REST api access using SSL/TLS PEM files

[satyashanmuka]

Below is the available connection specific settings with em-http for using certificates based authentication. But, is there a way to use PEM files for SSL/TLS based authentication using em-http-request.

:ssl => { :private_key_file => '/tmp/server.key', :cert_chain_file => '/tmp/server.crt', :verify_peer => false }

I tried generating .key and .crt files using the .pem files ,but that way connections to server is being refused.

NOTE: is there a way to do the 'insecure' option of calling the rest api using username/password or token based authentication using em-http-request. Below is the curl way of doing ,but we want to do this via em-http in ruby.

curl $APISERVER/api --header "Authorization: Bearer $TOKEN" --insecure

[igrigorik]

We pass through all the SSL options to EventMachine::Connection#start_tls: http://www.rubydoc.info/github/eventmachine/eventmachine/EventMachine/Connection:start_tls

Take a look at the docs there for PEM support and verification flags.

Hope that helps!

[satyashanmuka]

Tried running below code and it is giving an error Errno::EPROTO. Please do help. ruby version:2.0.0. Please do help

require 'rubygems' require 'eventmachine' require "em-http" require "json"

EventMachine.run do query = "https://ipaddress/api/v1/" http_options = { :connect_timeout => 200, # default connection setup timeout :inactivity_timeout => 200, # default connection inactivity (post-setup) timeout

        :ssl => {
          :private_key_file => "/key.pem",
          # :cert_chain_file (String) — default: nil — local path of a readable file that contants a chain of 
          #X509 certificates in the PEM format, with the most-resolved certificate at the top of the file, 
          #successive intermediate certs in the middle, and the root (or CA) cert at the bottom.
          :cert_chain_file =>  "/adminca.pem", #( as menitoned I have appended ca.pem file content at the end of cert pem file)
          :verify_peer => true
        }

} request = EM::HttpRequest.new(query, http_options).get(:keepalive => false, :head => {'connection' => 'close'}) request.errback { | exception | puts request.error }

request.callback { begin response_json = MultiJson.load(request.response) puts response_json rescue Exception => exception puts "#{exception}" end }

end

[igrigorik]

2.0.0 is pretty old, you should update and make sure you use latest version of Eventmachine.

Based on the above, I don't see any obvious errors and the error itself is EM specific. PTAL at the docs and the changelog there.

[thoughtless]

@satyashanmuka As noted in this PR em-http-request does not implement ssl_verify_peer. Thus any request with :verify_peer => true will fail with Errno::EPROTO.

It is not possible to verify SSL certs with em-http-request.