-
Notifications
You must be signed in to change notification settings - Fork 150
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Certificate verification not working correctly? #26
Comments
Hi Rolle I'm having a bit of a time getting this working too http://www.ruby-forum.com/topic/1490195#992494 If I get any answers, I'll let you know Can you post up your entire code? |
Hi, try request.auth.ssl.ca_cert_file = "certfile" instead of request.auth.ssl.cert_file = "certfile" |
In order to get ssl auth working with :peer set and only using a ca_cert_file was to use Rolle's fix, and also remove the ? at the end of line 70 setup_ssl_auth request.auth.ssl if request.auth.ssl? becomes setup_ssl_auth request.auth.ssl if request.auth.ssl |
When using ruby 1.9.2, net/https and a ca_cert_file the following prevented the 'certificate verify failed' error:
|
@ft51's change works to fix the problem for me. +1 |
released v0.9.6 which should fix this issue. |
Even with v0.9.6, I had to use the two fixes mentioned by mjdavies and Rolle in order to get this to work. That is, use: client.ssl_config.set_trust_ca(ssl.ca_cert_file) if ssl.ca_cert_file and setup_ssl_auth request.auth.ssl if request.auth.ssl |
Hi,
if using client authentication with ssl certificates there seems a problem when verifying the
servers ssl CA certificates (using httpclient).
The root CA certficate is set like
http.auth.ssl.ca_cert_file='db_root_ca_7.pem'
But in httpclient.rb it is set to client_ca (in httpclient adapater):
client.ssl_config.client_ca = ssl.ca_cert if ssl.ca_cert_file
When i correct this to
client.ssl_config.set_trust_ca(ssl.ca_cert_file) if ssl.ca_cert_file
it works as expected and the CA file is used to verify the servers certificate.
Regards,
Roland
The text was updated successfully, but these errors were encountered: