HTTPClient problem with SSL and ruby 1.8.7

< ^ > P N |<>|^_>< --- | ~ ...Help
Hello,

I cannot get the 'https://www.rsa.com' when accessing with SSL as in the
sample on this page (http://dev.ctor.org/doc/httpclient/).


The sample is :

uri='https://www.rsa.com'
client = HTTPClient.new()
client.get(uri).content

And I get the frame :

at depth 3 - 20: unable to get local issuer certificate
gems/1.8/gems/httpclient-2.1.5.2/lib/httpclient/session.rb:247:in
`connect': SSL_connect returned=1 errno=0 state=SSLv3 read server
certificate B: certificate verify failed (OpenSSL::SSL::SSLError)
        from gems/httpclient-2.1.5.2/lib/httpclient/session.rb:247:in
`ssl_connect'
        from gems/httpclient-2.1.5.2/lib/httpclient/session.rb:639:in
`connect'
        from gems/httpclient-2.1.5.2/lib/httpclient/timeout.rb:128:in
`timeout'
        from
gems/1.8/gems/httpclient-2.1.5.2/lib/httpclient/session.rb:631:in
`connect'
        from gems/httpclient-2.1.5.2/lib/httpclient/session.rb:522:in
`query'
        from gems/httpclient-2.1.5.2/lib/httpclient/session.rb:147:in
`query'
        from gems/httpclient-2.1.5.2/lib/httpclient.rb:953:in
`do_get_block'
        from gems/httpclient-2.1.5.2/lib/httpclient.rb:765:in
`do_request'
        from gems/httpclient-2.1.5.2/lib/httpclient.rb:848:in
`protect_keep_alive_disconnected'
        from gems/httpclient-2.1.5.2/lib/httpclient.rb:764:in
`do_request'
        from gems/httpclient-2.1.5.2/lib/httpclient.rb:666:in `request'
        from gems/httpclient-2.1.5.2/lib/httpclient.rb:591:in `get'

So I get the certificate by Export from IE6 on a WINXP box and try with
this sample on Linux box:

uri='https://www.rsa.com'
ca='./RSACorporateCA.cer'
client = HTTPClient.new()
client.ssl_config.set_trust_ca(ca)
client.get(uri).content

with the same result and the same frame.


I try also on another url ('https://login.yahoo.com/config/login?') and
it fails
but it works if i add the good certificate
('EquifaxSecureCertificateAuthorith.cer')


So i try to access the rsa site with wget 1.11.4 and it works without
giving any certificate only for TLSv1 or SSLv3 protocol ('wget
--secure-protocol=TLSv1 https://www.rsa.com'). It doesn't work with
SSLv1 and SSLv2.

So i check the protocol exchange with Wireshark an see those exchange
with a success in wget :
  https SSL   Client Hello
  https TLSv1 Server Hello
  https TLSv1 Client key exchange ...
  https TLSv1 Change Cipher Spec
  https TLSv1 Application Data
  ...

With the Ruby sample i have :
  https SSLv2 Client Hello
  https TLSv1 Server Hello
  https TLSv1 Alert Level Fatal

So it seems that the sample with the Ruby openssl library send a 'Client
Hello' message in SSLv2 protocol which doesn't work with wget.

So i try to adjust the sample by setting SSL options with

 client.ssl_config.options=OpenSSL::SSL::OP_NO_SSLv2

but it fails with the same frame error.


My old environnement is :

  ruby 1.8.7 (2008-05-31 patchlevel 0) [i686-linux]
  httpclient-2.1.5.2
  OpenSSL 0.9.7a Feb 19 2003
  Linux 2.6.5-1.358 #1 Sat May 8 09:04:50 EDT 2004 i686 i686 i386
GNU/Linux



So the question is : What i am doing wrong ?


Regards.
-- 
Posted via http://www.ruby-forum.com/.