thr3ads.net - Rails - Doing Webrick+SSL+Rails [Jan 2005]

If this information is useful, please help other people find it:
Share via:

leon breedt

2005-Jan-25 03:55 UTC

Doing Webrick+SSL+Rails

Hi,

I thought some people may find this useful (I''m busy with a web
application that requires SSL client cert authentication for my own
custom CA), so I''ve attached the changes I made to script/server to do
it.

If you don''t require the client cert auth, remove SSLVerifyDepth and
change SSLVerifyClient to have only ::OpenSSL::SSL::VERIFY_NONE

Its not pretty, but you get the general idea.

Leon


_______________________________________________
Rails mailing list
Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org
http://lists.rubyonrails.org/mailman/listinfo/rails

Dick Davies

2005-Jan-26 11:27 UTC

head link

Re: Doing Webrick+SSL+Rails

* leon breedt <bitserf-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> [0155
03:55]:> Hi,
> 
> I thought some people may find this useful (I''m busy with a web
> application that requires SSL client cert authentication for my own
> custom CA), so I''ve attached the changes I made to script/server
to do
> it.
> 
> If you don''t require the client cert auth, remove SSLVerifyDepth
and
> change SSLVerifyClient to have only ::OpenSSL::SSL::VERIFY_NONE
> 
> Its not pretty, but you get the general idea.
Thanks leon, that looks really useful.

It doesn''t seem to use anything except the standard ruby1.8 libs -
I wonder whether it''s worth setting up some flags to script/server to
support
it as a command line option?

Not sure how to support that cleanly without a slightly cumbersome slew of extra
flags though....
> --- server	2005-01-25 16:53:41.976187944 +1300
> +++ server-ssl.new	2005-01-25 16:54:16.658915368 +1300
> @@ -4,7 +4,7 @@
>  require ''optparse''
>  
>  OPTIONS = {
> -  :port        => 3000,
> +  :port        => 3001,
>    :ip          => "127.0.0.1",
>    :environment => "development",
>    :server_root => File.expand_path(File.dirname(__FILE__) +
"/../public/"),
> @@ -45,6 +45,26 @@
>  ENV["RAILS_ENV"] = OPTIONS[:environment]
>  require File.dirname(__FILE__) + "/../config/environment"
>  require ''webrick_server''
> +require ''webrick/https''
>  
> -puts "=> Rails application started on
http://#{OPTIONS[:ip]}:#{OPTIONS[:port]}"
> -DispatchServlet.dispatch(OPTIONS)
> +class SSLDispatchServlet < DispatchServlet
> +  def self.dispatch(options)
> +    Socket.do_not_reverse_lookup = true # patch for OS X
> +    server = WEBrick::HTTPServer.new(
> +      :Port            => options[:port].to_i,
> +      :ServerType      => options[:server_type],
> +      :BindAddress     => options[:ip],
> +      :SSLEnable       => true,
> +      :SSLVerifyClient => ::OpenSSL::SSL::VERIFY_PEER |
::OpenSSL::SSL::VERIFY_FAIL_IF_NO_PEER_CERT,
> +      :SSLVerifyDepth  => 2,
> +      :SSLCACertificateFile => File.dirname(__FILE__) +
"/xxx-my-ca.crt",
> +      :SSLPrivateKey   =>
::OpenSSL::PKey::RSA.new(File.read(File.dirname(__FILE__) +
"/xxx.my.server.key")),
> +      :SSLCertificate  =>
::OpenSSL::X509::Certificate.new(File.read(File.dirname(__FILE__) +
"/xxx.my.server.crt")))
> +    server.mount(''/'', DispatchServlet, options)
> +    trap("INT") { server.shutdown }
> +    server.start
> +  end
> +end
> +
> +puts "=> Rails application started on
https://#{OPTIONS[:ip]}:#{OPTIONS[:port]}"
> +SSLDispatchServlet.dispatch(OPTIONS)
> _______________________________________________
> Rails mailing list
> Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org
> http://lists.rubyonrails.org/mailman/listinfo/rails

-- 
''The old ''give em a Linux box and they think they''re
Jean-Luc Picard'' syndrome.''
		-- Pete Bentley
Rasputin :: Jack of All Trades - Master of Nuns

Rails - Jan 2005 - Doing Webrick+SSL+Rails

Doing Webrick+SSL+Rails

Re: Doing Webrick+SSL+Rails