RestClient无法使用SSL客户端证书获取资源

时间:2013-05-23 13:40:05

标签: ruby ssl rest-client

我正在尝试使用RestClient来检索使用SSL客户端证书保护的页面。我的代码如下:

require 'restclient'

p12 = OpenSSL::PKCS12.new(File.read('client.p12'), 'password')
client = RestClient::Resource.new('https://example.com/',
                                  :ssl_client_key => p12.key,
                                  :verify_ssl => OpenSSL::SSL::VERIFY_NONE)
client.get

当我运行它时,我看到以下失败:

1.9.3-p374 :007 > client.get
RestClient::BadRequest: 400 Bad Request
    from /home/duncan/.rvm/gems/ruby-1.9.3-p374/gems/rest-client-1.6.7/lib/restclient/abstract_response.rb:48:in `return!'
    from /home/duncan/.rvm/gems/ruby-1.9.3-p374/gems/rest-client-1.6.7/lib/restclient/request.rb:230:in `process_result'
    from /home/duncan/.rvm/gems/ruby-1.9.3-p374/gems/rest-client-1.6.7/lib/restclient/request.rb:178:in `block in transmit'
    from /home/duncan/.rvm/rubies/ruby-1.9.3-p374/lib/ruby/1.9.1/net/http.rb:745:in `start'
    from /home/duncan/.rvm/gems/ruby-1.9.3-p374/gems/rest-client-1.6.7/lib/restclient/request.rb:172:in `transmit'
    from /home/duncan/.rvm/gems/ruby-1.9.3-p374/gems/rest-client-1.6.7/lib/restclient/request.rb:64:in `execute'
    from /home/duncan/.rvm/gems/ruby-1.9.3-p374/gems/rest-client-1.6.7/lib/restclient/request.rb:33:in `execute'
    from /home/duncan/.rvm/gems/ruby-1.9.3-p374/gems/rest-client-1.6.7/lib/restclient/resource.rb:51:in `get'
    from (irb):7
    from /home/duncan/.rvm/rubies/ruby-1.9.3-p374/bin/irb:13:in `<main>'

我很确定这是一次验证失败,因为如果我没有安装客户端证书,我在浏览器中会遇到同样的错误。

我正在使用OpenSSL::SSL::VERIFY_NONE因为服务器有一个自签名证书,我相信这是传递给忽略它的正确值。

任何关于如何使这项工作的建议都将受到高度赞赏 - 甚至指向一些详细文档的指针,或者对不同Gem的建议也可以起作用。我对Gem docs或Google都没有太多运气:(

1 个答案:

答案 0 :(得分:6)

您的HTTPS请求将需要客户端证书以及密钥。尝试:

client = RestClient::Resource.new('https://example.com/',
                                  :ssl_client_cert => p12.certificate,
                                  :ssl_client_key => p12.key,
                                  :verify_ssl => OpenSSL::SSL::VERIFY_NONE)

如果这不起作用,您可以尝试捕获握手数据包(例如使用WireShark)以验证API是否提供证书。