I'm trying to hack ActiveResource to use a self-signed
certificate when
connecting to my RESTful rails app (seems like a pretty
glaring hole
that it doesn't offer this out of the box... though I guess
it is alpha
software).
I started out going through the ActiveResource code looking
for
somewhere I could set the cert and key. Didn't find it, so I
took the
approach of overriding Net::HTTP#cert and Net::HTTP#key to
return my
cert and key:
(environment.rb)
require 'net/https'
class Net::HTTP
def cert
OpenSSL::X509::Certificate.new(File.read(RAILS_ROOT +
"/config/certs/client_signed.pem"))
end
def key
OpenSSL::PKey::RSA.new(File.read(RAILS_ROOT +
"/config/certs/client.key"))
end
end
That still wasn't working... I was getting an SSL error,
IIRC.
So, I took a detour off to write a standalone ruby script to
do the
connection using the cert and key. After much trial and
error, I finally
got Apache to accept the cert. I wasn't able to get the
actual data from
the REST service because my xml input gets url-encoded, but
that's ok...
I really want to get this working with ActiveResource, not
by using
Net:HTTP directly.
The solution that ultimately made Apache happy with that
standalone code
was to also set Net::HTTP.verify_mode to
OpenSSL::SSL::VERIFY_PEER and
to provide the certificate authority file that I used to
sign the cert
to Net:HTTP and Apache.
So, I added these things to environment.rb, giving me:
class Net::HTTP
def cert
OpenSSL::X509::Certificate.new(File.read(RAILS_ROOT +
"/config/certs/client_signed.pem"))
end
def key
OpenSSL::PKey::RSA.new(File.read(RAILS_ROOT +
"/config/certs/client.key"))
end
def ca_file
RAILS_ROOT + "/config/certs/cacert.pem"
end
def verify_mode
OpenSSL::SSL::VERIFY_PEER
end
end
But ActiveResource gives me no love... or rather Apache once
again gives
me the error I was getting before I added the CA stuff to my
standalone
script:
SSL Library Error: 336105671 error:140890C7:SSL
routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a
certificate
No CAs known to server for verification?
I've put debug statements in ActiveResource::Connection
right before it
makes the call and it is ssl, it is verify peer, it has my
cert, my key
and my cert authority... but it doesn't work.
Any help, ideas, suggestions... anything would be great.
Ben
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the
Google Groups "Ruby on Rails: Core" group.
To post to this group, send email to rubyonrails-core googlegroups.com
To unsubscribe from this group, send email to
rubyonrails-core-unsubscribegooglegroups.com
For more options, visit this group at http://groups.google.com/group/rubyonrails-core?hl=en
-~----------~----~----~----~------~----~------~--~---
|
