[lnkForumImage]
TotalShareware - Download Free Software
Confronta i prezzi di migliaia di prodotti.
Asp Forum
 Home | Login | Register | Search 


 

Forums >

comp.lang.ruby

OpenSSL , SOAP4R

Ze Maria

2/22/2007 12:48:00 PM

Hi guys,
Does someone knows how to use certificates with SOAP::WSDLDriverFactory
?
for example, to generate a driver from a url like:
https://some.com/som...

Tks in advance
Ze Maria

--
Posted via http://www.ruby-....
6 Answers

jmazzi

2/22/2007 8:53:00 PM

0

Ze Maria wrote:
> Hi guys,
> Does someone knows how to use certificates with SOAP::WSDLDriverFactory
> ?
> for example, to generate a driver from a url like:
> https://some.com/som...
>
> Tks in advance
> Ze Maria

If you don't have the CA, you can do:

server.options["protocol.http.ssl_config.verify_mode"] = nil

Or are you referring to use CERTS to authenticate?


--
Posted via http://www.ruby-....

Ze Maria

2/23/2007 10:08:00 AM

0

Justin Mazzi wrote:
> Ze Maria wrote:
>> Hi guys,
>> Does someone knows how to use certificates with SOAP::WSDLDriverFactory
>> ?
>> for example, to generate a driver from a url like:
>> https://some.com/som...
>>
>> Tks in advance
>> Ze Maria
>
> If you don't have the CA, you can do:
>
> server.options["protocol.http.ssl_config.verify_mode"] = nil
>
> Or are you referring to use CERTS to authenticate?


if the certificate (.crt) , I don't understanding how do you 've a
variable named "server" with an options hash..

Tks
Ze Maria

--
Posted via http://www.ruby-....

Mike Wernsing

2/23/2007 4:04:00 PM

0

> > server.options["protocol.http.ssl_config.verify_mode"] = nil

> if the certificate (.crt) , I don't understanding how do you 've a
> variable named "server" with an options hash..

Hopefully this may clarify,

wsdl = 'https://some.com/somethin...
factory = SOAP::WSDLDriverFactory.new( wsdl )
drv = factory.create_rpc_driver
drv.options[ 'protocol.http.ssl_config.ca_file' ] = nil

alternatively:

drv.options['protocol.http.ssl_config.verify_mode'] = openSSL::SSL::VERIFY_NONE

some other possibly useful options:

drv.options['protocol.http.ssl_config.verify_mode'] = OpenSSL::SSL::VERIFY_PEER
drv.options['protocol.http.ssl_config.ca_file'] = 'api_cert_chain.crt'
drv.options['protocol.http.ssl_config.client_cert'] = 'client.cert'
drv.options['protocol.http.ssl_config.client_key'] = 'client.keys'

barjunk

2/23/2007 5:12:00 PM

0

On Feb 23, 7:04 am, "Mike Wernsing" <mwerns...@gmail.com> wrote:
> > > server.options["protocol.http.ssl_config.verify_mode"] = nil
> > if the certificate (.crt) , I don't understanding how do you 've a
> > variable named "server" with an options hash..
>
> Hopefully this may clarify,
>
> wsdl = 'https://some.com/somethin...
> factory = SOAP::WSDLDriverFactory.new( wsdl )
> drv = factory.create_rpc_driver
> drv.options[ 'protocol.http.ssl_config.ca_file' ] = nil
>
> alternatively:
>
> drv.options['protocol.http.ssl_config.verify_mode'] = openSSL::SSL::VERIFY_NONE
>
> some other possibly useful options:
>
> drv.options['protocol.http.ssl_config.verify_mode'] = OpenSSL::SSL::VERIFY_PEER
> drv.options['protocol.http.ssl_config.ca_file'] = 'api_cert_chain.crt'
> drv.options['protocol.http.ssl_config.client_cert'] = 'client.cert'
> drv.options['protocol.http.ssl_config.client_key'] = 'client.keys'


This is good stuff! What would be a good link to have found this for
myself? Thanks!

Mike B.

Mike Wernsing

2/23/2007 7:07:00 PM

0

> This is good stuff! What would be a good link to have found this for
> myself? Thanks!

Might try these:

http://calagenda.berkeley.edu/calendar-ws/sample...

The following describes using wsdl2ruby:
http://www.pranavbihari.com/articles/2005/12/02/testing-paypal-web-services-with-r...

Emil Marceta

2/24/2007 6:05:00 AM

0

Mike Wernsing wrote:
>> > server.options["protocol.http.ssl_config.verify_mode"] = nil
>
>> if the certificate (.crt) , I don't understanding how do you 've a
>> variable named "server" with an options hash..
>
> Hopefully this may clarify,
>
> wsdl = 'https://some.com/somethin...
> factory = SOAP::WSDLDriverFactory.new( wsdl )
> drv = factory.create_rpc_driver
> drv.options[ 'protocol.http.ssl_config.ca_file' ] = nil
>
> alternatively:
>
> drv.options['protocol.http.ssl_config.verify_mode'] =
> openSSL::SSL::VERIFY_NONE
>
> some other possibly useful options:
>
> drv.options['protocol.http.ssl_config.verify_mode'] =
> OpenSSL::SSL::VERIFY_PEER
> drv.options['protocol.http.ssl_config.ca_file'] = 'api_cert_chain.crt'
> drv.options['protocol.http.ssl_config.client_cert'] = 'client.cert'
> drv.options['protocol.http.ssl_config.client_key'] = 'client.keys'


Should be noted that the above actually does not checks the actual
server (peer) certificate. It only validates that the peer certificate
is signed by / issued by the 'api_cert_chain.crt'.

To actually validate the server cert use :
drv.options['protocol.http.ssl_config.verify_callback'] =
method(:validate_certificate)

where method validate_certificate looks like:

def validate_certificate(is_ok, ctx)
cert = ctx.current_cert

# Only check the server certificate, not the issuer
unless (cert.subject.to_s == cert.issuer.to_s)
is_ok &&= File.open('server_cert.pem').read ==
ctx.current_cert.to_pem
end
is_ok
end


emil

--
Posted via http://www.ruby-....