search

savonrb / httpi

Common interface for Ruby's HTTP clients
http://httpirb.com
MIT License
300 stars 150 forks source link

ssl server authentication #32

Closed mjdavies closed 12 years ago

mjdavies commented 13 years ago

Hello everyone

I'm connecting to a biztalk SOAP API, and I've been given a public cert from the server to use to connect using ssl server authentication.

ruby 1.9.2, curb (0.7.15),savon (0.9.1) httpi (0.9.2)

I can't seem to get it to work properly.

It works from the command line with curl

curl --cacert /path/to/cert https://raadeeraa

but I can't work out the combination of how to get it to work with savon, httpi and curb

This goes through

http.auth.ssl.ca_cert_file = '/path/to/cert' http.auth.ssl.verify_mode = :peer

But this also goes through, so I don't think it's working properly

http.auth.ssl.ca_cert_file = '/complete/load/of/nonsnse' http.auth.ssl.verify_mode = :peer

This fails with a ssl cert error

http.auth.ssl.ca_cert_file = '/path/to/cert' http.auth.ssl.verify_mode = :none

cert=': undefined methodrindex' for nil:NilClass (NoMethodError)

So I specify a cert as well

http.auth.ssl.ca_cert_file = '/path/to/cert' http.auth.ssl.cert_file = '/path/to/cert' http.auth.ssl.verify_mode = :none

rails3.0.4/gems/httpi-0.9.2/lib/httpi/adapter/curb.rb:29:in `http_post': Problem with the local SSL certificate (Curl::Err::SSLCertificateError)

Please don't think I'm posting without reading, I've read all these pages and can't find a solution

Well, you'll have to take my word for it, i can only put up 2 hyperlinks :-)

http://stackoverflow.com/questions/40273/whats-the-best-way-to-use-soap-with-ruby http://stackoverflow.com/questions/3133065/talking-with-a-soap-service-using-savon-gem-in-ruby http://rubiii.github.com/savon/ http://blog.nofail.de/2010/03/nosql-rails-models-with-soap/ http://stackoverflow.com/questions/2209105/help-soap-response-using-ssl-basic-authentication-and-client-certificates http://stackoverflow.com/questions/5047797/trouble-using-a-ssl-certificate-self-signed-certificate-in-certificate-chain http://savonrb.com http://fagiani.github.com/savon/#the_http_object http://rubydoc.info/gems/httpi/0.9.2/frames https://github.com/rubiii/httpi

Any suggestions will be greatly appreciated.

mjdavies commented 13 years ago

I'm drilling down, and I've got httpclient to work on it's own as I'd expect, here's the code

require 'httpclient'

client = HTTPClient.new
client.ssl_config.set_trust_ca('certificate off the server')
# set_client_cert_file(cert_file, key_file)
# client.ssl_config.set_client_cert_file('certificate-privateKey.pem', 'certificate-privateKey.pem')

url = "https://doodaa"
resp = client.get(url)
puts resp.content
puts resp.status

If I alter that certificate, or use another one, it fails, as it should.

How to represent that code in savon is the next question.

I'm going to remove curb and go with httpclient from now on, at least I know that works in this instance

grosser commented 13 years ago

we had some strange problems with curb/httpi, have you tried another adapter ?

mjdavies commented 13 years ago

I had to rewrite 2 lines in the httpi gem to get it to work with httpclient or curb. They may have already brought these changes back into the main httpi gem by now, I'm not keeping tabs on it, get it to work, then get onto the next thing :-)

https://github.com/uniglam/httpi

mjdavies commented 13 years ago

woops, didn't mean to close it, not sure it is closed

rubiii commented 12 years ago

released v0.9.6 which should fix this issue.