How to verify the SSL connection when calling a URI?
- by robertokl
Hello,
I am developing a web application that is authenticated using CAS (A single-sign-on solution: http://www.ja-sig.org/wiki/display/CAS/Home).
For security reasons, I need two things to work:
The communication between CAS and my application needs to be secure
My application needs to accept the certification coming from CAS, so that I can guarantee that the CAS responding is the real CAS server
This is what I got so far:
uri = URI.parse("https://www.google.com/accounts")
https = Net::HTTP.new(uri.host, uri.port)
https.use_ssl = (uri.scheme == 'https')
https.verify_mode = (OpenSSL::SSL::VERIFY_PEER)
raw_res = https.start do |conn|
conn.get("#{uri.path}?#{uri.query}")
end
This works just great in Mac OS X. When I try to reach an insecure URI, it raises an exception, and when I try to reach a secure URI, it allows me normally, just like expected.
The problem starts when I deploy my application on my Linux server. I tried in both Ubuntu and Red Hat. Independent of what URI I try to reach, it always raises this exception:
OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
from /usr/local/lib/ruby/1.8/net/http.rb:586:in `connect'
from /usr/local/lib/ruby/1.8/net/http.rb:586:in `connect'
from /usr/local/lib/ruby/1.8/net/http.rb:553:in `do_start'
from /usr/local/lib/ruby/1.8/net/http.rb:542:in `start'
from (irb):7
I think this have something to do with my installed OpenSSL package, but I can't be sure. This are my installed OpenSSL packages:
openssl.x86_64 0.9.8e-12.el5 installed
openssl-devel.x86_64 0.9.8e-12.el5 installed
I tried using HTTParty as well, but it just ignores the SSL certificate.
I hope someone can help me, or tell me about a gem that works the way I need.
Thanks.
