OpenSSL , SOAP4R

Hi guys,
Does someone knows how to use certificates with SOAP::WSDLDriverFactory
?
for example, to generate a driver from a url like:
https://some.com/something.wsl

Tks in advance
Ze Maria

Ze Maria wrote:

Hi guys,
Does someone knows how to use certificates with SOAP::WSDLDriverFactory
?
for example, to generate a driver from a url like:
https://some.com/something.wsl

Tks in advance
Ze Maria

If you don't have the CA, you can do:

server.options["protocol.http.ssl_config.verify_mode"] = nil

Or are you referring to use CERTS to authenticate?

Justin Mazzi wrote:

Ze Maria wrote:

Hi guys,
Does someone knows how to use certificates with SOAP::WSDLDriverFactory
?
for example, to generate a driver from a url like:
https://some.com/something.wsl

Tks in advance
Ze Maria

If you don't have the CA, you can do:

server.options["protocol.http.ssl_config.verify_mode"] = nil

Or are you referring to use CERTS to authenticate?

if the certificate (.crt) , I don't understanding how do you 've a
variable named "server" with an options hash..

Tks
Ze Maria

> server.options["protocol.http.ssl_config.verify_mode"] = nil

if the certificate (.crt) , I don't understanding how do you 've a
variable named "server" with an options hash..

Hopefully this may clarify,

wsdl = 'https://some.com/something.wsl'
factory = SOAP::WSDLDriverFactory.new( wsdl )
drv = factory.create_rpc_driver
drv.options[ 'protocol.http.ssl_config.ca_file' ] = nil

alternatively:

drv.options['protocol.http.ssl_config.verify_mode'] = openSSL::SSL::VERIFY_NONE

some other possibly useful options:

drv.options['protocol.http.ssl_config.verify_mode'] = OpenSSL::SSL::VERIFY_PEER
drv.options['protocol.http.ssl_config.ca_file'] = 'api_cert_chain.crt'
drv.options['protocol.http.ssl_config.client_cert'] = 'client.cert'
drv.options['protocol.http.ssl_config.client_key'] = 'client.keys'

This is good stuff! What would be a good link to have found this for
myself? Thanks!

Mike B.

Mike Wernsing wrote:

> server.options["protocol.http.ssl_config.verify_mode"] = nil

if the certificate (.crt) , I don't understanding how do you 've a
variable named "server" with an options hash..

Hopefully this may clarify,

wsdl = 'https://some.com/something.wsl'
factory = SOAP::WSDLDriverFactory.new( wsdl )
drv = factory.create_rpc_driver
drv.options[ 'protocol.http.ssl_config.ca_file' ] = nil

alternatively:

drv.options['protocol.http.ssl_config.verify_mode'] =
openSSL::SSL::VERIFY_NONE

some other possibly useful options:

drv.options['protocol.http.ssl_config.verify_mode'] =
OpenSSL::SSL::VERIFY_PEER
drv.options['protocol.http.ssl_config.ca_file'] = 'api_cert_chain.crt'
drv.options['protocol.http.ssl_config.client_cert'] = 'client.cert'
drv.options['protocol.http.ssl_config.client_key'] = 'client.keys'

Should be noted that the above actually does not checks the actual
server (peer) certificate. It only validates that the peer certificate
is signed by / issued by the 'api_cert_chain.crt'.

To actually validate the server cert use :
drv.options['protocol.http.ssl_config.verify_callback'] =
method(:validate_certificate)

where method validate_certificate looks like:

def validate_certificate(is_ok, ctx)
  cert = ctx.current_cert

  # Only check the server certificate, not the issuer
  unless (cert.subject.to_s == cert.issuer.to_s)
    is_ok &&= File.open('server_cert.pem').read ==
ctx.current_cert.to_pem
  end
  is_ok
end

emil

This is good stuff! What would be a good link to have found this for
myself? Thanks!

Might try these:

http://calagenda.berkeley.edu/calendar-ws/sample-code.html

The following describes using wsdl2ruby:
http://www.pranavbihari.com/articles/2005/12/02/testing-paypal-web-services-with-ruby-soap4r