# OpenSSL provides SSL, TLS and general purpose cryptography. It wraps the # [OpenSSL](https://www.openssl.org/) library. # # # Examples # # All examples assume you have loaded OpenSSL with: # # require 'openssl' # # These examples build atop each other. For example the key created in the next # is used in throughout these examples. # # ## Keys # # ### Creating a Key # # This example creates a 2048 bit RSA keypair and writes it to the current # directory. # # key = OpenSSL::PKey::RSA.new 2048 # # open 'private_key.pem', 'w' do |io| io.write key.to_pem end # open 'public_key.pem', 'w' do |io| io.write key.public_key.to_pem end # # ### Exporting a Key # # Keys saved to disk without encryption are not secure as anyone who gets ahold # of the key may use it unless it is encrypted. In order to securely export a # key you may export it with a pass phrase. # # cipher = OpenSSL::Cipher.new 'AES-256-CBC' # pass_phrase = 'my secure pass phrase goes here' # # key_secure = key.export cipher, pass_phrase # # open 'private.secure.pem', 'w' do |io| # io.write key_secure # end # # OpenSSL::Cipher.ciphers returns a list of available ciphers. # # ### Loading a Key # # A key can also be loaded from a file. # # key2 = OpenSSL::PKey::RSA.new File.read 'private_key.pem' # key2.public? # => true # key2.private? # => true # # or # # key3 = OpenSSL::PKey::RSA.new File.read 'public_key.pem' # key3.public? # => true # key3.private? # => false # # ### Loading an Encrypted Key # # OpenSSL will prompt you for your pass phrase when loading an encrypted key. If # you will not be able to type in the pass phrase you may provide it when # loading the key: # # key4_pem = File.read 'private.secure.pem' # pass_phrase = 'my secure pass phrase goes here' # key4 = OpenSSL::PKey::RSA.new key4_pem, pass_phrase # # ## RSA Encryption # # RSA provides encryption and decryption using the public and private keys. You # can use a variety of padding methods depending upon the intended use of # encrypted data. # # ### Encryption & Decryption # # Asymmetric public/private key encryption is slow and victim to attack in cases # where it is used without padding or directly to encrypt larger chunks of data. # Typical use cases for RSA encryption involve "wrapping" a symmetric key with # the public key of the recipient who would "unwrap" that symmetric key again # using their private key. The following illustrates a simplified example of # such a key transport scheme. It shouldn't be used in practice, though, # standardized protocols should always be preferred. # # wrapped_key = key.public_encrypt key # # A symmetric key encrypted with the public key can only be decrypted with the # corresponding private key of the recipient. # # original_key = key.private_decrypt wrapped_key # # By default PKCS#1 padding will be used, but it is also possible to use other # forms of padding, see PKey::RSA for further details. # # ### Signatures # # Using "private_encrypt" to encrypt some data with the private key is # equivalent to applying a digital signature to the data. A verifying party may # validate the signature by comparing the result of decrypting the signature # with "public_decrypt" to the original data. However, OpenSSL::PKey already has # methods "sign" and "verify" that handle digital signatures in a standardized # way - "private_encrypt" and "public_decrypt" shouldn't be used in practice. # # To sign a document, a cryptographically secure hash of the document is # computed first, which is then signed using the private key. # # signature = key.sign 'SHA256', document # # To validate the signature, again a hash of the document is computed and the # signature is decrypted using the public key. The result is then compared to # the hash just computed, if they are equal the signature was valid. # # if key.verify 'SHA256', signature, document # puts 'Valid' # else # puts 'Invalid' # end # # ## PBKDF2 Password-based Encryption # # If supported by the underlying OpenSSL version used, Password-based Encryption # should use the features of PKCS5. If not supported or if required by legacy # applications, the older, less secure methods specified in RFC 2898 are also # supported (see below). # # PKCS5 supports PBKDF2 as it was specified in PKCS#5 # [v2.0](http://www.rsa.com/rsalabs/node.asp?id=2127). It still uses a password, # a salt, and additionally a number of iterations that will slow the key # derivation process down. The slower this is, the more work it requires being # able to brute-force the resulting key. # # ### Encryption # # The strategy is to first instantiate a Cipher for encryption, and then to # generate a random IV plus a key derived from the password using PBKDF2. PKCS # #5 v2.0 recommends at least 8 bytes for the salt, the number of iterations # largely depends on the hardware being used. # # cipher = OpenSSL::Cipher.new 'AES-256-CBC' # cipher.encrypt # iv = cipher.random_iv # # pwd = 'some hopefully not to easily guessable password' # salt = OpenSSL::Random.random_bytes 16 # iter = 20000 # key_len = cipher.key_len # digest = OpenSSL::Digest.new('SHA256') # # key = OpenSSL::PKCS5.pbkdf2_hmac(pwd, salt, iter, key_len, digest) # cipher.key = key # # Now encrypt the data: # # encrypted = cipher.update document # encrypted << cipher.final # # ### Decryption # # Use the same steps as before to derive the symmetric AES key, this time # setting the Cipher up for decryption. # # cipher = OpenSSL::Cipher.new 'AES-256-CBC' # cipher.decrypt # cipher.iv = iv # the one generated with #random_iv # # pwd = 'some hopefully not to easily guessable password' # salt = ... # the one generated above # iter = 20000 # key_len = cipher.key_len # digest = OpenSSL::Digest.new('SHA256') # # key = OpenSSL::PKCS5.pbkdf2_hmac(pwd, salt, iter, key_len, digest) # cipher.key = key # # Now decrypt the data: # # decrypted = cipher.update encrypted # decrypted << cipher.final # # ## PKCS #5 Password-based Encryption # # PKCS #5 is a password-based encryption standard documented at # [RFC2898](http://www.ietf.org/rfc/rfc2898.txt). It allows a short password or # passphrase to be used to create a secure encryption key. If possible, PBKDF2 # as described above should be used if the circumstances allow it. # # PKCS #5 uses a Cipher, a pass phrase and a salt to generate an encryption key. # # pass_phrase = 'my secure pass phrase goes here' # salt = '8 octets' # # ### Encryption # # First set up the cipher for encryption # # encryptor = OpenSSL::Cipher.new 'AES-256-CBC' # encryptor.encrypt # encryptor.pkcs5_keyivgen pass_phrase, salt # # Then pass the data you want to encrypt through # # encrypted = encryptor.update 'top secret document' # encrypted << encryptor.final # # ### Decryption # # Use a new Cipher instance set up for decryption # # decryptor = OpenSSL::Cipher.new 'AES-256-CBC' # decryptor.decrypt # decryptor.pkcs5_keyivgen pass_phrase, salt # # Then pass the data you want to decrypt through # # plain = decryptor.update encrypted # plain << decryptor.final # # ## X509 Certificates # # ### Creating a Certificate # # This example creates a self-signed certificate using an RSA key and a SHA1 # signature. # # key = OpenSSL::PKey::RSA.new 2048 # name = OpenSSL::X509::Name.parse '/CN=nobody/DC=example' # # cert = OpenSSL::X509::Certificate.new # cert.version = 2 # cert.serial = 0 # cert.not_before = Time.now # cert.not_after = Time.now + 3600 # # cert.public_key = key.public_key # cert.subject = name # # ### Certificate Extensions # # You can add extensions to the certificate with OpenSSL::SSL::ExtensionFactory # to indicate the purpose of the certificate. # # extension_factory = OpenSSL::X509::ExtensionFactory.new nil, cert # # cert.add_extension \ # extension_factory.create_extension('basicConstraints', 'CA:FALSE', true) # # cert.add_extension \ # extension_factory.create_extension( # 'keyUsage', 'keyEncipherment,dataEncipherment,digitalSignature') # # cert.add_extension \ # extension_factory.create_extension('subjectKeyIdentifier', 'hash') # # The list of supported extensions (and in some cases their possible values) can # be derived from the "objects.h" file in the OpenSSL source code. # # ### Signing a Certificate # # To sign a certificate set the issuer and use OpenSSL::X509::Certificate#sign # with a digest algorithm. This creates a self-signed cert because we're using # the same name and key to sign the certificate as was used to create the # certificate. # # cert.issuer = name # cert.sign key, OpenSSL::Digest.new('SHA1') # # open 'certificate.pem', 'w' do |io| io.write cert.to_pem end # # ### Loading a Certificate # # Like a key, a cert can also be loaded from a file. # # cert2 = OpenSSL::X509::Certificate.new File.read 'certificate.pem' # # ### Verifying a Certificate # # Certificate#verify will return true when a certificate was signed with the # given public key. # # raise 'certificate can not be verified' unless cert2.verify key # # ## Certificate Authority # # A certificate authority (CA) is a trusted third party that allows you to # verify the ownership of unknown certificates. The