From: George Alatrash on 9 Aug 2010 17:55 Client Certificate error on Mac OS X 10.6.4 -------------------------------------------------------------------------------- I've been trying to connect to a web service over https where the service requires the client to be authenticated using a server signed certificate (note the server's certificate is signed from a trusted root certification authority). The code below shows a sample that I used to test the communication (with some tweak to hide my own details). The code works OK on Windows and Linux (kernel 2.6.x) systems, but fails on Mac OS X 10.6.4 with (Timeout::Error). When I traced the wire messages I found the error is due to encryption - the server responds with Encrypted Alert = decryption_failed(21) which, acording to SSL/TLS proocol RFC2246 http://www.ietf.org/rfc/rfc2246.txt, is: A TLSCiphertext decrypted in an invalid way: either it wasn`t an even multiple of the block length or its padding values, when checked, weren`t correct. This message is always fatal. Does anyone know the cause of this error or how to fix it? Is this an error in the core Net:HTTPS and SSL core Ruby libraries specific to Mac OS X? [code] cer_file = File.dirname(__FILE__) + '/cert.pem' key_file = File.dirname(__FILE__) + '/key.pem' cert = File.read(cer_file) key = File.read(key_file) uri = URI.parse("https://myservice.com/servicestatus") http = Net::HTTP.new(uri.host, uri.port) http.open_timeout = 5 http.read_timeout = 5 http.use_ssl = (uri.scheme == "https") http.verify_mode = OpenSSL::SSL::VERIFY_NONE http.cert = OpenSSL::X509::Certificate.new(cert) http.key = OpenSSL::PKey::RSA.new(key) http.verify_callback = Proc.new { puts "===> in verify_callback -- #{Time.now}" true } request = Net::HTTP::Post.new(uri.request_uri) request.body = '<?xml version="1.0" encoding="UTF-8"?> <env:Envelope xmlns:wsdl="http://myservice.com/ws/protocol" xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"> <env:Body> <wsdl:NodesListRequest> <AppID>MyAPP</AppID> <Timestamp>2010-01-01T00:00:00</Timestamp> </wsdl:NodesListRequest> </env:Body> </env:Envelope>' resp = http.request(request) puts "response => #{resp.inspect}" [/code] Note the same code (and same certificate and key files) works on Windows and Linux but not Mac OSX. I tried on the Mac with Ruby 1.8.6 and 1.8.7. -- Posted via http://www.ruby-forum.com/.
|
Pages: 1 Prev: Overriding ENV[] Next: Error: Bignum too big to convert into `long' |