Feature #504
Allow SSL certificate client authentication for connections to Fedora
| Status: | New | Start: | 10/05/2009 | |
| Priority: | Normal | Due date: | ||
| Assigned to: | - | % Done: | 0% |
|
| Category: | - | Spent time: | - | |
| Target version: | - | |||
| Sponsor: |
Description
Our Fedora box requires SSL certificate verfication for clients. I overrode the Fedora::Connection#http method to do the following:
module Fedora
class Connection
def http
http = Net::HTTP.new(@site.host, @site.port)
if(@site.is_a?(URI::HTTPS))
http.use_ssl = true
http.cert = OpenSSL::X509::Certificate.new( File.read(CERT_FILE) )
http.key = OpenSSL::PKey::RSA.new( File.read(KEY_FILE), KEY_PASS )
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
end
http
end
end
end
I guess this could be cleaned up by still allowing SSL with a client certificate.
History
Updated by Willy Mene 297 days ago
Since the connection class is based on ActiveResource, maybe we could follow their patch to pass SSL options when creating connections. See this rail ticket Ability to set SSL options on ActiveResource connections