CA issues key signatures # that indicate it trusts the user of that key. A user encountering the key can # verify the signature by using the CA's public key. # # ### CA Key # # CA keys are valuable, so we encrypt and save it to disk and make sure it is # not readable by other users. # # ca_key = OpenSSL::PKey::RSA.new 2048 # pass_phrase = 'my secure pass phrase goes here' # # cipher = OpenSSL::Cipher.new 'AES-256-CBC' # # open 'ca_key.pem', 'w', 0400 do |io| # io.write ca_key.export(cipher, pass_phrase) # end # # ### CA Certificate # # A CA certificate is created the same way we created a certificate above, but # with different extensions. # # ca_name = OpenSSL::X509::Name.parse '/CN=ca/DC=example' # # ca_cert = OpenSSL::X509::Certificate.new # ca_cert.serial = 0 # ca_cert.version = 2 # ca_cert.not_before = Time.now # ca_cert.not_after = Time.now + 86400 # # ca_cert.public_key = ca_key.public_key # ca_cert.subject = ca_name # ca_cert.issuer = ca_name # # extension_factory = OpenSSL::X509::ExtensionFactory.new # extension_factory.subject_certificate = ca_cert # extension_factory.issuer_certificate = ca_cert # # ca_cert.add_extension \ # extension_factory.create_extension('subjectKeyIdentifier', 'hash') # # This extension indicates the CA's key may be used as a CA. # # ca_cert.add_extension \ # extension_factory.create_extension('basicConstraints', 'CA:TRUE', true) # # This extension indicates the CA's key may be used to verify signatures on both # certificates and certificate revocations. # # ca_cert.add_extension \ # extension_factory.create_extension( # 'keyUsage', 'cRLSign,keyCertSign', true) # # Root CA certificates are self-signed. # # ca_cert.sign ca_key, OpenSSL::Digest.new('SHA1') # # The CA certificate is saved to disk so it may be distributed to all the users # of the keys this CA will sign. # # open 'ca_cert.pem', 'w' do |io| # io.write ca_cert.to_pem # end # # ### Certificate Signing Request # # The CA signs keys through a Certificate Signing Request (CSR). The CSR # contains the information necessary to identify the key. # # csr = OpenSSL::X509::Request.new # csr.version = 0 # csr.subject = name # csr.public_key = key.public_key # csr.sign key, OpenSSL::Digest.new('SHA1') # # A CSR is saved to disk and sent to the CA for signing. # # open 'csr.pem', 'w' do |io| # io.write csr.to_pem # end # # ### Creating a Certificate from a CSR # # Upon receiving a CSR the CA will verify it before signing it. A minimal # verification would be to check the CSR's signature. # # csr = OpenSSL::X509::Request.new File.read 'csr.pem' # # raise 'CSR can not be verified' unless csr.verify csr.public_key # # After verification a certificate is created, marked for various usages, signed # with the CA key and returned to the requester. # # csr_cert = OpenSSL::X509::Certificate.new # csr_cert.serial = 0 # csr_cert.version = 2 # csr_cert.not_before = Time.now # csr_cert.not_after = Time.now + 600 # # csr_cert.subject = csr.subject # csr_cert.public_key = csr.public_key # csr_cert.issuer = ca_cert.subject # # extension_factory = OpenSSL::X509::ExtensionFactory.new # extension_factory.subject_certificate = csr_cert # extension_factory.issuer_certificate = ca_cert # # csr_cert.add_extension \ # extension_factory.create_extension('basicConstraints', 'CA:FALSE') # # csr_cert.add_extension \ # extension_factory.create_extension( # 'keyUsage', 'keyEncipherment,dataEncipherment,digitalSignature') # # csr_cert.add_extension \ # extension_factory.create_extension('subjectKeyIdentifier', 'hash') # # csr_cert.sign ca_key, OpenSSL::Digest.new('SHA1') # # open 'csr_cert.pem', 'w' do |io| # io.write csr_cert.to_pem # end # # ## SSL and TLS Connections # # Using our created key and certificate we can create an SSL or TLS connection. # An SSLContext is used to set up an SSL session. # # context = OpenSSL::SSL::SSLContext.new # # ### SSL Server # # An SSL server requires the certificate and private key to communicate securely # with its clients: # # context.cert = cert # context.key = key # # Then create an SSLServer with a TCP server socket and the context. Use the # SSLServer like an ordinary TCP server. # # require 'socket' # # tcp_server = TCPServer.new 5000 # ssl_server = OpenSSL::SSL::SSLServer.new tcp_server, context # # loop do # ssl_connection = ssl_server.accept # # data = connection.gets # # response = "I got #{data.dump}" # puts response # # connection.puts "I got #{data.dump}" # connection.close # end # # ### SSL client # # An SSL client is created with a TCP socket and the context. SSLSocket#connect # must be called to initiate the SSL handshake and start encryption. A key and # certificate are not required for the client socket. # # Note that SSLSocket#close doesn't close the underlying socket by default. Set # SSLSocket#sync_close to true if you want. # # require 'socket' # # tcp_socket = TCPSocket.new 'localhost', 5000 # ssl_client = OpenSSL::SSL::SSLSocket.new tcp_socket, context # ssl_client.sync_close = true # ssl_client.connect # # ssl_client.puts "hello server!" # puts ssl_client.gets # # ssl_client.close # shutdown the TLS connection and close tcp_socket # # ### Peer Verification # # An unverified SSL connection does not provide much security. For enhanced # security the client or server can verify the certificate of its peer. # # The client can be modified to verify the server's certificate against the # certificate authority's certificate: # # context.ca_file = 'ca_cert.pem' # context.verify_mode = OpenSSL::SSL::VERIFY_PEER # # require 'socket' # # tcp_socket = TCPSocket.new 'localhost', 5000 # ssl_client = OpenSSL::SSL::SSLSocket.new tcp_socket, context # ssl_client.connect # # ssl_client.puts "hello server!" # puts ssl_client.gets # # If the server certificate is invalid or `context.ca_file` is not set when # verifying peers an OpenSSL::SSL::SSLError will be raised. module OpenSSL # Returns a Digest subclass by *name* # # require 'openssl' # # OpenSSL::Digest("MD5") # # => OpenSSL::Digest::MD5 # # Digest("Foo") # # => NameError: wrong constant name Foo # def self.Digest: (String name) -> singleton(Digest) def self.debug: () -> bool # Turns on or off debug mode. With debug mode, all erros added to the OpenSSL # error queue will be printed to stderr. # def self.debug=: [U] (boolish) -> U # See any remaining errors held in queue. # # Any errors you see here are probably due to a bug in Ruby's OpenSSL # implementation. # def self.errors: () -> Array[String] def self.fips_mode: () -> bool # Turns FIPS mode on or off. Turning on FIPS mode will obviously only have an # effect for FIPS-capable installations of the OpenSSL library. Trying to do so # otherwise will result in an error. # # ### Examples # OpenSSL.fips_mode = true # turn FIPS mode on # OpenSSL.fips_mode = false # and off again # def self.fips_mode=: [U] (boolish) -> U # Constant time memory comparison for fixed length strings, such as results of # HMAC calculations. # # Returns `true` if the strings are identical, `false` if they are of the same # length but not identical. If the length is different, `ArgumentError` is # raised. # def self.fixed_length_secure_compare: (String, String) -> bool # Constant time memory comparison. Inputs are hashed using SHA-256 to mask the # length of the secret. Returns `true` if the strings are identical, `false` # otherwise. # # def self.secure_compare: (String a, String b) -> bool OPENSSL_FIPS: bool OPENSSL_LIBRARY_VERSION: String OPENSSL_VERSION: String OPENSSL_VERSION_NUMBER: Integer VERSION: String module ASN1 type tagging = :IMPLICIT | :EXPLICIT type tag_class = :UNIVERSAL | :CONTEXT_SPECIFIC | :APPLICATION | :PRIVATE def self.BMPString: (String value, ?bn tag, ?tagging tagging) -> BMPString def self.BitString: (String value, ?bn tag, ?tagging tagging) -> BitString def self.Boolean: (boolish value, ?bn tag, ?tagging tagging) -> Boolean def self.EndOfContent: () -> EndOfContent def self.Enumerated: (bn value, ?bn tag, ?tagging tagging) -> Enumerated def self.GeneralString: (String value, ?bn tag, ?tagging tagging) -> GeneralString def self.GeneralizedTime: (::Time value, ?bn tag, ?tagging tagging) -> GeneralizedTime def self.GraphicString: (String value, ?bn tag, ?tagging tagging) -> GraphicString def self.IA5String: (String value, ?bn tag, ?tagging tagging) -> IA5String def self.ISO64String: (String value, ?bn tag, ?tagging tagging) -> ISO64String def self.Integer: (bn value, ?bn tag, ?tagging tagging) -> Integer def self.Null: (nil) -> Null def self.NumericString: (String value, ?bn tag, ?tagging tagging) -> NumericString def self.ObjectId: (String value, ?bn tag, ?tagging tagging) -> ObjectId def self.OctetString: (String value, ?bn tag, ?tagging tagging) -> OctetString def self.PrintableString: (String value, ?bn tag, ?tagging tagging) -> PrintableString def self.Sequence: (Array[ASN1Data] value, ?bn tag, ?tagging tagging) -> Sequence def self.Set: (Array[ASN1Data] value, ?bn tag, ?tagging tagging) -> Set def self.T61String: (String value, ?bn tag, ?tagging tagging) -> T61String def self.UTCTime: (::Time value, ?bn