Forum: Ruby Using OpenSSL in Ruby

808d838856b664e97b09d0e743b5d731?d=identicon&s=25 Aaron D. Gifford (Guest)
on 2010-12-11 01:53
(Received via mailing list)
Hi,

Anyone have any pointers to documentation, notes, info, or if none of
that, code showing examples of using OpenSSL in Ruby, in particular
memory BIO input/output for SSL/TLS sessions?  Searches turn up plenty
of C code, but dearth of Ruby code.  I'd like to be able to establish
an SSL or TLS session using memory IO (no sockets, no file IO).

Wondering,

Aaron out.
1f36de0ab637612b390bbc4ac52b0b80?d=identicon&s=25 elise huard (Guest)
on 2010-12-11 15:36
(Received via mailing list)
> Anyone have any pointers to documentation, notes, info, or if none of
> that, code showing examples of using OpenSSL in Ruby, in particular
> memory BIO input/output for SSL/TLS sessions? Searches turn up plenty
> of C code, but dearth of Ruby code. I'd like to be able to establish
> an SSL or TLS session using memory IO (no sockets, no file IO).
>
> Wondering,
>
> Aaron out.
Hi Aaron,

you might want to take a look at
https://github.com/jamesgolick/always_verify_ssl_c...
http://www.rubyinside.com/how-to-cure-nethttps-ris...
HTH,

Elise
58479f76374a3ba3c69b9804163f39f4?d=identicon&s=25 Eric Hodel (Guest)
on 2010-12-11 21:23
(Received via mailing list)
On Dec 10, 2010, at 16:51, Aaron D. Gifford wrote:
> Anyone have any pointers to documentation, notes, info, or if none of
> that, code showing examples of using OpenSSL in Ruby, in particular
> memory BIO input/output for SSL/TLS sessions?  Searches turn up plenty
> of C code, but dearth of Ruby code.  I'd like to be able to establish
> an SSL or TLS session using memory IO (no sockets, no file IO).

I have written introductory documentation for OpenSSL, but it is only in
ruby trunk.

You can read it here:

https://github.com/ruby/ruby/blob/trunk/ext/openss...

I don't know much about openssl beyond learning enough to write this
documentation, so I would appreciate feedback.

If there's something I missed please tell me so I can learn it and add
it.
04cdb622ce0aac272b61f23f373e2abf?d=identicon&s=25 Michael Granger (Guest)
on 2010-12-11 21:36
(Received via mailing list)
On 12/10/10 4:51 PM, Aaron D. Gifford wrote:
> Anyone have any pointers to documentation, notes, info, or if none of
> that, code showing examples of using OpenSSL in Ruby, in particular
> memory BIO input/output for SSL/TLS sessions?  Searches turn up plenty
> of C code, but dearth of Ruby code.  I'd like to be able to establish
> an SSL or TLS session using memory IO (no sockets, no file IO).

There's nothing specifically about using memory IO, but the
samples/openssl/ directory in the Ruby source has some good generic
examples of how the pieces fit together.

I've also found Eric Hodel's OpenSSL-related stuff to be a good source
for how to use it, albeit with sockets and files, e.g.,:

  http://segment7.net/projects/ruby/QuickCert/
  http://segment7.net/projects/ruby/drb/DRbSSL/

Looking at the openssl ext source, I don't see a way to create a raw
memory source/sink, but OpenSSL::Session.new with a string creates one
to hold the encoded session, so maybe it'd be easy to add that. To be
honest, I'm not entirely sure what it means to "establish a[...] session
using memory IO", so I could be entirely misguided.

Good luck!
58479f76374a3ba3c69b9804163f39f4?d=identicon&s=25 Eric Hodel (Guest)
on 2010-12-12 09:40
(Received via mailing list)
On Dec 10, 2010, at 16:51, "Aaron D. Gifford" <astounding@gmail.com>
wrote:

> Anyone have any pointers to documentation, notes, info, or if none of
> that, code showing examples of using OpenSSL in Ruby, in particular
> memory BIO input/output for SSL/TLS sessions?  Searches turn up plenty
> of C code, but dearth of Ruby code.  I'd like to be able to establish
> an SSL or TLS session using memory IO (no sockets, no file IO).

