imanel
TLS connection using custom certification file.
Hi, I'd like use custom certification file for creating TLS connection. The target server is using a server certification file signed by private CA. The client has the private CA's certification file named cacert.pem.
Does websocket-eventmachine-client provide the fuctionality to set/add certification file?
I'd like to do something like as follows with websocket-eventmachine-client library: http://ruby-doc.org/stdlib-2.0/libdoc/openssl/rdoc/OpenSSL/X509/Store.html
No yet - it would require passing parameter to eventmachine according to spec. I have limited time to work on it this week so you could either send pull request or I will fix it at beginning of next week :)
Thank you for your quick response. Your links are very helpful to understand the library mechanism. I forked the repository and start developing.
In order to verify the server certificate signed by private CA, the client needs to have the private CA's certificate. It's ok. But I couldn't find the way to set the private CA's certificate to the client program.
I've checked the OpenSSL API document, then I found the API SSL_CTX_load_verify_locations. https://www.openssl.org/docs/ssl/SSL_CTX_load_verify_locations.html
That is the API to fit my purpose.
However, I couldn't find the API in EventMachine corresponding to SSL_CTX_load_verify_locations. I think that I need to study EventMachine's underlying libraries...
I believe it's related to https://github.com/eventmachine/eventmachine/pull/378 - unfortunately this application is not place for implementing hacks for EventMachine. I will keep it open for now as remainder to check when it will be done upstream.