forked from gwdg/rOCCI
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request gwdg#23 from arax/client-dev
X.509 proxy certificate support
- Loading branch information
Showing
5 changed files
with
141 additions
and
5 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,53 @@ | ||
module HTTParty | ||
class ConnectionAdapter | ||
|
||
private | ||
|
||
def attach_ssl_certificates(http, options) | ||
if http.use_ssl? | ||
http.verify_mode = OpenSSL::SSL::VERIFY_NONE | ||
|
||
# Client certificate authentication | ||
if options[:pem] | ||
http.cert = OpenSSL::X509::Certificate.new(options[:pem]) | ||
http.key = OpenSSL::PKey::RSA.new(options[:pem], options[:pem_password]) | ||
http.verify_mode = OpenSSL::SSL::VERIFY_PEER | ||
end | ||
|
||
# Set chain of client certificates | ||
if options[:ssl_extra_chain_cert] | ||
http.extra_chain_cert = [] | ||
|
||
options[:ssl_extra_chain_cert].each do |p_ca| | ||
http.extra_chain_cert << OpenSSL::X509::Certificate.new(p_ca) | ||
end | ||
end | ||
|
||
# SSL certificate authority file and/or directory | ||
if options[:ssl_ca_file] | ||
http.ca_file = options[:ssl_ca_file] | ||
http.verify_mode = OpenSSL::SSL::VERIFY_PEER | ||
end | ||
|
||
if options[:ssl_ca_path] | ||
http.ca_path = options[:ssl_ca_path] | ||
http.verify_mode = OpenSSL::SSL::VERIFY_PEER | ||
end | ||
|
||
# This is only Ruby 1.9+ | ||
if options[:ssl_version] && http.respond_to?(:ssl_version=) | ||
http.ssl_version = options[:ssl_version] | ||
end | ||
end | ||
end | ||
|
||
end | ||
|
||
module ClassMethods | ||
|
||
def ssl_extra_chain_cert(ary_of_certs) | ||
default_options[:ssl_extra_chain_cert] = ary_of_certs | ||
end | ||
|
||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,46 @@ | ||
############################################################################## | ||
## Net::HTTP hack allowing the use of X.509 proxy certificates. | ||
############################################################################## | ||
|
||
# When running Ruby 1.8.x, RUBY_ENGINE is not defined | ||
RUBY_ENGINE = "ruby" unless defined? RUBY_ENGINE | ||
|
||
# detect jRuby | ||
if RUBY_ENGINE == 'jruby' | ||
#TODO: add jRuby support, this doesn't work | ||
module Net | ||
class HTTP | ||
|
||
SSL_ATTRIBUTES = SSL_ATTRIBUTES.concat %w(extra_chain_cert) | ||
|
||
# An Array of certificates that will be sent to the client. | ||
attr_accessor :extra_chain_cert | ||
|
||
end | ||
end | ||
else | ||
net_http_fix_rby_ver = RUBY_VERSION.split('.') | ||
|
||
# detect old Rubies, tested with 1.8.7-p371 | ||
if net_http_fix_rby_ver[1] == "8" | ||
module Net | ||
class HTTP | ||
|
||
# An Array of certificates that will be sent to the client. | ||
ssl_context_accessor :extra_chain_cert | ||
|
||
end | ||
end | ||
else | ||
module Net | ||
class HTTP | ||
|
||
SSL_ATTRIBUTES = SSL_ATTRIBUTES.concat %w(extra_chain_cert) | ||
|
||
# An Array of certificates that will be sent to the client. | ||
attr_accessor :extra_chain_cert | ||
|
||
end | ||
end | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters