如何使用 SSL 客户端证书获取 HTTPS 请求以与 Ruby EventMachine 配合使用?
我正在尝试使用 Ruby EventMachine 访问使用 SSL 证书身份验证的 HTTPS Web 服务,但我无法使其正常工作。
我编写了以下简单的代码块来对其进行端到端测试:
require 'rubygems'
require 'em-http'
EventMachine.run do
url = 'https://foobar.com/'
ssl_opts = {:private_key_file => '/tmp/private.key',
:cert_chain_file => '/tmp/ca.pem',
:verify_peer => false}
http = EventMachine::HttpRequest.new(url).get :ssl => ssl_opts
http.callback do
p http.response_header.status
p http.response_header
p http.response
EventMachine.stop
end
http.errback do
EventMachine.stop
fail "Request failed"
end
end
运行上述输出 :verify_peer 设置为 true 和 false 来运行,但它给了我同样的错误。运行不带 :ssl 选项的 EventMachine::HttpRequest#get 会产生相同的效果。
我还尝试将请求发送到 GMail (https://mail.google.com),而不使用 :ssl 选项(即没有证书的普通 HTTPS)并且可以工作,输出状态代码 200、标头和正文。
我尝试使用curl对Web服务执行相同的请求并且有效:
curl --silent --cert /tmp/private.key --cacert /tmp/ca.pem https://foobar.com/
我认为我要么错误地使用了em-http-request gem或EventMachine,要么SSL文件的格式适用于curl但不适用于事件机器。
如果有人知道如何解决上面的示例或直接使用 EventMachine 提供类似的示例,将不胜感激!
I am trying to access an HTTPS web service that uses SSL cert authentication using Ruby EventMachine but I am not getting it to work.
I have written the following simple code block to test it end-to-end:
require 'rubygems'
require 'em-http'
EventMachine.run do
url = 'https://foobar.com/'
ssl_opts = {:private_key_file => '/tmp/private.key',
:cert_chain_file => '/tmp/ca.pem',
:verify_peer => false}
http = EventMachine::HttpRequest.new(url).get :ssl => ssl_opts
http.callback do
p http.response_header.status
p http.response_header
p http.response
EventMachine.stop
end
http.errback do
EventMachine.stop
fail "Request failed"
end
end
Running the above outputs <SSL_incomp> followed by the raised RuntimeError message. I have tried running with :verify_peer set to both true and false and it gives me the same error. Running EventMachine::HttpRequest#get without the :ssl option does the same.
I have also tried sending the request to GMail (https://mail.google.com) without the :ssl option (i.e. plain HTTPS without cert) and that works, outputting status code 200, the headers and the body.
I have tried doing the same request to the web service with curl and that works:
curl --silent --cert /tmp/private.key --cacert /tmp/ca.pem https://foobar.com/
I am thinking that I am either using the em-http-request gem or EventMachine incorrectly or that the SSL files are in a format that works with curl but not EventMachine.
I someone knows how to solve the example above or provide a similar example using EventMachine directly would be much appreciated!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
传递给curl的
--cert的文件包含证书和密钥(除非您单独传递--key)。只需使用/tmp/private.key作为:private_key_file和:cert_chain_file的参数,请参阅 http://github.com/eventmachine/eventmachine/issues/#issue/115 了解有关该问题的更多详细信息和暴露潜在错误的补丁(而不是仅仅打印出 SSL_incomp)。
The file passed to curl's
--certcontains both the cert and the key (unless you pass in a--keyseparately). Just use/tmp/private.keyas the argument to both:private_key_fileand:cert_chain_fileSee http://github.com/eventmachine/eventmachine/issues/#issue/115 for more details about the issue and a patch that exposes the underlying error (instead of just printing out SSL_incomp).