require 'socket' require 'openssl' require 'net/ssh/proxy/errors' require 'net/ssh/proxy/http' module Net module SSH module Proxy # A specialization of the HTTP proxy which encrypts the whole connection # using OpenSSL. This has the advantage that proxy authentication # information is not sent in plaintext. class HTTPS < HTTP # Create a new socket factory that tunnels via the given host and # port. The +options+ parameter is a hash of additional settings that # can be used to tweak this proxy connection. In addition to the options # taken by Net::SSH::Proxy::HTTP it supports: # # * :ssl_context => the SSL configuration to use for the connection def initialize(proxy_host, proxy_port=80, options={}) @ssl_context = options.delete(:ssl_context) || OpenSSL::SSL::SSLContext.new super(proxy_host, proxy_port, options) end protected # Shim to make OpenSSL::SSL::SSLSocket behave like a regular TCPSocket # for all intents and purposes of Net::SSH::BufferedIo module SSLSocketCompatibility def self.extended(object) #:nodoc: object.define_singleton_method(:recv, object.method(:sysread)) object.sync_close = true end def send(data, _opts) syswrite(data) end end def establish_connection(connect_timeout) plain_socket = super(connect_timeout) OpenSSL::SSL::SSLSocket.new(plain_socket, @ssl_context).tap do |socket| socket.extend(SSLSocketCompatibility) socket.connect end end end end end end