Permalink
Browse files

Support multiple certs in the client trust store.

  • Loading branch information...
1 parent 5201b0b commit 1c0a64c930368d30b89bfdad2e26b8d128ddce86 @gmallard gmallard committed Mar 4, 2012
Showing with 23 additions and 15 deletions.
  1. +2 −2 examples/ssl_uc2.rb
  2. +4 −1 examples/ssl_uc3.rb
  3. +3 −3 examples/ssl_uc4.rb
  4. +6 −2 lib/stomp/connection.rb
  5. +5 −4 lib/stomp/sslparams.rb
  6. +3 −3 test/test_ssl.rb
View
@@ -6,8 +6,8 @@
#
# SSL Use Case 2
#
-ssl_opts = Stomp::SSLParams.new(:key_file => "/home/gmallard/hext/misc.code/ruby-misc/sslsamps/client.key",
- :cert_file => "/home/gmallard/hext/misc.code/ruby-misc/sslsamps/client.crt")
+ssl_opts = Stomp::SSLParams.new(:key_file => "/home/gmallard/sslwork/client.key",
+ :cert_file => "/home/gmallard/sslwork/client.crt")
#
hash = { :hosts => [
{:login => 'guest', :passcode => 'guest', :host => 'localhost', :port => 61612, :ssl => ssl_opts},
View
@@ -6,7 +6,10 @@
#
# SSL Use Case 3
#
-ssl_opts = Stomp::SSLParams.new(:ts_file => "/home/gmallard/hext/misc.code/ruby-misc/sslsamps/TestCA.crt")
+ts_flist = []
+ts_flist << "/home/gmallard/sslwork/TestCA.crt"
+ts_flist << "/home/gmallard/hext/misc.code/ruby-misc/sslsamps/TestCA.crt"
+ssl_opts = Stomp::SSLParams.new(:ts_files => ts_flist.join(","))
#
hash = { :hosts => [
{:login => 'guest', :passcode => 'guest', :host => 'localhost', :port => 61612, :ssl => ssl_opts},
View
@@ -6,9 +6,9 @@
#
# SSL Use Case 4
#
-ssl_opts = Stomp::SSLParams.new(:key_file => "/home/gmallard/hext/misc.code/ruby-misc/sslsamps/client.key",
- :cert_file => "/home/gmallard/hext/misc.code/ruby-misc/sslsamps/client.crt",
- :ts_file => "/home/gmallard/hext/misc.code/ruby-misc/sslsamps/TestCA.crt")
+ssl_opts = Stomp::SSLParams.new(:key_file => "/home/gmallard/sslwork/client.key",
+ :cert_file => "/home/gmallard/sslwork/client.crt",
+ :ts_files => "/home/gmallard/sslwork/TestCA.crt")
#
hash = { :hosts => [
{:login => 'guest', :passcode => 'guest', :host => 'localhost', :port => 61612, :ssl => ssl_opts},
View
@@ -637,10 +637,14 @@ def open_ssl_socket
if @ssl != true # SSLParams
# Server authentication parameters if required
- if @ssl.ts_file
+ if @ssl.ts_files
ctx.verify_mode = OpenSSL::SSL::VERIFY_PEER
truststores = OpenSSL::X509::Store.new
- truststores.add_file(@ssl.ts_file)
+ fl = @ssl.ts_files.split(",")
+ fl.each do |fn|
+ # Add next cert file listed
+ truststores.add_file(fn)
+ end
ctx.cert_store = truststores
end
View
@@ -7,9 +7,9 @@ module Stomp
# Parameters for STOMP ssl connections.
#
class SSLParams
- # The trust store file. Normally the certificate of the CA that signed
- # the server's certificate.
- attr_accessor :ts_file
+ # The trust store files. Normally the certificate of the CA that signed
+ # the server's certificate. One file name, or a CSV list of file names.
+ attr_accessor :ts_files
# The client certificate file.
attr_accessor :cert_file
# The client private key file.
@@ -23,7 +23,8 @@ class SSLParams
def initialize(opts={})
# Server authentication parameters
- @ts_file = opts[:ts_file] # A trust store file, normally a CA's cert
+ @ts_files = opts[:ts_files] # A trust store file, normally a CA's cert
+ # or a CSV list of cert file names
# Client authentication parameters
@cert_file = opts[:cert_file] # Client cert
View
@@ -22,7 +22,7 @@ def test_ssl_0000
#
def test_ssl_0010
ssl_params = Stomp::SSLParams.new
- assert ssl_params.ts_file.nil?
+ assert ssl_params.ts_files.nil?
assert ssl_params.cert_file.nil?
assert ssl_params.key_file.nil?
end
@@ -39,10 +39,10 @@ def test_ssl_0020
ssl_parms = Stomp::SSLParams.new(:cert_file => "dummy1", :key_file => "dummy2")
}
assert_nothing_raised {
- ssl_parms = Stomp::SSLParams.new(:ts_file => "dummyts1")
+ ssl_parms = Stomp::SSLParams.new(:ts_files => "dummyts1")
}
assert_nothing_raised {
- ssl_parms = Stomp::SSLParams.new(:ts_file => "dummyts1", :cert_file => "dummy1", :key_file => "dummy2")
+ ssl_parms = Stomp::SSLParams.new(:ts_files => "dummyts1", :cert_file => "dummy1", :key_file => "dummy2")
}
end

0 comments on commit 1c0a64c

Please sign in to comment.