Mike Wernsing wrote:
>> > server.options["protocol.http.ssl_config.verify_mode"] = nil
> 
>> if the certificate (.crt) , I don't understanding how do you 've a
>> variable named "server" with an options hash..
> 
> Hopefully this may clarify,
> 
> wsdl = 'https://some.com/something.wsl'
> factory = SOAP::WSDLDriverFactory.new( wsdl )
> drv = factory.create_rpc_driver
> drv.options[ 'protocol.http.ssl_config.ca_file' ] = nil
> 
> alternatively:
> 
> drv.options['protocol.http.ssl_config.verify_mode'] = 
> openSSL::SSL::VERIFY_NONE
> 
> some other possibly useful options:
> 
> drv.options['protocol.http.ssl_config.verify_mode'] = 
> OpenSSL::SSL::VERIFY_PEER
> drv.options['protocol.http.ssl_config.ca_file'] = 'api_cert_chain.crt'
> drv.options['protocol.http.ssl_config.client_cert'] = 'client.cert'
> drv.options['protocol.http.ssl_config.client_key'] = 'client.keys'


Should be noted that the above actually does not checks the actual 
server (peer) certificate. It only validates that the peer certificate 
is signed by / issued by the 'api_cert_chain.crt'.

To actually validate the server cert use :
drv.options['protocol.http.ssl_config.verify_callback'] = 
method(:validate_certificate)

where method validate_certificate looks like:

def validate_certificate(is_ok, ctx)
  cert = ctx.current_cert

  # Only check the server certificate, not the issuer
  unless (cert.subject.to_s == cert.issuer.to_s)
    is_ok &&= File.open('server_cert.pem').read == 
ctx.current_cert.to_pem
  end
  is_ok
end


emil

-- 
Posted via http://www.ruby-forum.com/.