From: Aaron D. Gifford on
Hi,

I've got a custom TCP protocol that currently runs plaintext/cleartext
to which I want to add something akin to SMTP's STARTTLS. The scripts
use Ruby's TCPSockets. The protocol will for the most part remain
unencrypted, but when client or server requests that TLS begin, I need
to take the existing TCPSocket and initiate TLS over it.

So... any pointers to good Ruby OpenSSL docs? The Rdocs my searches
have found thus far are SEVERELY lacking in anything useful. And
searches for Ruby TLS or SSL stuff turns up only preexisting
protocols, no details about how to interact at a TCPSocket level. My
next step will be to install a few of the libraries I have found and
delve into their source. (But of course I'd MUCH prefer to read
written documentation online if possible, or in combination with my
source code perusal.)

And I do need to preserve the non-blocking nature of my existing code
(which uses IO.select).

Thanks!

Aaron out.

From: yermej on
On Aug 7, 11:28 am, "Aaron D. Gifford" <astound...(a)gmail.com> wrote:
> Hi,
>
> I've got a custom TCP protocol that currently runs plaintext/cleartext
> to which I want to add something akin to SMTP's STARTTLS.  The scripts
> use Ruby's TCPSockets.  The protocol will for the most part remain
> unencrypted, but when client or server requests that TLS begin, I need
> to take the existing TCPSocket and initiate TLS over it.
>
> So...  any pointers to good Ruby OpenSSL docs?  

Ruby's openssl is a very basic wrapper around the OpenSSL library and
I haven't found much good documentation for either.

I'd first look in the samples that come with the Ruby source code. In
the source distribution, check out sample/openssl/echo_cli.rb and
echo_svr.rb. The server uses a TCPSocket, but between the example and
the TCPSocket code, it shouldn't be hard to work out what to do.

Jeremy
From: Aaron D. Gifford on
On Sat, Aug 7, 2010 at 6:30 PM, yermej <yermej(a)gmail.com> wrote
> Ruby's openssl is a very basic wrapper around the OpenSSL library and
> I haven't found much good documentation for either.
>
> I'd first look in the samples that come with the Ruby source code. In
> the source distribution, check out sample/openssl/echo_cli.rb and
> echo_svr.rb. The server uses a TCPSocket, but between the example and
> the TCPSocket code, it shouldn't be hard to work out what to do.
>
> Jeremy

Thanks for the tip, Jeremy! I was going to go source-code digging
anyway, and now you've given me a good starting place.

Aaron out.

From: Brian Candler on
Aaron D. Gifford wrote:
> I've got a custom TCP protocol that currently runs plaintext/cleartext
> to which I want to add something akin to SMTP's STARTTLS. The scripts
> use Ruby's TCPSockets. The protocol will for the most part remain
> unencrypted, but when client or server requests that TLS begin, I need
> to take the existing TCPSocket and initiate TLS over it.

I wrote ruby-ldapserver some years ago, and I wrote code which does
exactly that. Shouldn't be too hard to extract it.

IIRC, an OpenSSL socket duck-types a normal socket in most ways, so you
can just wrap the socket in an OpenSSL object. I would imagine you
couldn't #select on it though, but would have to #select on the
underlying socket instead.

(I was using threads, so #select compatibility wasn't a requirement)

HTH,

Brian.
--
Posted via http://www.ruby-forum.com/.

 | 
Pages: 1
Prev: Search on text
Next: trouble with mysqldump