Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Support multiple certs in the client trust store.

  • Loading branch information...
commit 1c0a64c930368d30b89bfdad2e26b8d128ddce86 1 parent 5201b0b
@gmallard gmallard authored
View
4 examples/ssl_uc2.rb
@@ -6,8 +6,8 @@
#
# SSL Use Case 2
#
-ssl_opts = Stomp::SSLParams.new(:key_file => "/home/gmallard/hext/misc.code/ruby-misc/sslsamps/client.key",
- :cert_file => "/home/gmallard/hext/misc.code/ruby-misc/sslsamps/client.crt")
+ssl_opts = Stomp::SSLParams.new(:key_file => "/home/gmallard/sslwork/client.key",
+ :cert_file => "/home/gmallard/sslwork/client.crt")
#
hash = { :hosts => [
{:login => 'guest', :passcode => 'guest', :host => 'localhost', :port => 61612, :ssl => ssl_opts},
View
5 examples/ssl_uc3.rb
@@ -6,7 +6,10 @@
#
# SSL Use Case 3
#
-ssl_opts = Stomp::SSLParams.new(:ts_file => "/home/gmallard/hext/misc.code/ruby-misc/sslsamps/TestCA.crt")
+ts_flist = []
+ts_flist << "/home/gmallard/sslwork/TestCA.crt"
+ts_flist << "/home/gmallard/hext/misc.code/ruby-misc/sslsamps/TestCA.crt"
+ssl_opts = Stomp::SSLParams.new(:ts_files => ts_flist.join(","))
#
hash = { :hosts => [
{:login => 'guest', :passcode => 'guest', :host => 'localhost', :port => 61612, :ssl => ssl_opts},
View
6 examples/ssl_uc4.rb
@@ -6,9 +6,9 @@
#
# SSL Use Case 4
#
-ssl_opts = Stomp::SSLParams.new(:key_file => "/home/gmallard/hext/misc.code/ruby-misc/sslsamps/client.key",
- :cert_file => "/home/gmallard/hext/misc.code/ruby-misc/sslsamps/client.crt",
- :ts_file => "/home/gmallard/hext/misc.code/ruby-misc/sslsamps/TestCA.crt")
+ssl_opts = Stomp::SSLParams.new(:key_file => "/home/gmallard/sslwork/client.key",
+ :cert_file => "/home/gmallard/sslwork/client.crt",
+ :ts_files => "/home/gmallard/sslwork/TestCA.crt")
#
hash = { :hosts => [
{:login => 'guest', :passcode => 'guest', :host => 'localhost', :port => 61612, :ssl => ssl_opts},
View
8 lib/stomp/connection.rb
@@ -637,10 +637,14 @@ def open_ssl_socket
if @ssl != true # SSLParams
# Server authentication parameters if required
- if @ssl.ts_file
+ if @ssl.ts_files
ctx.verify_mode = OpenSSL::SSL::VERIFY_PEER
truststores = OpenSSL::X509::Store.new
- truststores.add_file(@ssl.ts_file)
+ fl = @ssl.ts_files.split(",")
+ fl.each do |fn|
+ # Add next cert file listed
+ truststores.add_file(fn)
+ end
ctx.cert_store = truststores
end
View
9 lib/stomp/sslparams.rb
@@ -7,9 +7,9 @@ module Stomp
# Parameters for STOMP ssl connections.
#
class SSLParams
- # The trust store file. Normally the certificate of the CA that signed
- # the server's certificate.
- attr_accessor :ts_file
+ # The trust store files. Normally the certificate of the CA that signed
+ # the server's certificate. One file name, or a CSV list of file names.
+ attr_accessor :ts_files
# The client certificate file.
attr_accessor :cert_file
# The client private key file.
@@ -23,7 +23,8 @@ class SSLParams
def initialize(opts={})
# Server authentication parameters
- @ts_file = opts[:ts_file] # A trust store file, normally a CA's cert
+ @ts_files = opts[:ts_files] # A trust store file, normally a CA's cert
+ # or a CSV list of cert file names
# Client authentication parameters
@cert_file = opts[:cert_file] # Client cert
View
6 test/test_ssl.rb
@@ -22,7 +22,7 @@ def test_ssl_0000
#
def test_ssl_0010
ssl_params = Stomp::SSLParams.new
- assert ssl_params.ts_file.nil?
+ assert ssl_params.ts_files.nil?
assert ssl_params.cert_file.nil?
assert ssl_params.key_file.nil?
end
@@ -39,10 +39,10 @@ def test_ssl_0020
ssl_parms = Stomp::SSLParams.new(:cert_file => "dummy1", :key_file => "dummy2")
}
assert_nothing_raised {
- ssl_parms = Stomp::SSLParams.new(:ts_file => "dummyts1")
+ ssl_parms = Stomp::SSLParams.new(:ts_files => "dummyts1")
}
assert_nothing_raised {
- ssl_parms = Stomp::SSLParams.new(:ts_file => "dummyts1", :cert_file => "dummy1", :key_file => "dummy2")
+ ssl_parms = Stomp::SSLParams.new(:ts_files => "dummyts1", :cert_file => "dummy1", :key_file => "dummy2")
}
end
Please sign in to comment.
Something went wrong with that request. Please try again.