Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How do I get an HTTPS request with SSL client cert to work with Ruby EventMachine?

I am trying to access an HTTPS web service that uses SSL cert authentication using Ruby EventMachine but I am not getting it to work.

I have written the following simple code block to test it end-to-end:

require 'rubygems'
require 'em-http'

EventMachine.run do
  url = 'https://foobar.com/'
  ssl_opts = {:private_key_file => '/tmp/private.key',
    :cert_chain_file => '/tmp/ca.pem',
    :verify_peer => false}
  http = EventMachine::HttpRequest.new(url).get :ssl => ssl_opts

  http.callback do
    p http.response_header.status
    p http.response_header
    p http.response
    EventMachine.stop
  end

  http.errback do
    EventMachine.stop
    fail "Request failed"
  end
end

Running the above outputs <SSL_incomp> followed by the raised RuntimeError message. I have tried running with :verify_peer set to both true and false and it gives me the same error. Running EventMachine::HttpRequest#get without the :ssl option does the same.

I have also tried sending the request to GMail (https://mail.google.com) without the :ssl option (i.e. plain HTTPS without cert) and that works, outputting status code 200, the headers and the body.

I have tried doing the same request to the web service with curl and that works:

curl --silent --cert /tmp/private.key --cacert /tmp/ca.pem https://foobar.com/

I am thinking that I am either using the em-http-request gem or EventMachine incorrectly or that the SSL files are in a format that works with curl but not EventMachine.

I someone knows how to solve the example above or provide a similar example using EventMachine directly would be much appreciated!

like image 354
jgyllen Avatar asked Oct 27 '10 23:10

jgyllen


1 Answers

The file passed to curl's --cert contains both the cert and the key (unless you pass in a --key separately). Just use /tmp/private.key as the argument to both :private_key_file and :cert_chain_file

See http://github.com/eventmachine/eventmachine/issues/#issue/115 for more details about the issue and a patch that exposes the underlying error (instead of just printing out SSL_incomp).

like image 196
tmm1 Avatar answered Nov 15 '22 04:11

tmm1