Eventmachine talk - Apr 2008 - Using Ruby''s OpenSSL bindings with EM

How hard would it be to use the Ruby OpenSSL bindings from within
Eventmachine? I''d like to expose the client cert received by the server
to
Ruby using functions that are defined in ossl_x509cert.c which is part of
Ruby''s OpenSSL bindings. (This is part of an effort to make Swiftiply
work
with Puppet.)

I have hacked ssl.cpp to the point where I have SSL_VERIFY_PEER working (so
the client is asked to send a cert and I can call X509_get_subject_name() on
the cert). Now I''d like to pass the *X509 cert handle to something like
ossl_x509_new(X509 *x509) which returns a Ruby VALUE, which in turn could then
be exposed through Eventmachine''s SslBox class (somehow).

Any suggestions would be most welcome.

--
Jos Backus
jos at catnook.com

I''ve been asking for peer verification for months.  Here''s
hoping it
finally gets in!

--Michael

On Thu, Apr 10, 2008 at 12:00 AM, Jos Backus <jos at catnook.com>
wrote:
> How hard would it be to use the Ruby OpenSSL bindings from within
>  Eventmachine? I''d like to expose the client cert received by the
server to
>  Ruby using functions that are defined in ossl_x509cert.c which is part of
>  Ruby''s OpenSSL bindings. (This is part of an effort to make
Swiftiply work
>  with Puppet.)
>
>  I have hacked ssl.cpp to the point where I have SSL_VERIFY_PEER working
(so
>  the client is asked to send a cert and I can call X509_get_subject_name()
on
>  the cert). Now I''d like to pass the *X509 cert handle to
something like
>  ossl_x509_new(X509 *x509) which returns a Ruby VALUE, which in turn could
then
>  be exposed through Eventmachine''s SslBox class (somehow).
>
>  Any suggestions would be most welcome.
>
>  --
>  Jos Backus
>  jos at catnook.com
>  _______________________________________________
>  Eventmachine-talk mailing list
>  Eventmachine-talk at rubyforge.org
>  http://rubyforge.org/mailman/listinfo/eventmachine-talk
>
>

I would suggest opening up a ticket at rubyeventmachine.com to make
sure that this request doesn''t get lost.

Jason

On Thu, Apr 10, 2008 at 11:09 AM, Michael S. Fischer
<michael at dynamine.net> wrote:
> I''ve been asking for peer verification for months. 
Here''s hoping it
>  finally gets in!
>
>  --Michael
>
>
>
>  On Thu, Apr 10, 2008 at 12:00 AM, Jos Backus <jos at catnook.com>
wrote:
>  > How hard would it be to use the Ruby OpenSSL bindings from within
>  >  Eventmachine? I''d like to expose the client cert received
by the server to
>  >  Ruby using functions that are defined in ossl_x509cert.c which is
part of
>  >  Ruby''s OpenSSL bindings. (This is part of an effort to make
Swiftiply work
>  >  with Puppet.)
>  >
>  >  I have hacked ssl.cpp to the point where I have SSL_VERIFY_PEER
working (so
>  >  the client is asked to send a cert and I can call
X509_get_subject_name() on
>  >  the cert). Now I''d like to pass the *X509 cert handle to
something like
>  >  ossl_x509_new(X509 *x509) which returns a Ruby VALUE, which in turn
could then
>  >  be exposed through Eventmachine''s SslBox class (somehow).
>  >
>  >  Any suggestions would be most welcome.
>  >
>  >  --
>  >  Jos Backus
>  >  jos at catnook.com
>  >  _______________________________________________
>  >  Eventmachine-talk mailing list
>  >  Eventmachine-talk at rubyforge.org
>  >  http://rubyforge.org/mailman/listinfo/eventmachine-talk
>  >
>  >
>  _______________________________________________
>  Eventmachine-talk mailing list
>  Eventmachine-talk at rubyforge.org
>  http://rubyforge.org/mailman/listinfo/eventmachine-talk
>