tag, ?tagging tagging) -> UTCTime def self.UTF8String: (String value, ?bn tag, ?tagging tagging) -> UTF8String def self.UniversalString: (String value, ?bn tag, ?tagging tagging) -> UniversalString def self.VideotexString: (String value, ?bn tag, ?tagging tagging) -> VideotexString def self.decode: (String | _ToDer der) -> ASN1Data def self.decode_all: (String | _ToDer der) -> Array[ASN1Data] def self.traverse: (String | _ToDer der) { (::Integer, ::Integer, ::Integer, ::Integer, bool, tag_class, ::Integer) -> void } -> void BIT_STRING: Integer BMPSTRING: Integer BOOLEAN: Integer CHARACTER_STRING: Integer EMBEDDED_PDV: Integer ENUMERATED: Integer EOC: Integer EXTERNAL: Integer GENERALIZEDTIME: Integer GENERALSTRING: Integer GRAPHICSTRING: Integer IA5STRING: Integer INTEGER: Integer ISO64STRING: Integer NULL: Integer NUMERICSTRING: Integer OBJECT: Integer OBJECT_DESCRIPTOR: Integer OCTET_STRING: Integer PRINTABLESTRING: Integer REAL: Integer RELATIVE_OID: Integer SEQUENCE: Integer SET: Integer T61STRING: Integer UNIVERSALSTRING: Integer UNIVERSAL_TAG_NAME: Array[untyped] UTCTIME: Integer UTF8STRING: Integer VIDEOTEXSTRING: Integer interface _ToDer def to_der: () -> String end class ASN1Data public def indefinite_length: () -> bool def indefinite_length=: [U] (boolish) -> U alias infinite_length indefinite_length alias infinite_length= indefinite_length= def tag: () -> bn def tag=: (::Integer) -> ::Integer | (BN) -> BN def tag_class: () -> tag_class def tag_class=: (tag_class) -> tag_class def to_der: () -> String def value: () -> untyped def value=: (untyped) -> untyped private def initialize: (untyped value, ::Integer tag, tag_class tag_class) -> void end class ASN1Error < OpenSSL::OpenSSLError end class BMPString < OpenSSL::ASN1::Primitive end class BitString < OpenSSL::ASN1::Primitive public def unused_bits: () -> ::Integer def unused_bits=: (::Integer) -> ::Integer def value: () -> String def value=: (String) -> String end class Boolean < OpenSSL::ASN1::Primitive def value: () -> bool def value=: [U] (boolish) -> U end class Constructive < OpenSSL::ASN1::ASN1Data include Enumerable[ASN1Data] public def each: () ?{ (ASN1Data) -> void }-> self def tagging: () -> tagging? def tagging=: (tagging) -> tagging def to_der: () -> String private def initialize: (Array[ASN1Data]) -> void end class EndOfContent < OpenSSL::ASN1::ASN1Data public def to_der: () -> String private def initialize: () -> void end class Enumerated < OpenSSL::ASN1::Primitive def value: () -> ::Integer def value=: (::Integer) -> ::Integer end class GeneralString < OpenSSL::ASN1::Primitive def value: () -> String def value=: (String) -> String end class GeneralizedTime < OpenSSL::ASN1::Primitive def value: () -> Time def value=: (Time) -> Time end class GraphicString < OpenSSL::ASN1::Primitive def value: () -> String def value=: (String) -> String end class IA5String < OpenSSL::ASN1::Primitive def value: () -> String def value=: (String) -> String end class ISO64String < OpenSSL::ASN1::Primitive def value: () -> String def value=: (String) -> String end class Integer < OpenSSL::ASN1::Primitive def value: () -> ::Integer def value=: (::Integer) -> ::Integer end class Null < OpenSSL::ASN1::Primitive def value: () -> nil def value=: (nil) -> nil end class NumericString < OpenSSL::ASN1::Primitive def value: () -> String def value=: (String) -> String end class ObjectId < OpenSSL::ASN1::Primitive def self.register: (String object_id, String short_name, String ong_name) -> bool def value: () -> String def value=: (String) -> String public def ==: (ObjectId other) -> bool def ln: () -> String? alias long_name ln def oid: () -> String alias short_name sn def sn: () -> String? end class OctetString < OpenSSL::ASN1::Primitive def value: () -> String def value=: (String) -> String end class Primitive < OpenSSL::ASN1::ASN1Data public def tagging: () -> tagging? def tagging=: (tagging) -> tagging def to_der: () -> String private def initialize: (untyped value, ?Integer tag, ?tagging tagging) -> void end class PrintableString < OpenSSL::ASN1::Primitive def value: () -> String def value=: (String) -> String end class Sequence < OpenSSL::ASN1::Constructive def value: () -> Array[ASN1Data] def value=: (Array[ASN1Data]) -> Array[ASN1Data] end class Set < OpenSSL::ASN1::Constructive end class T61String < OpenSSL::ASN1::Primitive def value: () -> String def value=: (String) -> String end class UTCTime < OpenSSL::ASN1::Primitive def value: () -> Time def value=: (Time) -> Time end class UTF8String < OpenSSL::ASN1::Primitive def value: () -> String def value=: (String) -> String end class UniversalString < OpenSSL::ASN1::Primitive def value: () -> String def value=: (String) -> String end class VideotexString < OpenSSL::ASN1::Primitive def value: () -> String def value=: (String) -> String end end type bn = BN | ::Integer class BN include Comparable def self.generate_prime: (::Integer bits, ?boolish safe, ?bn add, ?bn rem) -> instance def self.pseudo_rand: (*untyped) -> untyped def self.pseudo_rand_range: (untyped) -> untyped def self.rand: (*untyped) -> untyped def self.rand_range: (untyped) -> untyped public def %: (int) -> instance def *: (int) -> instance def **: (int) -> instance def +: (int) -> instance def +@: () -> instance def -: (int) -> instance def -@: () -> instance def /: (int) -> [instance, instance] def <<: (int) -> instance alias <=> cmp def ==: (untyped) -> bool alias === == def >>: (int) -> int def bit_set?: (int) -> bool def clear_bit!: (int) -> void def cmp: (Integer) -> Integer def coerce: (::Integer) -> Array[Integer] | (BN) -> Array[BN] def copy: (int) -> instance def eql?: (untyped other) -> bool def gcd: (int) -> instance def hash: () -> Integer def lshift!: (int bits) -> self def mask_bits!: (int) -> void def mod_add: (int, int) -> instance def mod_exp: (int, int) -> instance def mod_inverse: (int) -> instance def mod_mul: (int, int) -> instance def mod_sqr: (int) -> instance def mod_sub: (int, int) -> instance def negative?: () -> bool def num_bits: () -> ::Integer def num_bytes: () -> ::Integer def odd?: () -> bool def one?: () -> bool def pretty_print: (untyped q) -> untyped def prime?: (?int checks) -> bool def prime_fasttest?: (?int checks, ?int trial_div) -> bool def rshift!: (int bits) -> self def set_bit!: (int bit) -> self def sqr: () -> instance def to_bn: () -> self def to_i: () -> ::Integer alias to_int to_i def to_s: () -> String | (0) -> String | (2) -> String | (10) -> String | (16) -> String | (int base) -> String def ucmp: (int bn2) -> ::Integer def zero?: () -> bool private def initialize: (instance) -> void | (int) -> void | (String) -> void | (String, 0 | 2 | 10 | 16) -> void def initialize_copy: (instance other) -> instance end class BNError < OpenSSL::OpenSSLError end module Buffering include Enumerable[untyped] public def <<: (String s) -> self def close: () -> void def each: (?String eol) ?{ (String) -> void } -> void def each_byte: () ?{ (Integer) -> void } -> void alias each_line each alias eof eof? def eof?: () -> bool def flush: () -> self def getc: () -> String? def gets: (?(String | Regexp) eol, ?Integer limit) -> String? def print: (*untyped args) -> nil def printf: (String format_string, *untyped args) -> nil def puts: (*untyped args) -> nil def read: (?Integer? size, ?String buf) -> String? def read_nonblock: (Integer maxlen, ?String buf, ?exception: true) -> String | (Integer maxlen, ?String buf, exception: false) -> (String | :wait_writable | :wait_readable | nil) def readchar: () -> String def readline: (?String eol) -> String def readlines: (?String eol) -> ::Array[String] def readpartial: (Integer maxlen, ?String buf) -> String def sync: () -> bool def sync=: (boolish) -> void def ungetc: (String c) -> String def write: (*_ToS s) -> Integer def write_nonblock: (_ToS s, ?exception: true) -> Integer | (_ToS s, exception: false) -> (Integer | :wait_writable | :wait_readable | nil) private def consume_rbuff: (?untyped size) -> untyped def do_write: (untyped s) -> untyped def fill_rbuff: () -> untyped BLOCK_SIZE: Integer class Buffer < String BINARY: Encoding def <<: (String string) -> self alias concat << end end class Cipher def self.ciphers: () -> Array[String] public def auth_data=: (String) -> String def auth_tag: (?Integer tag_len) -> String def auth_tag=: (String) -> String def auth_tag_len=: (Integer) -> Integer def authenticated?: () -> bool def block_size: () -> Integer def decrypt: () -> self def encrypt: () -> self def final: () -> String def iv=: (String iv) -> String def iv_len: () -> Integer def iv_len=: (Integer) -> Integer def key=: (String key) -> String def key_len: () -> Integer def key_len=: (Integer) -> Integer def name: () -> String def padding=: (Integer) -> Integer def pkcs5_keyivgen: (String pass, ?String salt, ?Integer iterations, ?String digest) -> void def random_iv: () -> String def random_key: () -> String def reset: () -> self def update: (String data, ?String buffer) -> String private def ciphers: () -> Array[String] def initialize: (String cipher_name) -> void def initialize_copy: (untyped) -> untyped class AES < OpenSSL::Cipher private def initialize: (*_ToS args) -> void end class AES128 < OpenSSL::Cipher private def initialize: (?