Hi,
The Gregory Houston blog has an entry about using http-access2 to
talk with https websites:
Here is the 4-line-demo he offers:
require ‘http-access2’
client = HTTPAccess2::Client.new()
client.ssl_config.set_trust_ca(‘ca.cert’)
puts client.get(‘Yahoo’).content
I fired up irb.
I verified that I got the same initial error that he did.
I dont have IE so I used opera to export the key.
It looks like it gave me a binary file.
I wrote a bin_to_base64.rb script to transform the binary file:
#! /usr/bin/env ruby
require “base64”
binfile =
‘/pt/w/browser_certificates/equifax_secure_certificate_authority.bin’
b64file =
‘/pt/w/browser_certificates/equifax_secure_certificate_authority.cer’
fhr = File.open binfile, “r”
bin_s = “”
fhr.each {|l| bin_s << l}
fhr.close
b64_s = Base64.encode64 bin_s
fhw = File.open b64file, “w”
fhw.write b64_s
fhw.close
It gave me this:
MIIDIDCCAomgAwIBAgIENd70zzANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQG
EwJVUzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1
cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTk4MDgyMjE2NDE1MVoXDTE4
MDgyMjE2NDE1MVowTjELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0VxdWlmYXgx
LTArBgNVBAsTJEVxdWlmYXggU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0
eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwV2xWGcIYu6gmi0fCG2R
FGiYCh7+2gRvE4RiIcPRfM6fBeC4AfBONOziipUEZKzxa1NfBbPLZ4C/QgKO
/t0BCezhABRP/PvwDN1Dulsr4R+AcJkVV5MW8Q+XarfCaCMczE1ZMKxRHjuv
K9buY0V7xdlfUNLjUA86iOe/FP3gx7kCAwEAAaOCAQkwggEFMHAGA1UdHwRp
MGcwZaBjoGGkXzBdMQswCQYDVQQGEwJVUzEQMA4GA1UEChMHRXF1aWZheDEt
MCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5
MQ0wCwYDVQQDEwRDUkwxMBoGA1UdEAQTMBGBDzIwMTgwODIyMTY0MTUxWjAL
BgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUSOZo+SvSspXXR9gjIBBPM5iQn9Qw
HQYDVR0OBBYEFEjmaPkr0rKV10fYIyAQTzOYkJ/UMAwGA1UdEwQFMAMBAf8w
GgYJKoZIhvZ9B0EABA0wCxsFVjMuMGMDAgbAMA0GCSqGSIb3DQEBBQUAA4GB
AFjOKer89961zgK5F7WF0bnj4JXMJTENAKaSbn+2kmOeUJXRmm/kEd5jhW6Y
7qj/WsjTVbJmcVfewCHrPSqnI0kBBIZCe/zuf6IWUrVnZ9NA2zsmWLIodz2u
FHdh1voqZiegDfqnc1zqcPGUIWVEX/r87yloqaKHee9570+sB3c4
I then tried it out in irb:
require ‘http-access2’
client = HTTPAccess2::Client.new()
client.ssl_config.set_trust_ca(“/pt/w/browser_certificates/equifax_secure_certificate_authority.cer”)
puts client.get(‘Yahoo’).content
irb(main):011:0> OpenSSL::X509::StoreError:
from
/Applications/Locomotive2/Bundles/standardRailsSept2006.locobundle/powerpc/lib/ruby/site_ruby/1.8/http-access2.rb:532:in
add_file' from /Applications/Locomotive2/Bundles/standardRailsSept2006.locobundle/powerpc/lib/ruby/site_ruby/1.8/http-access2.rb:532:in set_trust_ca’
from (irb):11
irb(main):012:0> at depth 0 - 20: unable to get local issuer
certificate
OpenSSL::SSL::SSLError: certificate verify failed
from
/Applications/Locomotive2/Bundles/standardRailsSept2006.locobundle/powerpc/lib/ruby/site_ruby/1.8/http-access2.rb:1001:in
connect' from /Applications/Locomotive2/Bundles/standardRailsSept2006.locobundle/powerpc/lib/ruby/site_ruby/1.8/http-access2.rb:1001:in ssl_connect’
from
/Applications/Locomotive2/Bundles/standardRailsSept2006.locobundle/powerpc/lib/ruby/site_ruby/1.8/http-access2.rb:1363:in
connect' from /Applications/Locomotive2/Bundles/standardRailsSept2006.locobundle/powerpc/lib/ruby/1.8/timeout.rb:56:in timeout’
from
/Applications/Locomotive2/Bundles/standardRailsSept2006.locobundle/powerpc/lib/ruby/1.8/timeout.rb:76:in
timeout' from /Applications/Locomotive2/Bundles/standardRailsSept2006.locobundle/powerpc/lib/ruby/site_ruby/1.8/http-access2.rb:1351:in connect’
from
/Applications/Locomotive2/Bundles/standardRailsSept2006.locobundle/powerpc/lib/ruby/site_ruby/1.8/http-access2.rb:1209:in
query' from /Applications/Locomotive2/Bundles/standardRailsSept2006.locobundle/powerpc/lib/ruby/site_ruby/1.8/http-access2.rb:892:in query’
from
/Applications/Locomotive2/Bundles/standardRailsSept2006.locobundle/powerpc/lib/ruby/site_ruby/1.8/http-access2.rb:434:in
do_get_block' from /Applications/Locomotive2/Bundles/standardRailsSept2006.locobundle/powerpc/lib/ruby/site_ruby/1.8/http-access2.rb:370:in conn_request’
from
/Applications/Locomotive2/Bundles/standardRailsSept2006.locobundle/powerpc/lib/ruby/site_ruby/1.8/http-access2.rb:285:in
request' from /Applications/Locomotive2/Bundles/standardRailsSept2006.locobundle/powerpc/lib/ruby/site_ruby/1.8/http-access2.rb:260:in get’
from (irb):12
irb(main):013:0> irb(main):014:0*
I looked at the code near line 532 of
/Applications/Locomotive2/Bundles/standardRailsSept2006.locobundle/powerpc/lib/ruby/site_ruby/1.8/http-access2.rb
I see:
def set_trust_ca(trust_ca_file_or_hashed_dir)
if FileTest.directory?(trust_ca_file_or_hashed_dir)
@cert_store.add_path(trust_ca_file_or_hashed_dir)
else
@cert_store.add_file(trust_ca_file_or_hashed_dir) # line 532
end
change_notify
end
I found the creation of @cert_store about 1/2 page above line 532:
@cert_store = OpenSSL::X509::Store.new
So, I’m about to go nose around in the ruby OpenSSL code, demos,
test-cases.
But, have any of you bumped into this issue?
Can you give me any hints on how to get http-acces2 talking to
an https website?
Thanks.