* leon breedt <bitserf-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> [0155
03:55]:> Hi,
>
> I thought some people may find this useful (I''m busy with a web
> application that requires SSL client cert authentication for my own
> custom CA), so I''ve attached the changes I made to script/server
to do
> it.
>
> If you don''t require the client cert auth, remove SSLVerifyDepth
and
> change SSLVerifyClient to have only ::OpenSSL::SSL::VERIFY_NONE
>
> Its not pretty, but you get the general idea.
Thanks leon, that looks really useful.
It doesn''t seem to use anything except the standard ruby1.8 libs -
I wonder whether it''s worth setting up some flags to script/server to
support
it as a command line option?
Not sure how to support that cleanly without a slightly cumbersome slew of extra
flags though....
> --- server 2005-01-25 16:53:41.976187944 +1300
> +++ server-ssl.new 2005-01-25 16:54:16.658915368 +1300
> @@ -4,7 +4,7 @@
> require ''optparse''
>
> OPTIONS = {
> - :port => 3000,
> + :port => 3001,
> :ip => "127.0.0.1",
> :environment => "development",
> :server_root => File.expand_path(File.dirname(__FILE__) +
"/../public/"),
> @@ -45,6 +45,26 @@
> ENV["RAILS_ENV"] = OPTIONS[:environment]
> require File.dirname(__FILE__) + "/../config/environment"
> require ''webrick_server''
> +require ''webrick/https''
>
> -puts "=> Rails application started on
http://#{OPTIONS[:ip]}:#{OPTIONS[:port]}"
> -DispatchServlet.dispatch(OPTIONS)
> +class SSLDispatchServlet < DispatchServlet
> + def self.dispatch(options)
> + Socket.do_not_reverse_lookup = true # patch for OS X
> + server = WEBrick::HTTPServer.new(
> + :Port => options[:port].to_i,
> + :ServerType => options[:server_type],
> + :BindAddress => options[:ip],
> + :SSLEnable => true,
> + :SSLVerifyClient => ::OpenSSL::SSL::VERIFY_PEER |
::OpenSSL::SSL::VERIFY_FAIL_IF_NO_PEER_CERT,
> + :SSLVerifyDepth => 2,
> + :SSLCACertificateFile => File.dirname(__FILE__) +
"/xxx-my-ca.crt",
> + :SSLPrivateKey =>
::OpenSSL::PKey::RSA.new(File.read(File.dirname(__FILE__) +
"/xxx.my.server.key")),
> + :SSLCertificate =>
::OpenSSL::X509::Certificate.new(File.read(File.dirname(__FILE__) +
"/xxx.my.server.crt")))
> + server.mount(''/'', DispatchServlet, options)
> + trap("INT") { server.shutdown }
> + server.start
> + end
> +end
> +
> +puts "=> Rails application started on
https://#{OPTIONS[:ip]}:#{OPTIONS[:port]}"
> +SSLDispatchServlet.dispatch(OPTIONS)
> _______________________________________________
> Rails mailing list
> Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org
> http://lists.rubyonrails.org/mailman/listinfo/rails
--
''The old ''give em a Linux box and they think they''re
Jean-Luc Picard'' syndrome.''
-- Pete Bentley
Rasputin :: Jack of All Trades - Master of Nuns