Francis Cianfrocca
2007-Aug-15 05:55 UTC
[Eventmachine-talk] Interfaces for accessing SSL/TLS certificates
Hi everyone. Does anyone have any preferences or ideas for an interface for SSL certificates, both client-side and server-side? At present, the only interface is EventMachine::Connection#start_tls, which uses a built-in self-signed cert on the server side. On the cilent side, it accepts any well-formed cert (that is, it doesn''t check that the remote cert is signed by a trusted authority). I''m thinking of adding a very simple interface to EventMachine::Connection so you can set up certificate parameters before calling #start_tls. I''ll make the parameter list a hash so we can beef it up later if anyone wants to design a storage cache for external certs with its own API. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://rubyforge.org/pipermail/eventmachine-talk/attachments/20070815/aa112f42/attachment.html
On 8/15/07, Francis Cianfrocca <garbagecat10 at gmail.com> wrote:> Hi everyone. Does anyone have any preferences or ideas for an interface for > SSL certificates, both client-side and server-side? At present, the only > interface is EventMachine::Connection#start_tls, which uses > a built-in self-signed cert on the server side. On the cilent side, it > accepts any well-formed cert (that is, it doesn''t check that the remote cert > is signed by a trusted authority). > > I''m thinking of adding a very simple interface to EventMachine::Connection > so you can set up certificate parameters before calling #start_tls. I''ll > make the parameter list a hash so we can beef it up later if anyone wants to > design a storage cache for external certs with its own API.I don''t have any API preferences, but since SSL support is on the wish list for 0.7.0 of Swiftiply, it''d be dandy to support some more SSL options, including using an external cert for the server.... :) Kirk Haines
Francis Cianfrocca
2007-Aug-15 07:57 UTC
[Eventmachine-talk] Interfaces for accessing SSL/TLS
On 8/15/07, Kirk Haines <wyhaines at gmail.com> wrote:> > On 8/15/07, Francis Cianfrocca <garbagecat10 at gmail.com> wrote: > > Hi everyone. Does anyone have any preferences or ideas for an interface > for > > SSL certificates, both client-side and server-side? At present, the only > > interface is EventMachine::Connection#start_tls, which uses > > a built-in self-signed cert on the server side. On the cilent side, it > > accepts any well-formed cert (that is, it doesn''t check that the remote > cert > > is signed by a trusted authority). > > > > I''m thinking of adding a very simple interface to > EventMachine::Connection > > so you can set up certificate parameters before calling #start_tls. I''ll > > make the parameter list a hash so we can beef it up later if anyone > wants to > > design a storage cache for external certs with its own API. > > I don''t have any API preferences, but since SSL support is on the wish > list for 0.7.0 of Swiftiply, it''d be dandy to support some more SSL > options, including using an external cert for the server.... > > :) > > > Kirk HainesCheck the current head revision, in particular the new Rdocs for EventMachine::Connection#start_tls. At this moment, the new options only work with client-side connections, but I can make them work with server connections easily enough. Anyone wants to help test, I''d really appreciate it. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://rubyforge.org/pipermail/eventmachine-talk/attachments/20070815/b1899854/attachment.html