httparty icon indicating copy to clipboard operation
httparty copied to clipboard

Published 20 hours ago verified publisher icon jnunemaker

Support extra chain cert

Open wxwang33 opened this issue 3 years ago • 3 comments

Summary

This change is to add extra chain cert support:

Currently, httparty does not support having multiple certs in the pem option. The only way to pass in multiple certs is to use a ca_file and this pull request will add support to passing multiple certs without the need of a file.

wxwang33 avatar Feb 24 '22 18:02 wxwang33

Forgive my ignorance, because I know nothing about this, but is it a common thing or specification to do this?

jnunemaker avatar Feb 24 '22 20:02 jnunemaker

Hi @jnunemaker,

This is a feature that's supported by Ruby Net Http but is not supported in Httparty. https://docs.ruby-lang.org/en/master/Net/HTTP.html

Users may want to pass in intermediate certificates. There is no current solution in httparty other than passing in a ca_file which requires a local file containing the certificates. If a repetitive task runs on multiple servers and the servers don't have the cert files on their disks, they need to create such files on the disks. Since passing in extra chain certificates is supported as an option in Net Http, we can simply handle this scenario by extracting and passing in the intermediate certificates without using files.

wxwang33 avatar Feb 28 '22 14:02 wxwang33

@wxwang33 the only thing we need on this now is specs. Can you get me an example file that has two certs like this? I can help wire up the specs for it.

jnunemaker avatar Mar 21 '22 12:03 jnunemaker

Closing as stale but if someone wants to help get some specs for this I'll merge it.

jnunemaker avatar Mar 20 '24 12:03 jnunemaker