search

lostisland / faraday

Simple, but flexible HTTP client library, with support for multiple backends.
https://lostisland.github.io/faraday
MIT License
5.76k stars 981 forks source link

Support for chained client certificates? #1576

Closed Deekor closed 3 months ago

Deekor commented 4 months ago

Basic Info

An API I'm using requires the use of certificate based auth and the certificates must be chained.

Ive been able to get it to work via bare bones net::http

@chained = OpenSSL::X509::Certificate.load(File.read("/path/chained.pem")) # reads a file that has 2 certs in it and returns an array of certs
url = URI("https://apiendpoin.com")

http = Net::HTTP.new(url.host, url.port)
http.cert = @chained.first
http.extra_chain_cert = @chained

http.key = @key
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE

request = Net::HTTP::Post.new(url)
request.body = "grant_type=client_credentials"

response = http.request(request)

I would love to use faraday, but it seems the ssl options only allow for one client_cert and not an array of certs and OpenSSL::X509::Certificate.new(File.read("/path/chained.pem")) only returns the first cert in chained.pem

yykamei commented 4 months ago

I love the idea to support chained client certificates 😄 This issue is being also discussed here.

iMacTia commented 3 months ago

@Deekor @yykamei this was implemented in https://github.com/lostisland/faraday-net_http/pull/42 and is available in the latest version of the faraday-net_http adapter 🎉

bvogel commented 3 months ago

Hi, any chance to cut a new faraday release so this can "officially" be used? Thank you so much.

iMacTia commented 3 months ago

Planning to cut a release soon, was waiting on #1582 to be merged as well 👍

iMacTia commented 3 months ago

Release just went out 🎉

bvogel commented 3 months ago

Thank you!