEMERAL_RSA | OpenSSL::SSL::OP_NO_SSLv2

A gem user would initialize SSLParams something like:

ssl_parms = Stomp::SSLParams.new(:ctx_opts =>
    OpenSSL::SSL::OP_EPHEMERAL_RSA | OpenSSL::SSL::OP_NO_SSLv2. ....

gmallard commented 9 years ago

After what is described above, gem code would have:

ctx.options = @ssl.ctx_opts if @ssl.ctx_opts && ctx.respond_to? :options=

gmallard commented 9 years ago

Another possible gem user scenario:

          opts = OpenSSL::SSL::OP_ALL
          opts &= ~OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS if defined?(Open
SSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS)
          opts |= OpenSSL::SSL::OP_NO_COMPRESSION if defined?(OpenSSL::SSL::OP_NO_COMPRESSION)
          opts |= OpenSSL::SSL::OP_NO_SSLv2 if defined?(OpenSSL::SSL::OP_NO_SSLv2)
          opts |= OpenSSL::SSL::OP_NO_SSLv3 if defined?(OpenSSL::SSL::OP_NO_SSLv3)
          ssl_parms = Stomp::SSLParams.new(:ctx_opts => opts, ..........

gmallard commented 9 years ago

Closing, see:

73a654d