OpenSSL , SOAP4R

[Ze Maria]

Hi guys,
Does someone knows how to use certificates with SOAP::WSDLDriverFactory
?
for example, to generate a driver from a url like:
https://some.com/something.wsl

Tks in advance
Ze Maria

 

[Justin Mazzi]

Hi guys,
Does someone knows how to use certificates with SOAP::WSDLDriverFactory
?
for example, to generate a driver from a url like:
https://some.com/something.wsl

Tks in advance
Ze Maria

If you don't have the CA, you can do:

server.options["protocol.http.ssl_config.verify_mode"] = nil

Or are you referring to use CERTS to authenticate?

 

[Emil Marceta]

server.options["protocol.http.ssl_config.verify_mode"] = nil

if the certificate (.crt) , I don't understanding how do you 've a
variable named "server" with an options hash..

Hopefully this may clarify,

wsdl = 'https://some.com/something.wsl'
factory = SOAP::WSDLDriverFactory.new( wsdl )
drv = factory.create_rpc_driver
drv.options[ 'protocol.http.ssl_config.ca_file' ] = nil

alternatively:

drv.options['protocol.http.ssl_config.verify_mode'] =
openSSL::SSL::VERIFY_NONE

some other possibly useful options:

drv.options['protocol.http.ssl_config.verify_mode'] =
OpenSSL::SSL::VERIFY_PEER
drv.options['protocol.http.ssl_config.ca_file'] = 'api_cert_chain.crt'
drv.options['protocol.http.ssl_config.client_cert'] = 'client.cert'
drv.options['protocol.http.ssl_config.client_key'] = 'client.keys'

Should be noted that the above actually does not checks the actual
server (peer) certificate. It only validates that the peer certificate
is signed by / issued by the 'api_cert_chain.crt'.

To actually validate the server cert use :
drv.options['protocol.http.ssl_config.verify_callback'] =
methodvalidate_certificate)

where method validate_certificate looks like:

def validate_certificate(is_ok, ctx)
cert = ctx.current_cert

# Only check the server certificate, not the issuer
unless (cert.subject.to_s == cert.issuer.to_s)
is_ok &&= File.open('server_cert.pem').read ==
ctx.current_cert.to_pem
end
is_ok
end


emil