Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

Accept certificate and private_key as strings #236

Merged
merged 2 commits into from

4 participants

@lanej
  • make certificate_path and private_key_path explicitly relate to filenames
  • maintains existing API client_cert and client_key options
@geemus
Owner

I'm afraid I still don't understand the need for this. It adds a lot of complexity and the values would still be in memory in the hash, regardless of writing out to the files. Also, couldn't you just write the tempfiles outside excon and pass them in, instead of excon needing to be concerned about it? Sorry if I'm missing the point, it just is not super clear to me what we are gaining here I guess. Thanks!

@thommahoney

This does not write any new files. It changes the API so that you can pass the certificate data as strings instead of as file names. Existing behavior is preserved by default.

@geemus
Owner

@thommahoney - got it. It seemed like in the initial pull there was concern about keeping the keys in memory, should we still worry about that?

@thommahoney

No, as you said that have to be in memory at some point. Thanks for taking the time on this.

@geemus geemus merged commit 771e573 into excon:master

1 check passed

Details default The Travis CI build passed
@geemus
Owner

Thanks!

@thommahoney - does this need a release?

@lanej

yes please

@geemus
Owner

Done. 0.24.0

@lanej lanej referenced this pull request in lostisland/faraday
Merged

[excon] pass client side cert information to excon #288

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Jun 4, 2013
  1. accept certificate and private_key data directly

    Thom Mahoney & Josh Lane authored
Commits on Jun 5, 2013
  1. @ehowe
This page is out of date. Refresh to see the latest.
View
2  lib/excon/constants.rb
@@ -35,6 +35,8 @@ module Excon
:chunk_size,
:client_key,
:client_cert,
+ :certificate,
+ :private_key,
:connect_timeout,
:connection,
:error,
View
13 lib/excon/ssl_socket.rb
@@ -24,9 +24,16 @@ def initialize(data = {})
ssl_context.verify_mode = OpenSSL::SSL::VERIFY_NONE
end
- if @data.has_key?(:client_cert) && @data.has_key?(:client_key)
- ssl_context.cert = OpenSSL::X509::Certificate.new(File.read(@data[:client_cert]))
- ssl_context.key = OpenSSL::PKey::RSA.new(File.read(@data[:client_key]))
+ # maintain existing API
+ certificate_path = @data[:client_cert] || @data[:certificate_path]
+ private_key_path = @data[:client_key] || @data[:private_key_path]
+
+ if certificate_path && private_key_path
+ ssl_context.cert = OpenSSL::X509::Certificate.new(File.read(certificate_path))
+ ssl_context.key = OpenSSL::PKey::RSA.new(File.read(private_key_path))
+ elsif @data.has_key?(:certificate) && @data.has_key?(:private_key)
+ ssl_context.cert = OpenSSL::X509::Certificate.new(@data[:certificate])
+ ssl_context.key = OpenSSL::PKey::RSA.new(@data[:private_key])
end
if @data[:proxy]
View
38 tests/basic_tests.rb
@@ -52,7 +52,7 @@
end
with_rackup('ssl_verify_peer.ru') do
- Shindo.tests('Excon basics (ssl)',['focus']) do
+ Shindo.tests('Excon basics (ssl file)',['focus']) do
connection = Excon::Connection.new({
:host => '127.0.0.1',
:nonblock => false,
@@ -69,5 +69,41 @@
:client_key => File.join(File.dirname(__FILE__), 'data', 'excon.cert.key'),
:client_cert => File.join(File.dirname(__FILE__), 'data', 'excon.cert.crt')
)
+
+ end
+
+ Shindo.tests('Excon basics (ssl file paths)',['focus']) do
+ connection = Excon::Connection.new({
+ :host => '127.0.0.1',
+ :nonblock => false,
+ :port => 8443,
+ :scheme => 'https',
+ :ssl_verify_peer => false
+ })
+
+ tests('GET /content-length/100').raises(Excon::Errors::SocketError) do
+ connection.request(:method => :get, :path => '/content-length/100')
+ end
+
+ basic_tests('https://127.0.0.1:8443',
+ :private_key_path => File.join(File.dirname(__FILE__), 'data', 'excon.cert.key'),
+ :certificate_path => File.join(File.dirname(__FILE__), 'data', 'excon.cert.crt')
+ )
+
+ end
+
+ Shindo.tests('Excon basics (ssl string)', ['focus']) do
+ connection = Excon::Connection.new({
+ :host => '127.0.0.1',
+ :nonblock => false,
+ :port => 8443,
+ :scheme => 'https',
+ :ssl_verify_peer => false
+ })
+
+ basic_tests('https://127.0.0.1:8443',
+ :private_key => File.read(File.join(File.dirname(__FILE__), 'data', 'excon.cert.key')),
+ :certificate => File.read(File.join(File.dirname(__FILE__), 'data', 'excon.cert.crt'))
+ )
end
end
Something went wrong with that request. Please try again.