Hi guys,
Does someone knows how to use certificates with SOAP::WSDLDriverFactory
?
for example, to generate a driver from a url like:
https://some.com/something.wsl
Tks in advance
Ze Maria
Ze Maria wrote:
Hi guys,
Does someone knows how to use certificates with SOAP::WSDLDriverFactory
?
for example, to generate a driver from a url like:
https://some.com/something.wslTks in advance
Ze Maria
If you don’t have the CA, you can do:
server.options[“protocol.http.ssl_config.verify_mode”] = nil
Or are you referring to use CERTS to authenticate?
Justin M. wrote:
Ze Maria wrote:
Hi guys,
Does someone knows how to use certificates with SOAP::WSDLDriverFactory
?
for example, to generate a driver from a url like:
https://some.com/something.wslTks in advance
Ze MariaIf you don’t have the CA, you can do:
server.options[“protocol.http.ssl_config.verify_mode”] = nil
Or are you referring to use CERTS to authenticate?
if the certificate (.crt) , I don’t understanding how do you 've a
variable named “server” with an options hash…
Tks
Ze Maria
server.options[“protocol.http.ssl_config.verify_mode”] = nil
if the certificate (.crt) , I don’t understanding how do you 've a
variable named “server” with an options hash…
Hopefully this may clarify,
wsdl = ‘https://some.com/something.wsl’
factory = SOAP::WSDLDriverFactory.new( wsdl )
drv = factory.create_rpc_driver
drv.options[ ‘protocol.http.ssl_config.ca_file’ ] = nil
alternatively:
drv.options[‘protocol.http.ssl_config.verify_mode’] =
openSSL::SSL::VERIFY_NONE
some other possibly useful options:
drv.options[‘protocol.http.ssl_config.verify_mode’] =
OpenSSL::SSL::VERIFY_PEER
drv.options[‘protocol.http.ssl_config.ca_file’] = ‘api_cert_chain.crt’
drv.options[‘protocol.http.ssl_config.client_cert’] = ‘client.cert’
drv.options[‘protocol.http.ssl_config.client_key’] = ‘client.keys’
On Feb 23, 7:04 am, “Mike Wernsing” [email protected] wrote:
alternatively:
drv.options[‘protocol.http.ssl_config.verify_mode’] = openSSL::SSL::VERIFY_NONE
some other possibly useful options:
drv.options[‘protocol.http.ssl_config.verify_mode’] = OpenSSL::SSL::VERIFY_PEER
drv.options[‘protocol.http.ssl_config.ca_file’] = ‘api_cert_chain.crt’
drv.options[‘protocol.http.ssl_config.client_cert’] = ‘client.cert’
drv.options[‘protocol.http.ssl_config.client_key’] = ‘client.keys’
This is good stuff! What would be a good link to have found this for
myself? Thanks!
Mike B.
This is good stuff! What would be a good link to have found this for
myself? Thanks!
Might try these:
http://calagenda.berkeley.edu/calendar-ws/sample-code.html
The following describes using wsdl2ruby:
http://www.pranavbihari.com/articles/2005/12/02/testing-paypal-web-services-with-ruby-soap4r
Mike Wernsing wrote:
server.options[“protocol.http.ssl_config.verify_mode”] = nil
if the certificate (.crt) , I don’t understanding how do you 've a
variable named “server” with an options hash…Hopefully this may clarify,
wsdl = ‘https://some.com/something.wsl’
factory = SOAP::WSDLDriverFactory.new( wsdl )
drv = factory.create_rpc_driver
drv.options[ ‘protocol.http.ssl_config.ca_file’ ] = nilalternatively:
drv.options[‘protocol.http.ssl_config.verify_mode’] =
openSSL::SSL::VERIFY_NONEsome other possibly useful options:
drv.options[‘protocol.http.ssl_config.verify_mode’] =
OpenSSL::SSL::VERIFY_PEER
drv.options[‘protocol.http.ssl_config.ca_file’] = ‘api_cert_chain.crt’
drv.options[‘protocol.http.ssl_config.client_cert’] = ‘client.cert’
drv.options[‘protocol.http.ssl_config.client_key’] = ‘client.keys’
Should be noted that the above actually does not checks the actual
server (peer) certificate. It only validates that the peer certificate
is signed by / issued by the ‘api_cert_chain.crt’.
To actually validate the server cert use :
drv.options[‘protocol.http.ssl_config.verify_callback’] =
method(:validate_certificate)
where method validate_certificate looks like:
def validate_certificate(is_ok, ctx)
cert = ctx.current_cert
Only check the server certificate, not the issuer
unless (cert.subject.to_s == cert.issuer.to_s)
is_ok &&= File.open(‘server_cert.pem’).read ==
ctx.current_cert.to_pem
end
is_ok
end
emil