_ToS mode) -> void end class AES192 < OpenSSL::Cipher private def initialize: (?_ToS mode) -> void end class AES256 < OpenSSL::Cipher private def initialize: (?_ToS mode) -> void end class BF < OpenSSL::Cipher private def initialize: (*_ToS args) -> void end class CAST5 < OpenSSL::Cipher private def initialize: (*_ToS args) -> void end class Cipher < OpenSSL::Cipher end class CipherError < OpenSSL::OpenSSLError end class DES < OpenSSL::Cipher private def initialize: (*_ToS args) -> void end class IDEA < OpenSSL::Cipher private def initialize: (*_ToS args) -> void end class RC2 < OpenSSL::Cipher private def initialize: (*_ToS args) -> void end class RC4 < OpenSSL::Cipher private def initialize: (*_ToS args) -> void end class RC5 < OpenSSL::Cipher private def initialize: (*_ToS args) -> void end end class Config include Enumerable[[String, String, String]] def self.load: (?_ToS filename) -> instance def self.parse: (String string) -> instance def self.parse_config: (IO io) -> Hash[String, Hash[String, String]] public def []: (String section) -> Hash[String, String] def []=: (String section, _Each[[String, String]] pairs) -> _Each[[String, String]] def add_value: (String section, untyped key, untyped value) -> untyped def each: () { ([String, String, String] args0) -> void } -> self def get_value: (String section, String key) -> String? def inspect: () -> String def section: (String name) -> Hash[String, String] def sections: () -> Array[String] def to_s: () -> String private def initialize: (?_ToS filename) -> void def initialize_copy: (instance other) -> void DEFAULT_CONFIG_FILE: String end class ConfigError < OpenSSL::OpenSSLError end class Digest def self.digest: (String name, String data) -> String public alias << update def block_length: () -> Integer def digest: () -> String def digest_length: () -> Integer def hexdigest: () -> String def name: () -> String def reset: () -> self def update: (String data) -> self private def finish: (*untyped) -> untyped def initialize: (String name, ?String data) -> void def initialize_copy: (instance) -> void class Digest < OpenSSL::Digest end class DigestError < OpenSSL::OpenSSLError end class MD4 < OpenSSL::Digest def self.digest: (String data) -> String def self.hexdigest: (String data) -> String private def initialize: (?String data) -> void end class MD5 < OpenSSL::Digest def self.digest: (String data) -> String def self.hexdigest: (String data) -> String private def initialize: (?String data) -> void end class RIPEMD160 < OpenSSL::Digest def self.digest: (String data) -> String def self.hexdigest: (String data) -> String private def initialize: (?String data) -> void end class SHA1 < OpenSSL::Digest def self.digest: (String data) -> String def self.hexdigest: (String data) -> String private def initialize: (?String data) -> void end class SHA224 < OpenSSL::Digest def self.digest: (String data) -> String def self.hexdigest: (String data) -> String private def initialize: (?String data) -> void end class SHA256 < OpenSSL::Digest def self.digest: (String data) -> String def self.hexdigest: (String data) -> String private def initialize: (?String data) -> void end class SHA384 < OpenSSL::Digest def self.digest: (String data) -> String def self.hexdigest: (String data) -> String private def initialize: (?String data) -> void end class SHA512 < OpenSSL::Digest def self.digest: (String data) -> String def self.hexdigest: (String data) -> String private def initialize: (?String data) -> void end end class Engine def self.by_id: (String name) -> instance def self.cleanup: () -> void def self.engines: () -> Array[instance] def self.load: (?String name) -> (true | nil) public def cipher: (String cipher) -> Cipher def cmds: () -> Array[[String, String, String]] def ctrl_cmd: (String cmd, ?String value) -> self def digest: (String digest) -> Digest def finish: () -> nil def id: () -> String def inspect: () -> String def load_private_key: (?String id, ?String data) -> PKey::PKey def load_public_key: (?String id, ?String data) -> PKey::PKey def name: () -> String def set_default: (Integer flag) -> bool METHOD_ALL: Integer METHOD_CIPHERS: Integer METHOD_DH: Integer METHOD_DIGESTS: Integer METHOD_DSA: Integer METHOD_NONE: Integer METHOD_RAND: Integer METHOD_RSA: Integer class EngineError < OpenSSL::OpenSSLError end end module ExtConfig HAVE_TLSEXT_HOST_NAME: bool OPENSSL_NO_SOCK: bool end class HMAC def self.digest: (String algo, String key, String data) -> String def self.hexdigest: (String algo, String key, String data) -> String public alias << update def ==: (instance other) -> bool def digest: () -> String def hexdigest: () -> String alias inspect hexdigest def reset: () -> self alias to_s hexdigest def update: (String data) -> self private def initialize: (String key, Digest digest) -> void def initialize_copy: (instance) -> void end class HMACError < OpenSSL::OpenSSLError end module KDF def self.hkdf: (String ikm, salt: String, info: String, length: Integer, hash: String) -> String def self.pbkdf2_hmac: (String pass, salt: String, iterations: Integer, length: Integer, hash: String | Digest) -> String def self.scrypt: (String pass, salt: String, N: Integer, r: Integer, p: Integer, length: Integer) -> String private def hkdf: (*untyped) -> untyped def pbkdf2_hmac: (*untyped) -> untyped def scrypt: (*untyped) -> untyped class KDFError < OpenSSL::OpenSSLError end end module Marshal def self.included: (untyped base) -> untyped public def _dump: (untyped _level) -> untyped module ClassMethods public def _load: (untyped string) -> untyped end end module Netscape class SPKI public def challenge: () -> String def challenge=: (String) -> String def public_key: () -> PKey::PKey def public_key=: (PKey::PKey) -> PKey::PKey def sign: (PKey::PKey key, Digest digest) -> instance def to_der: () -> String def to_pem: () -> String alias to_s to_pem def to_text: () -> String def verify: (PKey::PKey key) -> bool private def initialize: (?String request) -> void end class SPKIError < OpenSSL::OpenSSLError end end module OCSP NOCASIGN: Integer NOCERTS: Integer NOCHAIN: Integer NOCHECKS: Integer NODELEGATED: Integer NOEXPLICIT: Integer NOINTERN: Integer NOSIGS: Integer NOTIME: Integer NOVERIFY: Integer RESPID_KEY: Integer RESPONSE_STATUS_INTERNALERROR: Integer RESPONSE_STATUS_MALFORMEDREQUEST: Integer RESPONSE_STATUS_SIGREQUIRED: Integer RESPONSE_STATUS_SUCCESSFUL: Integer RESPONSE_STATUS_TRYLATER: Integer RESPONSE_STATUS_UNAUTHORIZED: Integer REVOKED_STATUS_AFFILIATIONCHANGED: Integer REVOKED_STATUS_CACOMPROMISE: Integer REVOKED_STATUS_CERTIFICATEHOLD: Integer REVOKED_STATUS_CESSATIONOFOPERATION: Integer REVOKED_STATUS_KEYCOMPROMISE: Integer REVOKED_STATUS_NOSTATUS: Integer REVOKED_STATUS_REMOVEFROMCRL: Integer REVOKED_STATUS_SUPERSEDED: Integer REVOKED_STATUS_UNSPECIFIED: Integer TRUSTOTHER: Integer V_CERTSTATUS_GOOD: Integer V_CERTSTATUS_REVOKED: Integer V_CERTSTATUS_UNKNOWN: Integer V_RESPID_KEY: Integer V_RESPID_NAME: Integer type ocsp_status = Integer class BasicResponse public def add_nonce: (?String nonce) -> self def add_status: (CertificateId certificate_id, ocsp_status status, Integer? reason, Integer? revocation_time, ?(Integer | Time) this_update, ?(Integer | Time) next_update, ?Array[X509::Extension] extensions) -> self def copy_nonce: (Request request) -> Integer def find_response: (CertificateId certificate_id) -> SingleResponse? def responses: () -> Array[SingleResponse] def sign: (X509::Certificate cert, PKey::PKey key, ?Array[X509::Certificate] certs, ?Integer flags, ?Digest digest) -> self def status: () -> Integer def to_der: () -> String def verify: (Array[X509::Certificate] certs, X509::Store store, ?Integer flags) -> bool private def initialize: (?String der) -> void def initialize_copy: (instance) -> void end class CertificateId public def cmp: (instance other) -> bool def cmp_issuer: (instance other) -> bool def hash_algorithm: () -> String def issuer_key_hash: () -> String def issuer_name_hash: () -> String def serial: () -> Integer def to_der: () -> String private def initialize: (String | ASN1::_ToDer der) -> void | (X509::Certificate subject, X509::Certificate issuer, ?Digest digest) -> void def initialize_copy: (instance) -> void end class OCSPError < OpenSSL::OpenSSLError end class Request public def add_certid: (CertificateId certificate_id) -> self def add_nonce: (?String nonce) -> self def certid: () -> Array[CertificateId] def check_nonce: (Response response) -> (-1 | 0 | 1 | 2 | 3) def sign: (X509::Certificate cert, PKey::PKey key, ?Array[X509::Certificate] certs, ?Integer flags, ?Digest digest) -> self def signed?: () -> bool def to_der: () -> String def verify: (Array[X509::Certificate] certs, X509::Store store, ?Integer flags) -> bool private def initialize: (?String der) -> void def initialize_copy: (instance) -> void end class Response def self.create: (Integer status, ?BasicResponse response) -> instance