ssl server authentication

[mjdavies]

Hello everyone

I'm connecting to a biztalk SOAP API, and I've been given a public cert from the server to use to connect using ssl server authentication.

ruby 1.9.2, curb (0.7.15),savon (0.9.1) httpi (0.9.2)

I can't seem to get it to work properly.

It works from the command line with curl

curl --cacert /path/to/cert https://raadeeraa

but I can't work out the combination of how to get it to work with savon, httpi and curb

This goes through

http.auth.ssl.ca_cert_file = '/path/to/cert'
http.auth.ssl.verify_mode = :peer

But this also goes through, so I don't think it's working properly

http.auth.ssl.ca_cert_file = '/complete/load/of/nonsnse'
http.auth.ssl.verify_mode = :peer

This fails with a ssl cert error

http.auth.ssl.ca_cert_file = '/path/to/cert'
http.auth.ssl.verify_mode = :none

cert=': undefined methodrindex' for nil:NilClass (NoMethodError)

So I specify a cert as well

http.auth.ssl.ca_cert_file = '/path/to/cert'
http.auth.ssl.cert_file = '/path/to/cert'
http.auth.ssl.verify_mode = :none

rails3.0.4/gems/httpi-0.9.2/lib/httpi/adapter/curb.rb:29:in `http_post': Problem with the local SSL certificate (Curl::Err::SSLCertificateError)

Please don't think I'm posting without reading, I've read all these pages and can't find a solution

Well, you'll have to take my word for it, i can only put up 2 hyperlinks :-)

http://stackoverflow.com/questions/40273/whats-the-best-way-to-use-soap-with-ruby
http://stackoverflow.com/questions/3133065/talking-with-a-soap-service-using-savon-gem-in-ruby
http://rubiii.github.com/savon/
http://blog.nofail.de/2010/03/nosql-rails-models-with-soap/
http://stackoverflow.com/questions/2209105/help-soap-response-using-ssl-basic-authentication-and-client-certificates
http://stackoverflow.com/questions/5047797/trouble-using-a-ssl-certificate-self-signed-certificate-in-certificate-chain
http://savonrb.com
http://fagiani.github.com/savon/#the_http_object
http://rubydoc.info/gems/httpi/0.9.2/frames
https://github.com/rubiii/httpi

Any suggestions will be greatly appreciated.

[mjdavies]

I'm drilling down, and I've got httpclient to work on it's own as I'd expect, here's the code

require 'httpclient'

client = HTTPClient.new
client.ssl_config.set_trust_ca('certificate off the server')
# set_client_cert_file(cert_file, key_file)
# client.ssl_config.set_client_cert_file('certificate-privateKey.pem', 'certificate-privateKey.pem')

url = "https://doodaa"
resp = client.get(url)
puts resp.content
puts resp.status

If I alter that certificate, or use another one, it fails, as it should.

How to represent that code in savon is the next question.

I'm going to remove curb and go with httpclient from now on, at least I know that works in this instance

[grosser]

we had some strange problems with curb/httpi, have you tried another adapter ?

[mjdavies]

I had to rewrite 2 lines in the httpi gem to get it to work with httpclient or curb. They may have already brought these changes back into the main httpi gem by now, I'm not keeping tabs on it, get it to work, then get onto the next thing :-)

https://github.com/uniglam/httpi

[mjdavies]

woops, didn't mean to close it, not sure it is closed

[rubiii]

released v0.9.6 which should fix this issue.