SSL communication with Mechanize

[poseid]

In a network with SSL protection, I can work with http by using:

http.verify_mode = OpenSSL::SSL::VERIFY_NONE

However, trying to use Mechanize:

irb(main):033:0> login_page = agent.get(url)
OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3
read server certificate B: certificate verify failed
from /opt/local/lib/ruby/1.8/net/http.rb:586:in `connect'
from /opt/local/lib/ruby/1.8/net/http.rb:586:in `connect'
from /opt/local/lib/ruby/1.8/net/http.rb:553:in `do_start'
from /opt/local/lib/ruby/1.8/net/http.rb:548:in `start'


How would I approach my agent class to find the attributes on SSL.

agent.methods
=> ["to_yaml_style", "inspect", "post_connect_hooks", "open_timeout",
"transact", "tap", "conditional_requests=", "redirection_limit",
"clone", "submit", "public_methods", "object_id", "__send__",
"open_timeout=", "redirect_ok", "instance_variable_defined?",
"redirection_limit=", "proxy_user", "freeze", "equal?", "max_history",
"key", "delete", "cert", "follow_redirect?", "extend", "get",
"redirect_ok=", "follow_meta_refresh", "send",
"pretty_print_instance_variables", "request_with_entity", "methods",
"max_history=", "set_proxy", "key=", "read_timeout", "cert=", "hash",
"follow_meta_refresh=", "request_headers", "dup", "click",
"instance_variables", "to_enum", "cookies", "read_timeout=",
"gzip_enabled", "pretty_print_inspect", "to_yaml", "request_headers=",
"html_parser", "log", "eql?", "to_yaml_properties", "gzip_enabled=",
"verify_callback", "id", "instance_eval", "pretty_inspect",
"html_parser=", "log=", "singleton_methods", "user_agent",
"verify_callback=", "proxy_addr", "pass", "taint",
"instance_variable_get", "frozen?", "enum_for", "auth", "user_agent=",
"keep_alive_time", "display", "instance_of?", "history", "visited?",
"pass=", "method", "to_a", "pre_connect_hooks", "visited_page",
"keep_alive_time=", "history_added", "instance_exec", "type", "page",
"head", "protected_methods", "watch_for_set", "==", "history_added=",
"proxy_pass", "===", "post", "instance_variable_set",
"watch_for_set=", "keep_alive", "respond_to?", "kind_of?", "put",
"pluggable_parser", "to_s", "cookie_jar", "pretty_print_cycle",
"taguri", "keep_alive=", "scheme_handlers", "class", "get_file",
"private_methods", "=~", "tainted?", "__id__", "cookie_jar=",
"ca_file", "back", "taguri=", "current_page", "scheme_handlers=",
"proxy_port", "untaint", "nil?", "ca_file=", "conditional_requests",
"pretty_print", "user_agent_alias=", "basic_auth", "is_a?"]

 

[Richard Conroy]

[Note: parts of this message were removed to make it a legal post.]

In a network with SSL protection, I can work with http by using:

http.verify_mode = OpenSSL::SSL::VERIFY_NONE

However, trying to use Mechanize:

How would I approach my agent class to find the attributes on SSL.

It might help if you were more clear in stating what it is that you want to
achieve,
or what your specific problem is.

Some of the most comprehensive discussion on SSL in Ruby was discussed on
Ola Bini's blog: http://olabini.com (and his older
http://olabini.blogspot.com -
useful articles on both). There are many code examples, as well as a great
writeup
(for any language) on the fundamentals of security/cryptography.

For instance VERIFY_NONE is almost never what you want to do in a secure
environment - its basically the same thing as 'trust all certificates'. If
you
want to use VERIFY_PEER you need to have a local keystore, where you import
cacerts (certificates from certificate authorities) that you can verify your
sites
certificates against.

Also note, that there are alternative HTTP clients, some like Http-client,
Httparty,
Resourceful etc. Which might handle SSL better, or in a more transparent
way.

 

[poseid]

Also note, that there are alternative HTTP clients, some like Http-client,
Httparty,
Resourceful etc. Which might handle SSL better, or in a more transparent
way.

Thanks for providing the references. I'll need to check these.