public def basic: () -> BasicResponse? def status: () -> Integer def status_string: () -> String def to_der: () -> String private def initialize: (?String der) -> void def initialize_copy: (instance) -> void end class SingleResponse public def cert_status: () -> ocsp_status def certid: () -> CertificateId def check_validity: (?Integer nsec, ?Integer maxsec) -> bool def extensions: () -> Array[X509::Certificate] def next_update: () -> Time? def revocation_reason: () -> Integer? def revocation_time: () -> Time? def this_update: () -> Time def to_der: () -> String private def initialize: (String der) -> void def initialize_copy: (instance) -> void end end class OpenSSLError < StandardError end class PKCS12 def self.create: (String pass, String name, PKey::PKey key, X509::Certificate cert, ?Array[X509::Certificate]? ca, ?String? key_pbe, ?String? cert_pbe, ?Integer? key_iter, ?Integer? mac_iter, ?Integer? keytype) -> instance public def ca_certs: () -> Array[X509::Certificate]? def certificate: () -> X509::Certificate def key: () -> PKey::PKey def to_der: () -> String private def initialize: (?String der, ?String pass) -> void def initialize_copy: (instance) -> void class PKCS12Error < OpenSSL::OpenSSLError end end module PKCS5 def self.pbkdf2_hmac: (String pass, String salt, Integer iter, Integer keylen, String | Digest digest) -> String def self.pbkdf2_hmac_sha1: (String pass, String salt, Integer iter, Integer keylen) -> String private def pbkdf2_hmac: (untyped pass, untyped salt, untyped iter, untyped keylen, untyped digest) -> untyped def pbkdf2_hmac_sha1: (untyped pass, untyped salt, untyped iter, untyped keylen) -> untyped end class PKCS7 def self.encrypt: (X509::Certificate certs, String data, ?Cipher cipher, ?Integer flags) -> instance def self.read_smime: (String ) -> instance def self.sign: (X509::Certificate certs,PKey::PKey key, String data, ?OpenSSL::Cipher cipher, ?Integer flags) -> instance def self.write_smime: (instance pkcs7, ?String data, ?Integer flags) -> String public def add_certificate: (X509::Certificate cert) -> self def add_crl: (X509::CRL crl) -> self def add_data: (String data) -> self def add_recipient: (RecipientInfo recipient) -> self def add_signer: (SignerInfo signer) -> self def certificates: () -> Array[X509::Certificate]? def certificates=: (Array[X509::Certificate]) -> self def cipher=: (Cipher cipher) -> self def crls: () -> Array[X509::CRL]? def crls=: (Array[X509::CRL]) -> self def data: () -> String? alias data= add_data def decrypt: (PKey::PKey p1, ?PKey::PKey p2, ?PKey::PKey p3) -> String def detached: () -> bool def detached=: [U] (boolish) -> U def detached?: () -> bool def error_string: () -> String? def error_string=: (String) -> String def recipients: () -> Array[RecipientInfo] def signers: () -> Array[SignerInfo] def to_der: () -> String def to_pem: () -> String alias to_s to_pem def type: () -> String? def type=: (String) -> String def verify: (PKey::PKey p1, PKey::PKey p2, ?PKey::PKey p3, ?PKey::PKey p4) -> bool private def initialize: (?String der) -> void def initialize_copy: (instance) -> untyped BINARY: Integer DETACHED: Integer NOATTR: Integer NOCERTS: Integer NOCHAIN: Integer NOINTERN: Integer NOSIGS: Integer NOSMIMECAP: Integer NOVERIFY: Integer TEXT: Integer class PKCS7Error < OpenSSL::OpenSSLError end class RecipientInfo public def enc_key: () -> PKey::PKey def issuer: () -> X509::Name def serial: () -> Integer private def initialize: (X509::Certificate certificate) -> void end class SignerInfo public def issuer: () -> X509::Name def serial: () -> Integer def signed_time: () -> Time? private def initialize: (X509::Certificate certificate, PKey::PKey key, Digest digest) -> void end end module PKey def self?.read: (String | IO pem, ?String password) -> PKey class DH < OpenSSL::PKey::PKey include OpenSSL::Marshal extend OpenSSL::Marshal::ClassMethods def self.generate: (Integer size, ?Integer generator) -> instance public def compute_key: (bn pub_bn) -> String def export: () -> String def g: () -> BN? def generate_key!: () -> self def p: () -> BN def params: () -> Hash[String, BN] def params_ok?: () -> bool def priv_key: () -> BN def private?: () -> bool def pub_key: () -> BN def public?: () -> bool def public_key: () -> instance def q: () -> BN def set_key: (bn pub_key, bn? priv_key) -> self def set_pqg: (bn p, bn q, bn g) -> self def to_der: () -> String alias to_pem export alias to_s export def to_text: () -> String private def initialize: (Integer size, ?Integer generator) -> void | (String pem) -> void | () -> void def initialize_copy: (instance) -> void end class DHError < OpenSSL::PKey::PKeyError end class DSA < OpenSSL::PKey::PKey include OpenSSL::Marshal extend OpenSSL::Marshal::ClassMethods def self.generate: (Integer size) -> instance public def export: (String cipher, String password) -> String | () -> String def g: () -> BN def p: () -> BN def params: () -> Hash[String, BN] def priv_key: () -> BN def private?: () -> bool def pub_key: () -> BN def public?: () -> bool def public_key: () -> instance def q: () -> BN def set_key: (bn pub_key, bn? priv_key) -> self def set_pqg: (bn p, bn q, bn g) -> self def syssign: (String digest) -> String def sysverify: (String digest, String data) -> bool def to_der: () -> String alias to_pem export alias to_s export def to_text: () -> String private def initialize: (String pem, ?String pass) -> void | (?Integer size) -> void def initialize_copy: (instance) -> void end class DSAError < OpenSSL::PKey::PKeyError end class EC < OpenSSL::PKey::PKey include OpenSSL::Marshal extend OpenSSL::Marshal::ClassMethods def self.builtin_curves: () -> Array[[String, String]] def self.generate: (String | Group pem_or_der_or_group_or_curve_name) -> instance public def check_key: () -> true def dh_compute_key: (Point public_key) -> String def dsa_sign_asn1: (String digest) -> String def dsa_verify_asn1: (String digest, String signature) -> bool def export: (String cipher, String password) -> String | () -> String alias generate_key generate_key! def generate_key!: () -> self def group: () -> Group? def group=: (Group) -> Group def private?: () -> bool def private_key: () -> BN? def private_key=: (bn priv_key) -> self alias private_key? private? def public?: () -> bool def public_key: () -> Point? def public_key=: (bn priv_key) -> self alias public_key? public? def to_der: () -> String alias to_pem export def to_text: () -> String private def initialize: (instance ec_key) -> void | (Group group) -> void | (String pem_or_der_or_curve, ?String pass) -> void def initialize_copy: (instance) -> void EXPLICIT_CURVE: Integer NAMED_CURVE: Integer type ec_method = :GFp_simple | :GFp_mont | :GFp_nist | :GF2m_simple type point_conversion_format = :compressed | :uncompressed | :hybrid class Group public alias == eql? def asn1_flag: () -> Integer def asn1_flag=: (Integer) -> Integer def cofactor: () -> BN def curve_name: () -> String def degree: () -> Integer def eql?: (instance other) -> bool def generator: () -> Point? def order: () -> BN def point_conversion_form: () -> point_conversion_format def point_conversion_form=: (point_conversion_format format) -> point_conversion_format def seed: () -> String? def seed=: (String seed) -> String def set_generator: ( Point generator, Integer order, Integer cofactor) -> self def to_der: () -> String def to_pem: () -> String def to_text: () -> String private def initialize: (instance group) -> void | (String pem_or_der_encoded) -> void | (ec_method ec_method) -> void | (:GFp | :GF2m ec_method, Integer bignum_p, Integer bignum_a, Integer bignum_b) -> void def initialize_copy: (instance) -> void class Error < OpenSSL::OpenSSLError end end class Point public alias == eql? def add: (instance point) -> instance def eql?: (instance other) -> bool def group: () -> Group def infinity?: () -> bool def invert!: () -> self def make_affine!: () -> self def mul: (bn bn1, ?bn bn2) -> instance | (Array[bn] bns, Array[instance], ?bn bn2) -> instance def on_curve?: () -> bool def set_to_infinity!: () -> self def to_bn: (?point_conversion_format conversion_form) -> BN def to_octet_string: (point_conversion_format) -> String private def initialize: (instance point) -> void | (Group group, ?