Skip to content

datanoise/openssl.cr

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

33 Commits
examples
examples
 
 
spec
spec
 
 
src
src
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

openssl.cr

This library provides binding for OpenSSL library.

Status

Alpha

Requirements

  • Crystal language version 0.9 and higher.
  • openssl version 1.0.2a or higher

On Mac OSX the default openssl is quite outdated. You can use homebrew to install the latest openssl:

$ brew install openssl

You will also need to set up the LIBRARY_PATH correspondingly in order to be able to compile the library:

export LIBRARY_PATH=`brew --prefix openssl`/lib

Goal

The standard crystal library comes with quite limited support for OpenSSL, lacking many features like SSL verification, the X509 certificate API, etc. This library is aimed to remedy the situation.

Usage

This is an example of specifying the custom verification callback when initiating HTTPS connection:

require "socket"
require "./src/openssl"

include OpenSSL

TCPSocket.open("www.google.com", 443) do |socket|
  ssl_ctx = SSL::Context.new(SSL::Method::SSLv23)
  ssl_ctx.set_default_verify_paths
  ssl_ctx.set_verify SSL::VerifyMode::PEER do |ok, store|
    certificate = store.certificate
    pp ok
    pp certificate.subject_name
    ok
  end
  SSL::Socket.new_client(socket, ssl_ctx) do |client|
    client.write("GET / HTTP/1.1\r\n".to_slice)
    client.write("\r\n".to_slice)
    buf :: UInt8[512]
    slice = buf.to_slice
    loop do
      len = client.read(slice)
      break if len == 0
      puts "From server: #{String.new slice[0,len]}"
    end
  end
end

This is the basic usage of SSL server:

require "socket"
require "../src/openssl"

include OpenSSL

tcp_server = TCPServer.new(5555)

ssl_ctx = SSL::Context.new(SSL::Method::SSLv23)
ssl_ctx.certificate_file = "my_cert.pem"
ssl_ctx.private_key_file = "my_key.pem"

loop do
  client = tcp_server.accept
  SSL::Socket.new_server(client, ssl_ctx) do |client|
    buf :: UInt8[512]
    slice = buf.to_slice
    loop do
      len = client.read(slice)
      if len > 0
        client.write(slice[0, len])
      else
        break
      end
    end
  end
end

If you have a need to generate your own self-signed certificate:

certificate, pkey =
  OpenSSL::X509::Generator.generate do |g|
    g.bitlength = 2048
    g.valid_period = 365 * 2
    g.cn = "MyName"
    g.usage << Generator::KeyUsage::DigitalSignature
  end
puts certificate.to_pem

ToDo

  • Extend X509::Certificate to get access to extentions, X509CRL, etc.
  • X509::Generate is quite primitive at the moment.

License

MIT clause - see LICENSE for more details.

About

OpenSSL binding for Crystal language

Resources

Readme

License

MIT license
Activity

Stars

20 stars

Watchers

6 watching

Forks

11 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages