Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How do I get an HTTPS request with SSL client cert to work with Ruby EventMachine?

Tags:

ruby

ssl-certificate

eventmachine

I am trying to access an HTTPS web service that uses SSL cert authentication using Ruby EventMachine but I am not getting it to work.

I have written the following simple code block to test it end-to-end:

require 'rubygems'
require 'em-http'

EventMachine.run do
  url = 'https://foobar.com/'
  ssl_opts = {:private_key_file => '/tmp/private.key',
    :cert_chain_file => '/tmp/ca.pem',
    :verify_peer => false}
  http = EventMachine::HttpRequest.new(url).get :ssl => ssl_opts

  http.callback do
    p http.response_header.status
    p http.response_header
    p http.response
    EventMachine.stop
  end

  http.errback do
    EventMachine.stop
    fail "Request failed"
  end
end

Running the above outputs <SSL_incomp> followed by the raised RuntimeError message. I have tried running with :verify_peer set to both true and false and it gives me the same error. Running EventMachine::HttpRequest#get without the :ssl option does the same.

I have also tried sending the request to GMail (https://mail.google.com) without the :ssl option (i.e. plain HTTPS without cert) and that works, outputting status code 200, the headers and the body.

I have tried doing the same request to the web service with curl and that works:

curl --silent --cert /tmp/private.key --cacert /tmp/ca.pem https://foobar.com/

I am thinking that I am either using the em-http-request gem or EventMachine incorrectly or that the SSL files are in a format that works with curl but not EventMachine.

I someone knows how to solve the example above or provide a similar example using EventMachine directly would be much appreciated!

like image 354
jgyllen Avatar asked Oct 27 '10 23:10

jgyllen

1 Answers

The file passed to curl's --cert contains both the cert and the key (unless you pass in a --key separately). Just use /tmp/private.key as the argument to both :private_key_file and :cert_chain_file

See http://github.com/eventmachine/eventmachine/issues/#issue/115 for more details about the issue and a patch that exposes the underlying error (instead of just printing out SSL_incomp).

like image 196
tmm1 Avatar answered Nov 15 '22 04:11

tmm1
Sign in to Comment

Related questions

Use multiple themes on one website jeykll
Embedding YAML alias within YAML string
"ld: library not found for -lSystem" when installing homebrew ruby on Big Sur
Best Way to Conditional Redirect? [closed]
With Rails, where should I put html snippets? I don't want partials but I want them reloaded during development
How do I reload a running Shoes app after making source code changes?
Using Rails with Paperclip and SWFUpload
Continuous Integration Advice?
Calling initialize when loading an object serialized with YAML
Rspec > testing database views
Deadlock in ruby code using SizedQueue
How to build a Weighted Graph with Ruby's RGL or GRATR to perform Dijkstra's algorithm?
What's the easiest way to use OAuth with ActiveResource?
can't dup NilClass - Error
XPath select node with periods
How do I do SCP with Ruby and a private key?
Python (or maybe JavaScript / Ruby): open source projects that will give me a (bit) of hand-holding [closed]
How to set SSLContext options in Ruby
Are array parameters in rails guaranteed to be in the order in which they appear in the url?
Rails validating virtual attributes

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!