(String | BN) encoded_point) -> void def initialize_copy: (instance) -> void class Error < OpenSSL::OpenSSLError end end end class ECError < OpenSSL::PKey::PKeyError end class PKey public def inspect: () -> String def oid: () -> String def private_to_der: (String cipher, String password) -> String | () -> String def private_to_pem: (String cipher, String password) -> String | () -> String def public_to_der: () -> String def public_to_pem: () -> String def sign: (Digest digest, String data) -> String def verify: (Digest digest, String signature, String data) -> bool private def initialize: () -> void end class PKeyError < OpenSSL::OpenSSLError end class RSA < OpenSSL::PKey::PKey include OpenSSL::Marshal extend OpenSSL::Marshal::ClassMethods def self.generate: (Integer size, ?Integer exponent) -> instance public def d: () -> BN? def dmp1: () -> BN? def dmq1: () -> BN? def e: () -> BN? def export: (String cipher, String password) -> String | () -> String def iqmp: () -> BN? def n: () -> BN? def p: () -> BN? def params: () -> Hash[String, BN] def private?: () -> bool def private_decrypt: (String data, ?Integer padding) -> String def private_encrypt: (String data, ?Integer padding) -> String def public?: () -> bool def public_decrypt: (String data, ?Integer padding) -> String def public_encrypt: (String data, ?Integer padding) -> String def public_key: () -> instance def q: () -> BN? def set_crt_params: (bn dmp1, bn dmq1, bn iqmp) -> self def set_factors: (bn p, bn q) -> self def set_key: (bn n, bn e, bn d) -> self def sign_pss: (String digest, String data, salt_length: :digest | :max | Integer, mgf1_hash: String) -> String def to_der: () -> String alias to_pem export alias to_s export def to_text: () -> String def verify_pss: (String digest, String signature, String data, salt_length: :auto | :digest | Integer, mgf1_hash: String) -> bool private def initialize: (Integer key_size) -> void | (String encoded_key, ?String pass_phrase) -> void def initialize_copy: (instance) -> void NO_PADDING: Integer PKCS1_OAEP_PADDING: Integer PKCS1_PADDING: Integer SSLV23_PADDING: Integer end class RSAError < OpenSSL::PKey::PKeyError end end module Random def self.load_random_file: (String filename) -> true def self.random_add: (String str, Numeric entropy) -> self def self.random_bytes: (Integer length) -> String def self.seed: (String seed) -> String def self.status?: () -> bool def self.write_random_file: (String filename) -> true class RandomError < OpenSSL::OpenSSLError end end module SSL def self.verify_certificate_identity: (X509::Certificate cert, String hostname) -> bool def self.verify_hostname: (String hostname, String san) -> bool def self.verify_wildcard: (String domain_component, String san_component) -> bool OP_ALL: Integer OP_ALLOW_NO_DHE_KEX: Integer OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION: Integer OP_CIPHER_SERVER_PREFERENCE: Integer OP_CRYPTOPRO_TLSEXT_BUG: Integer OP_DONT_INSERT_EMPTY_FRAGMENTS: Integer OP_EPHEMERAL_RSA: Integer OP_LEGACY_SERVER_CONNECT: Integer OP_MICROSOFT_BIG_SSLV3_BUFFER: Integer OP_MICROSOFT_SESS_ID_BUG: Integer OP_MSIE_SSLV2_RSA_PADDING: Integer OP_NETSCAPE_CA_DN_BUG: Integer OP_NETSCAPE_CHALLENGE_BUG: Integer OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG: Integer OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG: Integer OP_NO_COMPRESSION: Integer OP_NO_ENCRYPT_THEN_MAC: Integer OP_NO_RENEGOTIATION: Integer OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION: Integer OP_NO_SSLv2: Integer OP_NO_SSLv3: Integer OP_NO_TICKET: Integer OP_NO_TLSv1: Integer OP_NO_TLSv1_1: Integer OP_NO_TLSv1_2: Integer OP_NO_TLSv1_3: Integer OP_PKCS1_CHECK_1: Integer OP_PKCS1_CHECK_2: Integer OP_SAFARI_ECDHE_ECDSA_BUG: Integer OP_SINGLE_DH_USE: Integer OP_SINGLE_ECDH_USE: Integer OP_SSLEAY_080_CLIENT_DH_BUG: Integer OP_SSLREF2_REUSE_CERT_TYPE_BUG: Integer OP_TLSEXT_PADDING: Integer OP_TLS_BLOCK_PADDING_BUG: Integer OP_TLS_D5_BUG: Integer OP_TLS_ROLLBACK_BUG: Integer SSL2_VERSION: Integer SSL3_VERSION: Integer TLS1_1_VERSION: Integer TLS1_2_VERSION: Integer TLS1_3_VERSION: Integer TLS1_VERSION: Integer VERIFY_CLIENT_ONCE: Integer VERIFY_FAIL_IF_NO_PEER_CERT: Integer VERIFY_NONE: Integer VERIFY_PEER: Integer type tls_version = Symbol | Integer type verify_mode = Integer class SSLContext public def add_certificate: (X509::Certificate certificate, PKey::PKey pkey, ?Array[X509::Certificate] extra_certs) -> self def alpn_protocols: () -> Array[String]? def alpn_protocols=: (Array[String]) -> Array[String] def alpn_select_cb: () -> (^(Array[String]) -> String? | nil) def alpn_select_cb=: (^(Array[String]) -> String? alpn_select_callback) -> void def ca_file: () -> String def ca_file=: (String ca_file) -> String def ca_path: () -> String? def ca_path=: (String ca_path) -> String def cert: () -> X509::Certificate? def cert=: ( X509::Certificate cert) -> X509::Certificate def cert_store: () -> X509::Store? def cert_store=: (X509::Store store) -> X509::Store def ciphers: () -> Array[[String, String, Integer, Integer]] def ciphers=: (Array[[String, String, Integer, Integer]] ciphers) -> void | (Array[String] ciphers) -> void | (String colon_sep_ciphers) -> void def client_ca: () -> (Array[X509::Certificate] | X509::Certificate) def client_ca=: (Array[X509::Certificate] | X509::Certificate client_ca) -> void def client_cert_cb: () -> (^(Session) -> [X509::Certificate, PKey::PKey]? | nil) def client_cert_cb=: (^(Session) -> [X509::Certificate, PKey::PKey]? client_cert_cb) -> void def ecdh_curves=: (String ecdh_curves) -> String def enable_fallback_scsv: () -> nil def extra_chain_cert: () -> Array[X509::Certificate]? def extra_chain_cert=: (Array[X509::Certificate] extra_certs) -> Array[X509::Certificate] def flush_sessions: (Time time) -> self alias freeze setup def key: () -> PKey::PKey? def key=: (PKey::PKey) -> PKey::PKey def max_version=: (tls_version version) -> tls_version def min_version=: (tls_version version) -> tls_version def npn_protocols: () -> untyped def npn_protocols=: (untyped) -> untyped def npn_select_cb: () -> untyped def npn_select_cb=: (untyped) -> untyped def options: () -> Integer def options=: (Integer ssl_options) -> Integer def renegotiation_cb: () -> (^(SSLSocket) -> void | nil) def renegotiation_cb=: (^(SSLSocket) -> void) -> void def security_level: () -> Integer def security_level=: (Integer sec_level) -> Integer def servername_cb: () -> (^(SSLSocket, String) -> SSLContext? | nil) def servername_cb=: (^(SSLSocket, String) -> SSLContext?) -> ^(SSLSocket, String) -> SSLContext? def session_add: (Session) -> bool def session_cache_mode: () -> Integer def session_cache_mode=: (Integer) -> Integer def session_cache_size: () -> Integer def session_cache_size=: (Integer) -> Integer def session_cache_stats: () -> Hash[Symbol, Integer] def session_get_cb: () -> (^(SSLSocket, Integer) -> Session? | nil) def session_get_cb=: (^(SSLSocket, Integer) -> Session?) -> void def session_id_context: () -> Integer? def session_id_context=: (Integer) -> Integer def session_new_cb: () -> (^(SSLSocket) -> untyped | nil) def session_new_cb=: (^(SSLSocket) -> untyped) -> ^(SSLSocket) -> untyped def session_remove: (Session session) -> bool def session_remove_cb: () -> (^(SSLContext, Session) -> void | nil) def session_remove_cb=: (^(SSLContext, Session) -> void ) -> void def set_params: (?untyped params) -> untyped def setup: () -> untyped alias ssl_timeout timeout alias ssl_timeout= timeout= def ssl_version=: (tls_version meth) -> tls_version def timeout: () -> Integer? def timeout=: (Integer) -> Integer def tmp_dh_callback: () -> (^(Session, Integer, Integer) -> PKey::DH | nil) def tmp_dh_callback=: (^(Session, Integer, Integer) -> PKey::DH) -> void def verify_callback: () -> (^(bool, X509::StoreContext) -> untyped | nil) def verify_callback=: (^(bool, X509::StoreContext) -> untyped) -> void def verify_depth: () -> Integer? def verify_depth=: (Integer) -> Integer def verify_hostname: () -> bool? def verify_hostname=: [U] (boolish) -> U def verify_mode: () -> verify_mode? def verify_mode=: (verify_mode) -> verify_mode private def initialize: (?tls_version version) -> void def set_minmax_proto_version: (untyped, untyped) -> untyped DEFAULT_CERT_STORE: X509::Store DEFAULT_PARAMS: Hash[Symbol, untyped] DEFAULT_TMP_DH_CALLBACK: Proc METHODS: Array[Symbol] SESSION_CACHE_BOTH: Integer SESSION_CACHE_CLIENT: Integer SESSION_CACHE_NO_AUTO_CLEAR: Integer SESSION_CACHE_NO_INTERNAL: Integer SESSION_CACHE_NO_INTERNAL_LOOKUP: Integer SESSION_CACHE_NO_INTERNAL_STORE: Integer SESSION_CACHE_OFF: Integer SESSION_CACHE_SERVER: Integer end class SSLError < OpenSSL::OpenSSLError end class SSLErrorWaitReadable < OpenSSL::SSL::SSLError include IO::WaitReadable end class SSLErrorWaitWritable < OpenSSL::SSL::SSLError include IO::WaitWritable end class SSLServer include OpenSSL::SSL::SocketForwarder public def accept: () -> SSLSocket def close: () -> nil def listen: (Integer backlog) -> void def shutdown: (Symbol | String | Integer how) -> void def start_immediately: () -> bool def start_immediately=: [U] (boolish) -> U def to_io: () -> (TCPServer | UNIXServer) private def initialize: (TCPServer | UNIXServer svr, untyped ctx) -> void end class SSLSocket include OpenSSL::SSL::SocketForwarder include OpenSSL::Buffering def self.open: (untyped remote_host, untyped remote_port, ?untyped local_host, ?untyped local_port, ?context: untyped) -> untyped public def accept: () -> self def accept_nonblock: (?exception: true) -> self | (exception: false) -> (self | :wait_readable | :wait_writable) def alpn_protocol: () -> String? def cert: () -> X509::Certificate? def cipher: () -> [String, String, Integer, Integer]? def client_ca: () -> (Array[X509::Name] | Array[X509::Certificate] | X509::Certificate) def connect: () -> self def connect_nonblock: (?exception: true) -> self | (exception: false) -> (self | :wait_readable | :wait_writable) def