SSL detection based on 'https://` protocol not guaranteed to work

[oskarbruening]

Here's the issue:

• I have a 3rd party https SOAP server that I need to work with. The url for that server starts with "https", no port provided.
• I provide the url to savon as per documentation: client = Savon.client(wsdl: 'https://.….')
• In Savon::Client the URL is passed in to the Wasabi document:
• @wsdl.document = @globals[:wsdl] if @globals.include? :wsdl
• In the last line of that method HTTPI does a get to the URL to determine the correct URI.
• --> the https uri is changed to "http://....:443/..." = the https protocol is stripped and the ssl port 443 is added
• The problem is that now in HTTPI::Request.ssl? the ssl functionality is determined by !!(url.to_s =~ /^https/)
• --> this now return false because the URI no longer has the protocol listed
• --> the request in Savon fails because HTTPI does not use .use_ssl in the net_http request.

Two options, neither of which I'm a big fan, but wanted to get your feedback:

• Change HTTPI::Request.ssl? to also look for the 443 port
• Have Savon check the protocol in the original URL and force ssl by setting .ssl = true on the HTTPI request.

The workaround is to use the endpoint global:

client = Savon.client(wsdl: @url, endpoint: @url)

does the job because Savon::Operation.endpoint checks @Globals first to get the url. This is a good work around for us for now, but it's not intuitive and might need to be documented / fixed.

[rubiii]

hey @oskarbruening, thanks for reporting this. i would need a test to verify the problem, but currently don't have the time to write it. i think this should be fixed though and a failing test would probably make it easier to come up with a proper solution.

[rubiii]

@oskarbruening could you point me to the code for this?

* In the last line of that method HTTPI does a get to the URL to determine the correct URI.

right now, i don't really understand the problem, so if you can't provide code or a test to reproduce this,
maybe you can try to describe the problem with a little more details.

[unixmonkey]

I think I'm having the same issue as @oskarbruening , also mentioned by vaibhavbansal in #297

The WSDL server is accessed over HTTPS, but has an untrusted certificate.

I try to connect with client = Savon.client(wsdl: 'https://example.com/foo?wsdl', ssl_verify_mode: :none), but when it goes to hit the server, the server responds with Connection refused - connect(2) (Errno::ECONNREFUSED)

Connecting with client = Savon.client(wsdl: 'https://example.com/foo?wsdl', endpoint: 'https://example.com/foo?wsdl', ssl_verify_mode: :none) works like a charm.

At this line:
https://github.com/savonrb/savon/blob/master/lib/savon/client.rb#L61
@wsdl.endpoint is still null. When @wsdl.request = WSDLRequest.new(@globals).build is called (which does make a request), thereafter @wsdl.endpoint returns a URI that is plain http.

If there's anything I can do to further help debug, please let me know.

[rubiii]

@unixmonkey savon extracts the endpoint from the wsdl. please check whether that one uses http or https.

[rubiii]

@unixmonkey can you provide code or a test to verify this problem?

[unixmonkey]

@rubiii You are completely right. The WSDLs I'm working with specify http:// instead of https:// inside them, even though they are actually only available at the https url.

@oskarbruening I know it's been awhile, but can you check to see if your WSDL has the same issue?

[rubiii]

@unixmonkey thanks for getting back. so i would consider closing this one unless @oskarbruening actually has a different problem and can provide code or further information to reproduce the problem.

[oskarbruening]

It's a different issue. Who can I email with more details that I'd prefer not to share publicly here?

[rubiii]

@oskarbruening you can email me at me@rubiii.com

[mikecmpbll]

I've just confirmed I'm having the same issue that can be solved by supplying the wsdl URI to the endpoint option too. I don't really understand why though, it may be a problem with the WSDL i'm consuming. I get Errno::ETIMEDOUT: Operation timed out - connect(2) when I do not.

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[stale]

This issue is now closed due to inactivity. If you believe this needs further action, please re-open to discuss.

[swistak]

thanks for the provided workaround!