如何用net/http验证ruby中的SSL证书链
如何用net/http验证ruby中的SSL证书链
提问于 2010-03-24 21:17:52
如何在ruby中使用net/http验证https://processing.ukash.com/这样的站点的证书?
https = Net::HTTP.new('processing.ukash.com', 443)
https.use_ssl = true
https.verify_mode = OpenSSL::SSL::VERIFY_NONE到目前为止工作正常,但是我现在如何验证它是正确的证书呢?我在firefox中保存了证书,但生成的.pem文件中有许多证书,而且net/http似乎不喜欢它。
回答 2
Stack Overflow用户
发布于 2010-04-13 15:52:27
从我的代码片段集合中:
#!/usr/bin/env ruby
# How to:
# =======
# Use Ruby's net/https library, to verify a SSL certificate.
# ==========================================================
# - Without verification the following code will lead to:
# warning: peer certificate won't be verified in this SSL session
#
# #------------------begin example-----------------------------
# require 'net/http'
# require 'net/https'
# require 'uri'
#
# url = URI.parse 'https://myname:mypass@mail.google.com/'
# http = Net::HTTP.new(url.host, url.port)
# http.use_ssl = (url.scheme == 'https')
# request = Net::HTTP::Get.new(url.path)
# request.basic_auth url.user, url.password
# response = http.request(request)
# #-------------------end example------------------------------
#
# To verify the ssl cert cosider adapting the following.
# Status: Untested
# =======
#
# References:
# ===========
# [1] http://mimori.org/%7Eh/tdiary/20080301.html#p03
# [2] http://redcorundum.blogspot.com/2008/03/ssl-certificates-and-nethttps.html
#
require 'net/http'
require 'net/https'
require 'uri'
RootCA = '/etc/ssl/certs'
url = URI.parse 'https://myname:mypass@mail.google.com/'
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = (url.scheme == 'https')
if (File.directory?(RootCA) && http.use_ssl?)
http.ca_path = RootCA
http.verify_mode = OpenSSL::SSL::VERIFY_PEER
http.verify_depth = 5
else
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
end
request = Net::HTTP::Get.new(url.path)
request.basic_auth url.user, url.password
response = http.request(request)希望这能有所帮助?
Stack Overflow用户
发布于 2017-01-31 07:00:06
为了完整起见,也为了我未来的我,这是我做的一个小宝石:https://github.com/jarthod/ssl-test
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/2507902
复制相关文章
相似问题