context: () -> SSLContext def finished_message: () -> String? def hostname: () -> String? def hostname=: (String) -> String def io: () -> BasicSocket def npn_protocol: () -> String? def peer_cert: () -> X509::Certificate? def peer_cert_chain: () -> Array[X509::Certificate]? def peer_finished_message: () -> String? def pending: () -> Integer def post_connection_check: (String hostname) -> true def session: () -> Session? def session=: (Session) -> Session def session_reused?: () -> bool def ssl_version: () -> tls_version def state: () -> String def sync_close: () -> bool def sync_close=: [U] (boolish) -> U def sysclose: () -> nil def sysread: (Integer length, ?String buffer) -> String def syswrite: (String data) -> Integer def tmp_key: () -> PKey::PKey? alias to_io io def verify_result: () -> Integer private def client_cert_cb: () -> untyped def initialize: (*untyped) -> void def session_get_cb: () -> untyped def session_new_cb: () -> untyped def stop: () -> untyped def sysread_nonblock: (*untyped) -> untyped def syswrite_nonblock: (*untyped) -> untyped def tmp_dh_callback: () -> untyped def tmp_ecdh_callback: () -> untyped def using_anon_cipher?: () -> untyped end class Session public def ==: (instance other) -> bool def id: () -> String def time: () -> Time def time=: (Time | Integer start_time) -> Time def timeout: () -> Integer def timeout=: (Integer timeout) -> Integer def to_der: () -> String def to_pem: () -> String def to_text: () -> String private def initialize: (SSLSocket | String sock_or_str) -> void def initialize_copy: (instance) -> void class SessionError < OpenSSL::OpenSSLError end end module SocketForwarder public def addr: () -> Addrinfo? def closed?: () -> untyped def do_not_reverse_lookup=: (boolish flag) -> boolish def fcntl: (*untyped args) -> untyped def fileno: () -> Integer def getsockopt: (Symbol | Integer level, Symbol | Integer optname) -> (Integer | boolish | String) def peeraddr: () -> untyped def setsockopt: (untyped level, untyped optname, untyped optval) -> untyped end end module Timestamp class Factory public def additional_certs: () -> Array[X509::Certificate]? def additional_certs=: (Array[X509::Certificate]? certs) -> Array[X509::Certificate]? def allowed_digests: () -> Array[String | Digest]? def allowed_digests=: (Array[String | Digest]) -> Array[String | Digest] def create_timestamp: (PKey::PKey key, X509::Certificate cert, Request request) -> Response def default_policy_id: () -> String? def default_policy_id=: (String) -> String def gen_time: () -> Time? def gen_time=: (Time) -> Time def serial_number: () -> Integer? def serial_number=: (Integer) -> Integer end class Request public def algorithm: () -> String def algorithm=: (String) -> String def cert_requested=: [U] (boolish) -> U def cert_requested?: () -> bool def message_imprint: () -> String? def message_imprint=: (String) -> String def nonce: () -> BN? def nonce=: (bn nonce) -> BN def policy_id: () -> String? def policy_id=: (String policy_id) -> String def to_der: () -> String def version: () -> Integer def version=: (Integer) -> Integer private def initialize: (?(File | String) request_der) -> void end class Response public def failure_info: () -> Symbol? def status: () -> BN def status_text: () -> Array[String]? def to_der: () -> String def token: () -> PKCS7? def token_info: () -> TokenInfo? def tsa_certificate: () -> X509::Certificate? def verify: (Request request, X509::Store store, ?X509::Certificate intermediate_cert) -> instance private def initialize: (File | String response_der) -> void GRANTED: Integer GRANTED_WITH_MODS: Integer REJECTION: Integer REVOCATION_NOTIFICATION: Integer REVOCATION_WARNING: Integer WAITING: Integer end class TimestampError < OpenSSL::OpenSSLError end class TokenInfo public def algorithm: () -> String? def gen_time: () -> Time def message_imprint: () -> String def nonce: () -> BN? def ordering: () -> bool? def policy_id: () -> String? def serial_number: () -> BN? def to_der: () -> String def version: () -> Integer private def initialize: (File | String token_der) -> void end end module X509 DEFAULT_CERT_AREA: String DEFAULT_CERT_DIR: String DEFAULT_CERT_DIR_ENV: String DEFAULT_CERT_FILE: String DEFAULT_CERT_FILE_ENV: String DEFAULT_PRIVATE_DIR: String PURPOSE_ANY: Integer PURPOSE_CRL_SIGN: Integer PURPOSE_NS_SSL_SERVER: Integer PURPOSE_OCSP_HELPER: Integer PURPOSE_SMIME_ENCRYPT: Integer PURPOSE_SMIME_SIGN: Integer PURPOSE_SSL_CLIENT: Integer PURPOSE_SSL_SERVER: Integer PURPOSE_TIMESTAMP_SIGN: Integer TRUST_COMPAT: Integer TRUST_EMAIL: Integer TRUST_OBJECT_SIGN: Integer TRUST_OCSP_REQUEST: Integer TRUST_OCSP_SIGN: Integer TRUST_SSL_CLIENT: Integer TRUST_SSL_SERVER: Integer TRUST_TSA: Integer V_ERR_AKID_ISSUER_SERIAL_MISMATCH: Integer V_ERR_AKID_SKID_MISMATCH: Integer V_ERR_APPLICATION_VERIFICATION: Integer V_ERR_CA_KEY_TOO_SMALL: Integer V_ERR_CA_MD_TOO_WEAK: Integer V_ERR_CERT_CHAIN_TOO_LONG: Integer V_ERR_CERT_HAS_EXPIRED: Integer V_ERR_CERT_NOT_YET_VALID: Integer V_ERR_CERT_REJECTED: Integer V_ERR_CERT_REVOKED: Integer V_ERR_CERT_SIGNATURE_FAILURE: Integer V_ERR_CERT_UNTRUSTED: Integer V_ERR_CRL_HAS_EXPIRED: Integer V_ERR_CRL_NOT_YET_VALID: Integer V_ERR_CRL_PATH_VALIDATION_ERROR: Integer V_ERR_CRL_SIGNATURE_FAILURE: Integer V_ERR_DANE_NO_MATCH: Integer V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: Integer V_ERR_DIFFERENT_CRL_SCOPE: Integer V_ERR_EE_KEY_TOO_SMALL: Integer V_ERR_EMAIL_MISMATCH: Integer V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: Integer V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: Integer V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: Integer V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: Integer V_ERR_EXCLUDED_VIOLATION: Integer V_ERR_HOSTNAME_MISMATCH: Integer V_ERR_INVALID_CA: Integer V_ERR_INVALID_CALL: Integer V_ERR_INVALID_EXTENSION: Integer V_ERR_INVALID_NON_CA: Integer V_ERR_INVALID_POLICY_EXTENSION: Integer V_ERR_INVALID_PURPOSE: Integer V_ERR_IP_ADDRESS_MISMATCH: Integer V_ERR_KEYUSAGE_NO_CERTSIGN: Integer V_ERR_KEYUSAGE_NO_CRL_SIGN: Integer V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE: Integer V_ERR_NO_EXPLICIT_POLICY: Integer V_ERR_NO_VALID_SCTS: Integer V_ERR_OCSP_CERT_UNKNOWN: Integer V_ERR_OCSP_VERIFY_FAILED: Integer V_ERR_OCSP_VERIFY_NEEDED: Integer V_ERR_OUT_OF_MEM: Integer V_ERR_PATH_LENGTH_EXCEEDED: Integer V_ERR_PATH_LOOP: Integer V_ERR_PERMITTED_VIOLATION: Integer V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED: Integer V_ERR_PROXY_PATH_LENGTH_EXCEEDED: Integer V_ERR_PROXY_SUBJECT_NAME_VIOLATION: Integer V_ERR_SELF_SIGNED_CERT_IN_CHAIN: Integer V_ERR_STORE_LOOKUP: Integer V_ERR_SUBJECT_ISSUER_MISMATCH: Integer V_ERR_SUBTREE_MINMAX: Integer V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256: Integer V_ERR_SUITE_B_INVALID_ALGORITHM: Integer V_ERR_SUITE_B_INVALID_CURVE: Integer V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM: Integer V_ERR_SUITE_B_INVALID_VERSION: Integer V_ERR_SUITE_B_LOS_NOT_ALLOWED: Integer V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: Integer V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: Integer V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: Integer V_ERR_UNABLE_TO_GET_CRL: Integer V_ERR_UNABLE_TO_GET_CRL_ISSUER: Integer V_ERR_UNABLE_TO_GET_ISSUER_CERT: Integer V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: Integer V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: Integer V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION: Integer V_ERR_UNHANDLED_CRITICAL_EXTENSION: Integer V_ERR_UNNESTED_RESOURCE: Integer V_ERR_UNSPECIFIED: Integer V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX: Integer V_ERR_UNSUPPORTED_CONSTRAINT_TYPE: Integer V_ERR_UNSUPPORTED_EXTENSION_FEATURE: Integer V_ERR_UNSUPPORTED_NAME_SYNTAX: Integer V_FLAG_ALLOW_PROXY_CERTS: Integer V_FLAG_CHECK_SS_SIGNATURE: Integer V_FLAG_CRL_CHECK: Integer V_FLAG_CRL_CHECK_ALL: Integer V_FLAG_EXPLICIT_POLICY: Integer V_FLAG_EXTENDED_CRL_SUPPORT: Integer V_FLAG_IGNORE_CRITICAL: Integer V_FLAG_INHIBIT_ANY: Integer V_FLAG_INHIBIT_MAP: Integer V_FLAG_NOTIFY_POLICY: Integer V_FLAG_NO_ALT_CHAINS: Integer V_FLAG_NO_CHECK_TIME: Integer V_FLAG_PARTIAL_CHAIN: Integer V_FLAG_POLICY_CHECK: Integer V_FLAG_SUITEB_128_LOS: Integer V_FLAG_SUITEB_128_LOS_ONLY: Integer V_FLAG_SUITEB_192_LOS: Integer V_FLAG_TRUSTED_FIRST: Integer V_FLAG_USE_CHECK_TIME: Integer V_FLAG_USE_DELTAS: Integer V_FLAG_X509_STRICT: Integer V_OK: Integer class Attribute include OpenSSL::Marshal extend OpenSSL::Marshal::ClassMethods public def ==: (instance other) -> bool def oid: () -> String def oid=: (String) -> String def to_der: () -> String def value: () -> ASN1::Set def value=: (ASN1::ASN1Data) -> ASN1::Set private def initialize: (String der) -> void | (String oid, ASN1::ASN1Data value) -> void def initialize_copy: (instance) -> void end class AttributeError < OpenSSL::OpenSSLError end class CRL include OpenSSL::X509::Extension::AuthorityKeyIdentifier include OpenSSL::Marshal extend OpenSSL::Marshal::ClassMethods public def ==: (instance other) -> bool def