SSL communication with Mechanize

In a network with SSL protection, I can work with http by using:

http.verify_mode = OpenSSL::SSL::VERIFY_NONE

However, trying to use Mechanize:

irb(main):033:0> login_page = agent.get(url)
OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3
read server certificate B: certificate verify failed
from /opt/local/lib/ruby/1.8/net/http.rb:586:in connect' from /opt/local/lib/ruby/1.8/net/http.rb:586:inconnect’
from /opt/local/lib/ruby/1.8/net/http.rb:553:in do_start' from /opt/local/lib/ruby/1.8/net/http.rb:548:instart’

How would I approach my agent class to find the attributes on SSL.

agent.methods
=> [“to_yaml_style”, “inspect”, “post_connect_hooks”, “open_timeout”,
“transact”, “tap”, “conditional_requests=”, “redirection_limit”,
“clone”, “submit”, “public_methods”, “object_id”, “send”,
“open_timeout=”, “redirect_ok”, “instance_variable_defined?”,
“redirection_limit=”, “proxy_user”, “freeze”, “equal?”, “max_history”,
“key”, “delete”, “cert”, “follow_redirect?”, “extend”, “get”,
“redirect_ok=”, “follow_meta_refresh”, “send”,
“pretty_print_instance_variables”, “request_with_entity”, “methods”,
“max_history=”, “set_proxy”, “key=”, “read_timeout”, “cert=”, “hash”,
“follow_meta_refresh=”, “request_headers”, “dup”, “click”,
“instance_variables”, “to_enum”, “cookies”, “read_timeout=”,
“gzip_enabled”, “pretty_print_inspect”, “to_yaml”, “request_headers=”,
“html_parser”, “log”, “eql?”, “to_yaml_properties”, “gzip_enabled=”,
“verify_callback”, “id”, “instance_eval”, “pretty_inspect”,
“html_parser=”, “log=”, “singleton_methods”, “user_agent”,
“verify_callback=”, “proxy_addr”, “pass”, “taint”,
“instance_variable_get”, “frozen?”, “enum_for”, “auth”, “user_agent=”,
“keep_alive_time”, “display”, “instance_of?”, “history”, “visited?”,
“pass=”, “method”, “to_a”, “pre_connect_hooks”, “visited_page”,
“keep_alive_time=”, “history_added”, “instance_exec”, “type”, “page”,
“head”, “protected_methods”, “watch_for_set”, “==”, “history_added=”,
“proxy_pass”, “===”, “post”, “instance_variable_set”,
“watch_for_set=”, “keep_alive”, “respond_to?”, “kind_of?”, “put”,
“pluggable_parser”, “to_s”, “cookie_jar”, “pretty_print_cycle”,
“taguri”, “keep_alive=”, “scheme_handlers”, “class”, “get_file”,
“private_methods”, “=~”, “tainted?”, “id”, “cookie_jar=”,
“ca_file”, “back”, “taguri=”, “current_page”, “scheme_handlers=”,
“proxy_port”, “untaint”, “nil?”, “ca_file=”, “conditional_requests”,
“pretty_print”, “user_agent_alias=”, “basic_auth”, “is_a?”]

On Sun, Jul 25, 2010 at 10:40 AM, poseid [email protected]
wrote:

In a network with SSL protection, I can work with http by using:

http.verify_mode = OpenSSL::SSL::VERIFY_NONE

However, trying to use Mechanize:

How would I approach my agent class to find the attributes on SSL.

It might help if you were more clear in stating what it is that you want
to
achieve,
or what your specific problem is.

Some of the most comprehensive discussion on SSL in Ruby was discussed
on
Ola B.'s blog: http://olabini.com (and his older
http://olabini.blogspot.com -
useful articles on both). There are many code examples, as well as a
great
writeup
(for any language) on the fundamentals of security/cryptography.

For instance VERIFY_NONE is almost never what you want to do in a secure
environment - its basically the same thing as ‘trust all certificates’.
If
you
want to use VERIFY_PEER you need to have a local keystore, where you
import
cacerts (certificates from certificate authorities) that you can verify
your
sites
certificates against.

Also note, that there are alternative HTTP clients, some like
Http-client,
Httparty,
Resourceful etc. Which might handle SSL better, or in a more transparent
way.

On Jul 25, 12:18 pm, Richard C. [email protected] wrote:

Also note, that there are alternative HTTP clients, some like Http-client,
Httparty,
Resourceful etc. Which might handle SSL better, or in a more transparent
way.

Thanks for providing the references. I’ll need to check these.