Skip to content
Browse files

Enabling client authentication with SSL... working sort of

  • Loading branch information...
1 parent bcc7160 commit 1ad32eabce9bc2971b28df3dc40bf916112325a8 @dominicm dominicm committed Sep 14, 2011
View
3 features/ssl.feature
@@ -14,6 +14,9 @@ Feature: RightHTTPConnection can connect to a secure web server
# Then I should get the contents of the URL
Scenario: normal operation
+ Given a test client certificate file
+ Given a test client key file
+
Given a CA certification file containing that server
Given an HTTPS URL
When I request that URL using RightHTTPConnection
View
4 features/step_definitions/ssl.rb
@@ -48,11 +48,11 @@
end
Given /^a test client certificate file$/ do
- @client_cert_file = File.expand_path(File.join(File.dirname(__FILE__), "..", "..", "spec/client/", "cert.pem"))
+ @client_cert_file = File.expand_path(File.join(File.dirname(__FILE__), "..", "..", "spec/server.crt"))
end
Given /^a test client key file$/ do
- @client_key_file = File.expand_path(File.join(File.dirname(__FILE__), "..", "..", "spec/client/", "key.pem"))
+ @client_key_file = File.expand_path(File.join(File.dirname(__FILE__), "..", "..","spec/server.key"))
end
Given /^the strict failure option turned on$/ do
View
3 features/step_definitions/web_server.rb
@@ -47,7 +47,8 @@
File.expand_path(File.join(File.dirname(__FILE__), "..", "..",
"spec/server.crt")),
File.expand_path(File.join(File.dirname(__FILE__), "..", "..",
- "spec/server.key")))
+ "spec/server.key")),
+ File.expand_path(File.join(File.dirname(__FILE__), "..", "..", "spec", "good.ca")))
end
Given "a server listening on port 7890"
end
View
10 lib/right_http_connection.rb
@@ -319,13 +319,17 @@ def start(request_params)
ca_file = get_param(:ca_file)
cert_file = get_param(:cert_file)
key_file = get_param(:key_file)
+puts "ca_file: #{ca_file}"
+puts "cert_file: #{cert_file}"
+puts "key_file: #{key_file}"
if ca_file
+puts "************** key_file: #{key_file}"
@http.verify_mode = OpenSSL::SSL::VERIFY_PEER
@http.verify_callback = verifyCallbackProc
@http.verify_depth = 0
-# @http.ca_file = ca_file #OpenSSL::X509::Certificate.new(File.read(ca_file))
-# @http.cert = OpenSSL::X509::Certificate.new(File.read(cert_file))
-# @http.key = OpenSSL::PKey::RSA.new(File.read(key_file))
+ @http.ca_file = ca_file #OpenSSL::X509::Certificate.new(File.read(ca_file))
+ @http.cert = OpenSSL::X509::Certificate.new(File.read(cert_file))
+ @http.key = OpenSSL::PKey::RSA.new(File.read(key_file))
else
@http.verify_mode = OpenSSL::SSL::VERIFY_NONE
end
View
13 spec/really_dumb_webserver.rb
@@ -52,18 +52,22 @@ def format(format_string, params)
end
end
-logger = WEBrick::Log.new($stderr, WEBrick::Log::WARN)
+fool = File.new("/tmp/test_webrick.txt", 'w')
+logger = WEBrick::Log.new(fool, WEBrick::Log::WARN)
+logger.warn "***************** starting"
config = {}
config[:Port] = 7890
config[:Logger] = logger
-config[:AccessLog] = [[$stdout, WEBrick::AccessLog::COMBINED_LOG_FORMAT]]
+config[:AccessLog] = [[fool, WEBrick::AccessLog::COMBINED_LOG_FORMAT]]
unless ssl_cert.nil? || ssl_key.nil?
require 'webrick/https'
+
+logger.warn "***************** #{ca_cert}"
config[:SSLEnable] = true
- config[:SSLVerifyClient] = OpenSSL::SSL::VERIFY_NONE#PEER | OpenSSL::SSL::VERIFY_FAIL_IF_NO_PEER_CERT
+ config[:SSLVerifyClient] = OpenSSL::SSL::VERIFY_PEER | OpenSSL::SSL::VERIFY_FAIL_IF_NO_PEER_CERT
config[:SSLPrivateKey] = OpenSSL::PKey::RSA.new(File.open(ssl_key).read)
config[:SSLCertificate] = OpenSSL::X509::Certificate.new(File.open(ssl_cert).read)
- config[:SSLVerifyDepth] = 0
+ config[:SSLVerifyDepth] = 20
config[:SSLCACertificateFile] = ca_cert
config[:SSLCertName] = [["CN", "Graham Hughes"]]
#config[:SSLCertName] = [["CN", "MyTestCA"]]
@@ -72,6 +76,7 @@ def format(format_string, params)
server = WEBrick::HTTPServer.new(config)
server.mount_proc('/good') {|req, resp|
+logger.warn "something"
resp.status = 200
resp['Content-Type'] = "text/plain"
resp.body = "good"

0 comments on commit 1ad32ea

Please sign in to comment.
Something went wrong with that request. Please try again.