Closed ph closed 9 years ago
I'll take a look <3
I've used the old method of using the openssl binaries works great :( Not sure If I did something wrong.
I think the jruby problem Invalid encoding of AuthorityKeyIdentifierExtension
is a known issue (JRuby has problems generating certificate payloads sometimes)
The MRI problem, not sure. I'll try to write some tests for flores to figure out what's going on
I ran your code, and amusingly I get a different error:
# Ruby 2.2.1p85
% ruby -I./lib ssl_test.rb
Starting Server
/home/jls/.rvm/rubies/ruby-2.2.1/lib/ruby/2.2.0/openssl/ssl.rb:236:in `accept': SSL_accept returned=1 errno=0 state=error: EVP lib (OpenSSL::SSL::SSLError)
Hah, my error was caused by the RSA key size being too small (512 is rejected by newer openssl implementations, I guess?) Changing to 1024 fixed it. Will keep testing.
Ok, the problem with your code was that you are not telling the client socket about the server's cert properly.
SSLContext#cert=
is for setting the local certificate identity. If you want to tell the context what certificates are trusted, you'll want to use OpenSSL::X509::Store
like so:
# For the client to trust the server's `certificate`
store = OpenSSL::X509::Store.new
store.add_cert(certificate)
context.cert_store = store
weird, from the doc #cert
should have worked too. good catch for the RSA.
I've used #ca_file
in the past, but obviously it only work with physical file ;)
yeah, the ssl api is terrible. I'm still having trouble getting your example working with VERIFY_PEER. I'm not sure why it's failing still.
You can write the ssl cert/key to disk if you want, as a workaround.
@jordansissel can you paste the error, I've created a simple socket/server example with physical certificates.
Also this is a bit strange that #cert
work in some context and not on the other see https://github.com/elastic/ruby-lumberjack/blob/master/lib/lumberjack/server.rb#L41
Fixed by 3516bbfba3ec2cfbb85aa9df508208d64bd66735 w/ specs to keep it working.
When I create a self signed certificate I get this error when trying to connect to a ssl server.
jruby 1.7.20
ruby 2.2.0
ruby code is: https://gist.github.com/4a678ec4e4206b45bba1