Forum: Ruby Can't connect to securied host by ssl certificate

Can't connect to securied host by ssl certificate
Posted by Krzysztof Wawer (wafcio)
on 2013-01-23 22:26 
I must connect with some server which need SSL certificates, but I am
not able to write working code, I have:
- CA certificate
- X509 certificate
- Private key

when I wrote:

require 'net/https'
https = Net::HTTP.new('host', port)
https.use_ssl = true
https.ca_file = '/../ca.pem'
https.verify_mode = OpenSSL::SSL::VERIFY_PEER
https.verify_depth = 5
https.cert = OpenSSL::X509::Certificate.new
File.open('/.../cert/cert.crt')
https.key = OpenSSL::PKey::RSA.new File.open('/.../private/key.pem')
https.request_get('/.../test.txt')

I got:

OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3 read
server hello B: serverhello tlsext
    from /.../lib/ruby/1.9.1/net/http.rb:799:in `connect'
    from /.../lib/ruby/1.9.1/net/http.rb:799:in `block in connect'
    from /.../lib/ruby/1.9.1/timeout.rb:54:in `timeout'
    from /.../lib/ruby/1.9.1/timeout.rb:99:in `timeout'
    from /.../lib/ruby/1.9.1/net/http.rb:799:in `connect'
    from /.../lib/ruby/1.9.1/net/http.rb:755:in `do_start'
    from /.../lib/ruby/1.9.1/net/http.rb:744:in `start'
    from /.../lib/ruby/1.9.1/net/http.rb:1284:in `request'
    from /.../lib/ruby/1.9.1/net/http.rb:1195:in `request_get'

But I can connect to this sever by wget without any problems:

wget --certificate=/.../cert/cert.crt --private-key=/.../private/key.pem
--ca-certificate=/../ca.pem -O /tmp/x https://host/.../test.txt

I found that tlsext in SSL error message is some info about TLS
Extension, but I don't know what exactly what it mean and how it fix.
Edit | Move | Delete topic | Reply with quote
Re: Can't connect to securied host by ssl certificate
Posted by Love U Ruby (my-ruby)
on 2013-01-24 11:39 
Krzysztof Wawer wrote in post #1093400:
> I must connect with some server which need SSL certificates, but I am
> not able to write working code, I have:
> - CA certificate
> - X509 certificate
> - Private key
>
> when I wrote:
>
> require 'net/https'
> https = Net::HTTP.new('host', port)
> https.use_ssl = true
> https.ca_file = '/../ca.pem'
> https.verify_mode = OpenSSL::SSL::VERIFY_PEER
> https.verify_depth = 5
> https.cert = OpenSSL::X509::Certificate.new
> File.open('/.../cert/cert.crt')
> https.key = OpenSSL::PKey::RSA.new File.open('/.../private/key.pem')
> https.request_get('/.../test.txt')
>

I am also having the same issues with 'mechanize' ruby-gem. But I tried 
huge,But failed. Thus I am adding my name to this list,to have the 
update how to handle such situations.

Thanks
Edit | Delete | Reply with quote
Enable email notification | Enable multi-page view
Please log in before posting. Registration is free and takes only a minute.
Existing account (Switch to SSL-encrypted connection)
NEW: Do you have a Google/GoogleMail or Yahoo account? No registration required!
Log in with Google account | Log in with Yahoo account
No account? Register here.
Powered by RForum and Captchator. Contact information - E-Mail: webmaster (at) ruby-forum (dot) com.