Hi,
Anyone have any pointers to documentation, notes, info, or if none of
that, code showing examples of using OpenSSL in Ruby, in particular
memory BIO input/output for SSL/TLS sessions? Searches turn up plenty
of C code, but dearth of Ruby code. I'd like to be able to establish
an SSL or TLS session using memory IO (no sockets, no file IO).
Wondering,
Aaron out.
Anyone have any pointers to documentation, notes, info, or if none of
that, code showing examples of using OpenSSL in Ruby, in particular
memory BIO input/output for SSL/TLS sessions? Searches turn up plenty
of C code, but dearth of Ruby code. I'd like to be able to establish
an SSL or TLS session using memory IO (no sockets, no file IO).Wondering,
Aaron out.
Hi Aaron,
you might want to take a look at
http://www.rubyinside.com/how-to-cure-nethttps-risky-default-https-behavior-4010.html
HTH,
Elise
I have written introductory documentation for OpenSSL, but it is only in ruby trunk.
You can read it here:
https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl.c#L409
I don't know much about openssl beyond learning enough to write this documentation, so I would appreciate feedback.
If there's something I missed please tell me so I can learn it and add it.
On Dec 10, 2010, at 16:51, Aaron D. Gifford wrote:
Anyone have any pointers to documentation, notes, info, or if none of
that, code showing examples of using OpenSSL in Ruby, in particular
memory BIO input/output for SSL/TLS sessions? Searches turn up plenty
of C code, but dearth of Ruby code. I'd like to be able to establish
an SSL or TLS session using memory IO (no sockets, no file IO).
There's nothing specifically about using memory IO, but the
samples/openssl/ directory in the Ruby source has some good generic
examples of how the pieces fit together.
I've also found Eric Hodel's OpenSSL-related stuff to be a good source
for how to use it, albeit with sockets and files, e.g.,:
http://segment7.net/projects/ruby/QuickCert/
http://segment7.net/projects/ruby/drb/DRbSSL/
Looking at the openssl ext source, I don't see a way to create a raw
memory source/sink, but OpenSSL::Session.new with a string creates one
to hold the encoded session, so maybe it'd be easy to add that. To be
honest, I'm not entirely sure what it means to "establish a[...] session
using memory IO", so I could be entirely misguided.
Good luck!
On 12/10/10 4:51 PM, Aaron D. Gifford wrote:
Anyone have any pointers to documentation, notes, info, or if none of
that, code showing examples of using OpenSSL in Ruby, in particular
memory BIO input/output for SSL/TLS sessions? Searches turn up plenty
of C code, but dearth of Ruby code. I'd like to be able to establish
an SSL or TLS session using memory IO (no sockets, no file IO).
--
Michael Granger <ged@FaerieMUD.org>
Rubymage, Architect, Believer
The FaerieMUD Consortium <http://FaerieMUD.org/>
Do you mean a wrapper for http://www.openssl.org/docs/crypto/bio.html# ?
I don't think ruby's OpenSSL wrapper supports that at this time. (I need to get to a real computer to know for sure.)
On Dec 10, 2010, at 16:51, "Aaron D. Gifford" <astounding@gmail.com> wrote:
Anyone have any pointers to documentation, notes, info, or if none of
that, code showing examples of using OpenSSL in Ruby, in particular
memory BIO input/output for SSL/TLS sessions? Searches turn up plenty
of C code, but dearth of Ruby code. I'd like to be able to establish
an SSL or TLS session using memory IO (no sockets, no file IO).
Thank you for the pointers everyone.
Yes, Eric, the bio I/O abstraction is what I am looking for in Ruby.
And yes Michael, a raw memory source/sink is what I meant.
For example, I have two Ruby objects that communicate over a
bidirectional memory FIFO pipe. For reasons I don't care to explain,
I would like to initiate an SSL/TLS session over that pipe, but I need
to handle all I/O directly since I will be muxing/demuxing the SSL/TLS
traffic with other unencrypted traffic over the single channel. The
ability to start and stop arbitrary numbers of SSL/TLS encrypted
streams at will is desirable.
If anyone thinks of any more, please post them. 
Aaron out.
Aaron D. Gifford wrote in post #968472:
For example, I have two Ruby objects that communicate over a
bidirectional memory FIFO pipe. For reasons I don't care to explain,
I would like to initiate an SSL/TLS session over that pipe, but I need
to handle all I/O directly since I will be muxing/demuxing the SSL/TLS
traffic with other unencrypted traffic over the single channel. The
ability to start and stop arbitrary numbers of SSL/TLS encrypted
streams at will is desirable.If anyone thinks of any more, please post them.
You could create a SocketPair, and demux the TLS stuff into that. You
would need to beware of it blocking, so perhaps run the TLS stuff in a
separate thread.
For regular TLS using a socket, ruby openssl is pretty simple. There's
code in ruby-ldapserver which does it.
--
Posted via http://www.ruby-forum.com/\.
Thanks, Brian. Sadly, I require non-blocking I/O and a
single-threaded app. I'm debating now whether or not to write a bio
wrapper Ruby extension in C and use that... *sigh*
Aaron out.
On Wed, Dec 15, 2010 at 8:14 AM, Brian Candler <b.candler@pobox.com> wrote:
You could create a SocketPair, and demux the TLS stuff into that. You
would need to beware of it blocking, so perhaps run the TLS stuff in a
separate thread.For regular TLS using a socket, ruby openssl is pretty simple. There's
code in ruby-ldapserver which does it.
If you do this, please let me know. I can help integrate it into Ruby's OpenSSL binding.
On Dec 15, 2010, at 12:16, Aaron D. Gifford wrote:
On Wed, Dec 15, 2010 at 8:14 AM, Brian Candler <b.candler@pobox.com> wrote:
You could create a SocketPair, and demux the TLS stuff into that. You
would need to beware of it blocking, so perhaps run the TLS stuff in a
separate thread.For regular TLS using a socket, ruby openssl is pretty simple. There's
code in ruby-ldapserver which does it.Thanks, Brian. Sadly, I require non-blocking I/O and a
single-threaded app. I'm debating now whether or not to write a bio
wrapper Ruby extension in C and use that... *sigh*
