Forum: Ruby Certificates and Net::HTTP

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
C993c6aaffc6cf7b477a5075099e1d36?d=identicon&s=25 Peter Hickman (Guest)
on 2014-04-29 10:51
(Received via mailing list)
I am in the process of converting some Python code over to Ruby. The
code
runs in Python just fine and the Ruby code is almost working:

uri = URI(LOGIN_URL)
req = Net::HTTP::Post.new uri.path
req.body = "blah blah blah"

c = nil
File.open('config/certificates/client-2048.pem', 'rb') { |f| c = f.read
}

res = Net::HTTP.start(uri.host, uri.port, :use_ssl => true) do |http|
  http.cert = OpenSSL::X509::Certificate.new(c)
  http.verify_mode = OpenSSL::SSL::VERIFY_PEER
  http.ssl_version = :SSLv3
  http.request req
end

When this code is run is connects just fine res.code is '200' and the
service is returning JSON but it indicates that the certificate was not
being presented. In the Python code I have

requests.post('https://...', data=payload,
cert=('config/certificates/client-2048.crt',
'config/certificates/client-2048.key'), headers=headers)

I have the following file available client-2048.crt, client-2048.csr,
client-2048.key, client-2048.p12 and client-2048.pem and have tried
every
variation Google and StackOverflow shows me but without success.

Any pointers as to what I am doing wrong?
2ffac40f8a985a2b2749244b8a1c4161?d=identicon&s=25 Mike Stok (Guest)
on 2014-04-29 14:16
(Received via mailing list)
On Apr 29, 2014, at 4:50 AM, Peter Hickman
<peterhickman386@googlemail.com> wrote:

>   http.cert = OpenSSL::X509::Certificate.new(c)
>
> Any pointers as to what I am doing wrong?

Hello Peter,

Forgive me if this doesn't answer your question directly, but have you
considered https://github.com/tarcieri/http ?
https://github.com/tarcieri/http/wiki/HTTPS seems to suggest a way to
set up the SSL context the way you want.

Hope this helps,

Mike

--

Mike Stok <mike@stok.ca>
http://www.stok.ca/~mike/

The "`Stok' disclaimers" apply.
This topic is locked and can not be replied to.