How to verify the SSL connection when calling an URI?

Posted by robertokl on Stack Overflow See other posts from Stack Overflow or by robertokl
Published on 2010-04-30T12:21:19Z Indexed on 2010/04/30 12:27 UTC
Read the original article Hit count: 361

Filed under:
|
|
|

Hello,
I am developing an web application that is authenticated using CAS (A single-sign-on solution: http://www.ja-sig.org/wiki/display/CAS/Home).

For security reasons, I need two things to work:

  • The communication between CAS and my application needs to be secure
  • My application needs to accept the certification coming with CAS, so that I can guarantee that the CAS responding is the real CAS Server.

This is what I got so far:

uri = URI.parse("https://www.google.com/accounts")
https = Net::HTTP.new(uri.host, uri.port)
https.use_ssl = (uri.scheme == 'https')
https.verify_mode = (OpenSSL::SSL::VERIFY_PEER)
raw_res = https.start do |conn|
  conn.get("#{uri.path}?#{uri.query}")
end

This works just great in my Mac OSX. When I try to reach an insecure uri, it raises an exception, and when I try to reach a secure uri, it allow me normally, just like expected.

The problem starts when I deploy my application on my Linux server. I tried in both Ubuntu and Red Hat. Independing of what uri I try to reach, it always raises me this exception:

OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
    from /usr/local/lib/ruby/1.8/net/http.rb:586:in `connect'
    from /usr/local/lib/ruby/1.8/net/http.rb:586:in `connect'
    from /usr/local/lib/ruby/1.8/net/http.rb:553:in `do_start'
    from /usr/local/lib/ruby/1.8/net/http.rb:542:in `start'
    from (irb):7

I think this have something to do with my installed OpenSSL package, but I can't be sure. This are my installed OpenSSL packages:

openssl.x86_64                              0.9.8e-12.el5              installed
openssl-devel.x86_64                        0.9.8e-12.el5              installed

I tried using HTTParty as well, but it just ignores the SSL certificated.

I hope someone can help me, either by telling me a gem that works the way I need.

Thanks.

© Stack Overflow or respective owner

Related posts about ruby-on-rails

Related posts about ruby