ruby - OpenSSL::SSL::SSLContext SNI servername_cb Not Working -


as referenced in openssl::x509::certificate showing certificate wrong domain, need use tlsv1 or above and server name indication extension.

even ssl_version , servername_cb set via sslcontext, i'm still getting wrong certificate myproair.com.

  begin      timeout(1)       tcp_client = tcpsocket.new("#{instance["domain"]}", 443)       ssl_context = openssl::ssl::sslcontext.new()       ssl_context.ssl_version = :tlsv1       ssl_context.servername_cb = "https://#{instance["domain"]}"       ssl_client = openssl::ssl::sslsocket.new(tcp_client, ssl_context)       ssl_client.connect       cert = openssl::x509::certificate.new(ssl_client.peer_cert)       ssl_client.sysclose       tcp_client.close       #http://ruby-doc.org/stdlib-2.0/libdoc/openssl/rdoc/openssl/x509/certificate.html       date = date.parse((cert.not_after).to_s)       row.push("#{date.strftime('%f')} #{cert.signature_algorithm} #{cert.subject.to_a.select{|name, _, _| name == 'cn' }.first[1]}".downcase.ljust(57))     end   rescue socketerror     row.push("down".ljust(57))   rescue errno::econnrefused     row.push("connection refused".ljust(57))   rescue errno::econnreset     row.push("connection reset".ljust(57))   rescue timeout::error     row.push("no 443 listener".ljust(57))   rescue openssl::ssl::sslerror     row.push("bad certificate - ssl error".ljust(57))   rescue exception => ex     row.push("error: #{ex.class} #{ex.message}".ljust(57))   end 

how set server name in ruby 2.0 on os x?


$ ruby --version ruby 2.0.0p481 (2014-05-08 revision 45883) [universal.x86_64-darwin14]  $ openssl version openssl 0.9.8zc 15 oct 2014 

naturally use undocumented 'hostname' method openssl::sslsocket!

tcp_client = tcpsocket.new("#{instance["domain"]}", 443) ssl_context = openssl::ssl::sslcontext.new() ssl_context.ssl_version = :tlsv1 ssl_client = openssl::ssl::sslsocket.new(tcp_client, ssl_context) ssl_client.hostname = instance["domain"] ssl_client.connect cert = openssl::x509::certificate.new(ssl_client.peer_cert) ssl_client.sysclose tcp_client.close 

i discovered here while writing code similar goal.


Comments

Popular posts from this blog

c++ - Difference between pre and post decrement in recursive function argument -

php - Nothing but 'run(); ' when browsing to my local project, how do I fix this? -

php - How can I echo out this array? -