add_extension: (Extension ext) -> Extension def add_revoked: (Revoked revoked) -> Revoked def extensions: () -> Array[Extension] def extensions=: (Array[Extension] extensions) -> Array[Extension] def issuer: () -> X509::Name def issuer=: (X509::Name issuer) -> X509::Name def last_update: () -> Time? def last_update=: (Time last_update) -> Time def next_update: () -> Time? def next_update=: (Time next_update) -> Time def revoked: () -> Array[Revoked] def revoked=: (Array[Revoked]) -> Array[Revoked] def sign: (PKey::PKey key, Digest digest) -> String def signature_algorithm: () -> String def to_der: () -> String def to_pem: () -> String alias to_s to_pem def to_text: () -> String def verify: (PKey::PKey key) -> bool def version: () -> Integer def version=: (Integer) -> Integer private def initialize: (?String der) -> void def initialize_copy: (instance) -> void end class CRLError < OpenSSL::OpenSSLError end class Certificate include OpenSSL::X509::Extension::AuthorityInfoAccess include OpenSSL::X509::Extension::CRLDistributionPoints include OpenSSL::X509::Extension::AuthorityKeyIdentifier include OpenSSL::X509::Extension::SubjectKeyIdentifier include OpenSSL::Marshal extend OpenSSL::Marshal::ClassMethods public def ==: (instance other) -> bool def add_extension: (Extension ext) -> Extension def check_private_key: (PKey::PKey key) -> bool def extensions: () -> Array[Extension] def extensions=: (Array[Extension]) -> Array[Extension] def inspect: () -> String def issuer: () -> Name def issuer=: (Name) -> Name def not_after: () -> Time? def not_after=: (Time) -> Time def not_before: () -> Time? def not_before=: (Time) -> Time def pretty_print: (untyped q) -> untyped def public_key: () -> PKey::PKey def public_key=: (PKey::PKey pkey) -> PKey::PKey def serial: () -> BN def serial=: (bn serial) -> bn def sign: (PKey::PKey key, String digest) -> String def signature_algorithm: () -> String def subject: () -> Name def subject=: (Name) -> Name def to_der: () -> String def to_pem: () -> String alias to_s to_pem def to_text: () -> String def verify: (PKey::PKey key) -> bool def version: () -> Integer def version=: (Integer) -> Integer private def initialize: (?String pem) -> void def initialize_copy: (instance) -> void end class CertificateError < OpenSSL::OpenSSLError end class Extension include OpenSSL::Marshal extend OpenSSL::Marshal::ClassMethods public def ==: (instance other) -> bool def critical=: [U] (boolish) -> U def critical?: () -> bool def oid: () -> String def oid=: (String oid) -> String def to_a: () -> [String, String, bool] def to_der: () -> String def to_h: () -> Hash[String, untyped] def to_s: () -> String def value: () -> String def value=: (String | ASN1::_ToDer data) -> String def value_der: () -> String private def initialize: (String der) -> void | (String oid, String value, ?boolish critical) -> void def initialize_copy: (instance) -> void module AuthorityInfoAccess include OpenSSL::X509::Extension::Helpers public def ca_issuer_uris: () -> Array[String]? def ocsp_uris: () -> Array[String]? private def parse_aia_asn1: () -> untyped end module AuthorityKeyIdentifier include OpenSSL::X509::Extension::Helpers public def authority_key_identifier: () -> String? end module CRLDistributionPoints include OpenSSL::X509::Extension::Helpers public def crl_uris: () -> Array[String]? end module Helpers public def find_extension: (String oid) -> Extension? end module SubjectKeyIdentifier include OpenSSL::X509::Extension::Helpers public def subject_key_identifier: () -> String? end end class ExtensionError < OpenSSL::OpenSSLError end class ExtensionFactory public def config: () -> Config? def config=: (Config config) -> Config def create_ext: (String oid, String value, ?boolish critical) -> Extension def create_ext_from_array: ([String, String] | [String, String, boolish] ary) -> Extension def create_ext_from_hash: (Hash[String, String | boolish] hash) -> Extension def create_ext_from_string: (String str) -> Extension def create_extension: (String oid, String value, ?boolish critical) -> Extension def crl: () -> CRL? def crl=: (CRL crl) -> CRL def issuer_certificate: () -> Certificate? def issuer_certificate=: (Certificate cert) -> Certificate def subject_certificate: () -> Certificate? def subject_certificate=: (Certificate cert) -> Certificate def subject_request: () -> Request? def subject_request=: (Request request) -> Request private def initialize: (?Certificate? issuer_cert, ?Certificate? subject_cert, ?Request? request, ?CRL? crl) -> void end class Name type distinguished_name = [String, String] type template = Hash[String, Integer] include OpenSSL::Marshal include Comparable extend OpenSSL::Marshal::ClassMethods alias self.parse self.parse_openssl def self.parse_openssl: (String str, ?template template) -> instance def self.parse_rfc2253: (String str, ?template template) -> instance public alias <=> cmp def add_entry: (String oid, String value, ?loc: Integer, ?set: Integer) -> self def cmp: (untyped other) -> Integer? def eql?: (instance other) -> bool def hash: () -> Integer def hash_old: () -> Integer def inspect: () -> String def pretty_print: (untyped q) -> untyped def to_a: () -> Array[[String, String, Integer]] def to_der: () -> String def to_s: (?format format) -> String def to_utf8: () -> String private def initialize: (distinguished_name name, template template) -> void | (Array[distinguished_name] names) -> void | (?String der) -> void def initialize_copy: (instance) -> void COMPAT: Integer DEFAULT_OBJECT_TYPE: Integer MULTILINE: Integer OBJECT_TYPE_TEMPLATE: template ONELINE: Integer RFC2253: Integer type format = Integer module RFC2253DN def self.expand_hexstring: (untyped str) -> untyped def self.expand_pair: (untyped str) -> untyped def self.expand_value: (untyped str1, untyped str2, untyped str3) -> untyped def self.scan: (untyped dn) -> untyped private def expand_hexstring: (untyped str) -> untyped def expand_pair: (untyped str) -> untyped def expand_value: (untyped str1, untyped str2, untyped str3) -> untyped def scan: (String dn) -> Array[distinguished_name] AttributeType: Regexp AttributeValue: Regexp HexChar: Regexp HexPair: Regexp HexString: Regexp Pair: Regexp QuoteChar: Regexp Special: String StringChar: Regexp TypeAndValue: Regexp end end class NameError < OpenSSL::OpenSSLError end class Request include OpenSSL::Marshal extend OpenSSL::Marshal::ClassMethods public def ==: (untyped other) -> bool def add_attribute: (Attribute attribute) -> Attribute def attributes: () -> Array[Attribute] def attributes=: (Array[Attribute] attributes) -> Array[Attribute] def public_key: () -> PKey::PKey def public_key=: (PKey::PKey public_key) -> PKey::PKey def sign: (PKey::PKey key, Digest | String digest) -> String def signature_algorithm: () -> String def subject: () -> Name def subject=: (Name subject) -> Name def to_der: () -> String def to_pem: () -> String alias to_s to_pem def to_text: () -> String def verify: (PKey::PKey key) -> bool def version: () -> Integer def version=: (Integer version) -> Integer private def initialize: (?String der) -> void def initialize_copy: (instance) -> void end class RequestError < OpenSSL::OpenSSLError end class Revoked public def ==: (untyped other) -> bool def add_extension: (Extension ext) -> Extension def extensions: () -> Array[Extension] def extensions=: (Array[Extension] extensions) -> Array[Extension] def serial: () -> Integer def serial=: (Integer integer) -> Integer def time: () -> Time? def time=: (Time time) -> Time def to_der: () -> String private def initialize: (*untyped) -> void def initialize_copy: (instance) -> void end class RevokedError < OpenSSL::OpenSSLError end class Store public def add_cert: (Certificate certificate) -> self def add_crl: (CRL crl) -> self def add_file: (String file) -> self def add_path: (String path) -> self def chain: () -> Array[Certificate]? def error: () -> Integer? def error_string: () -> String? def flags=: (Integer flags) -> Integer def purpose=: (Integer purpose) -> Integer def set_default_paths: () -> nil def time=: (Time time) -> Time def trust=: (Integer trust) -> Integer def verify: (Certificate certificate, ?Array[Certificate] chain) ?{ (bool preverify_ok, StoreContext store_ctx) -> boolish } -> boolish def verify_callback: () -> (^(bool preverify_ok, StoreContext store_ctx) -> boolish | nil) def verify_callback=: [U] (^(bool preverify_ok, StoreContext store_ctx) -> boolish) -> U private def initialize: () -> void end class StoreContext public def chain: () -> Array[Certificate]? def cleanup: () -> void def current_cert: () -> Certificate def current_crl: () -> CRL def error: () -> Integer? def error=: (Integer error) -> Integer def error_depth: () -> Integer def error_string: () -> String? def flags=: (Integer flags) -> Integer def purpose=: (Integer purpose) -> Integer def time=: (Time time) -> Time def trust=: (Integer trust) -> Integer def verify: () -> bool private def initialize: (Store store, ?Certificate cert, ?Array[Certificate] chain) -> void end class StoreError < OpenSSL::OpenSSLError end end end