Do you mean a wrapper for http://www.openssl.org/docs/crypto/bio.html# ?

I don't think ruby's OpenSSL wrapper supports that at this time. (I need
to get to a real computer to know for sure.)
808d838856b664e97b09d0e743b5d731?d=identicon&s=25 Aaron D. Gifford (Guest)
on 2010-12-15 05:38
(Received via mailing list)
Thank you for the pointers everyone.

Yes, Eric, the bio I/O abstraction is what I am looking for in Ruby.

And yes Michael, a raw memory source/sink is what I meant.

For example, I have two Ruby objects that communicate over a
bidirectional memory FIFO pipe.  For reasons I don't care to explain,
I would like to initiate an SSL/TLS session over that pipe, but I need
to handle all I/O directly since I will be muxing/demuxing the SSL/TLS
traffic with other unencrypted traffic over the single channel.  The
ability to start and stop arbitrary numbers of SSL/TLS encrypted
streams at will is desirable.

If anyone thinks of any more, please post them.  :)

Aaron out.
753dcb78b3a3651127665da4bed3c782?d=identicon&s=25 Brian Candler (candlerb)
on 2010-12-15 16:14
Aaron D. Gifford wrote in post #968472:
> For example, I have two Ruby objects that communicate over a
> bidirectional memory FIFO pipe.  For reasons I don't care to explain,
> I would like to initiate an SSL/TLS session over that pipe, but I need
> to handle all I/O directly since I will be muxing/demuxing the SSL/TLS
> traffic with other unencrypted traffic over the single channel.  The
> ability to start and stop arbitrary numbers of SSL/TLS encrypted
> streams at will is desirable.
>
> If anyone thinks of any more, please post them.  :)

You could create a SocketPair, and demux the TLS stuff into that. You
would need to beware of it blocking, so perhaps run the TLS stuff in a
separate thread.

http://groups.google.com/group/comp.lang.ruby/brow...

For regular TLS using a socket, ruby openssl is pretty simple. There's
code in ruby-ldapserver which does it.
808d838856b664e97b09d0e743b5d731?d=identicon&s=25 Aaron D. Gifford (Guest)
on 2010-12-15 21:31
(Received via mailing list)
On Wed, Dec 15, 2010 at 8:14 AM, Brian Candler <b.candler@pobox.com>
wrote:
> You could create a SocketPair, and demux the TLS stuff into that. You
> would need to beware of it blocking, so perhaps run the TLS stuff in a
> separate thread.
>
>
http://groups.google.com/group/comp.lang.ruby/brow...
>
> For regular TLS using a socket, ruby openssl is pretty simple. There's
> code in ruby-ldapserver which does it.

Thanks, Brian.  Sadly, I require non-blocking I/O and a
single-threaded app.  I'm debating now whether or not to write a bio
wrapper Ruby extension in C and use that...  *sigh*

Aaron out.
58479f76374a3ba3c69b9804163f39f4?d=identicon&s=25 Eric Hodel (Guest)
on 2010-12-17 00:18
(Received via mailing list)
On Dec 15, 2010, at 12:16, Aaron D. Gifford wrote:
> Thanks, Brian.  Sadly, I require non-blocking I/O and a
> single-threaded app.  I'm debating now whether or not to write a bio
> wrapper Ruby extension in C and use that...  *sigh*

If you do this, please let me know.  I can help integrate it into Ruby's
OpenSSL binding.
Please log in before posting. Registration is free and takes only a minute.
Existing account

NEW: Do you have a Google/GoogleMail, Yahoo or Facebook account? No registration required!
Log in with Google account | Log in with Yahoo account | Log in with Facebook account
No account? Register here.