ruby - OpenSSL::SSL::SSLContext SNI servername_cb Not Working -
as referenced in openssl::x509::certificate showing certificate wrong domain, need use tlsv1 or above and server name indication extension.
even ssl_version
, servername_cb
set via sslcontext
, i'm still getting wrong certificate myproair.com
.
begin timeout(1) tcp_client = tcpsocket.new("#{instance["domain"]}", 443) ssl_context = openssl::ssl::sslcontext.new() ssl_context.ssl_version = :tlsv1 ssl_context.servername_cb = "https://#{instance["domain"]}" ssl_client = openssl::ssl::sslsocket.new(tcp_client, ssl_context) ssl_client.connect cert = openssl::x509::certificate.new(ssl_client.peer_cert) ssl_client.sysclose tcp_client.close #http://ruby-doc.org/stdlib-2.0/libdoc/openssl/rdoc/openssl/x509/certificate.html date = date.parse((cert.not_after).to_s) row.push("#{date.strftime('%f')} #{cert.signature_algorithm} #{cert.subject.to_a.select{|name, _, _| name == 'cn' }.first[1]}".downcase.ljust(57)) end rescue socketerror row.push("down".ljust(57)) rescue errno::econnrefused row.push("connection refused".ljust(57)) rescue errno::econnreset row.push("connection reset".ljust(57)) rescue timeout::error row.push("no 443 listener".ljust(57)) rescue openssl::ssl::sslerror row.push("bad certificate - ssl error".ljust(57)) rescue exception => ex row.push("error: #{ex.class} #{ex.message}".ljust(57)) end
how set server name in ruby 2.0 on os x?
$ ruby --version ruby 2.0.0p481 (2014-05-08 revision 45883) [universal.x86_64-darwin14] $ openssl version openssl 0.9.8zc 15 oct 2014
naturally use undocumented 'hostname' method openssl::sslsocket!
tcp_client = tcpsocket.new("#{instance["domain"]}", 443) ssl_context = openssl::ssl::sslcontext.new() ssl_context.ssl_version = :tlsv1 ssl_client = openssl::ssl::sslsocket.new(tcp_client, ssl_context) ssl_client.hostname = instance["domain"] ssl_client.connect cert = openssl::x509::certificate.new(ssl_client.peer_cert) ssl_client.sysclose tcp_client.close
i discovered here while writing code similar goal.
Comments
Post a Comment