7

我正在尝试使用 RestClient 检索使用 SSL 客户端证书保护的页面。我的代码如下:

require 'restclient'

p12 = OpenSSL::PKCS12.new(File.read('client.p12'), 'password')
client = RestClient::Resource.new('https://example.com/',
                                  :ssl_client_key => p12.key,
                                  :verify_ssl => OpenSSL::SSL::VERIFY_NONE)
client.get

当我运行它时,我看到以下失败:

1.9.3-p374 :007 > client.get
RestClient::BadRequest: 400 Bad Request
    from /home/duncan/.rvm/gems/ruby-1.9.3-p374/gems/rest-client-1.6.7/lib/restclient/abstract_response.rb:48:in `return!'
    from /home/duncan/.rvm/gems/ruby-1.9.3-p374/gems/rest-client-1.6.7/lib/restclient/request.rb:230:in `process_result'
    from /home/duncan/.rvm/gems/ruby-1.9.3-p374/gems/rest-client-1.6.7/lib/restclient/request.rb:178:in `block in transmit'
    from /home/duncan/.rvm/rubies/ruby-1.9.3-p374/lib/ruby/1.9.1/net/http.rb:745:in `start'
    from /home/duncan/.rvm/gems/ruby-1.9.3-p374/gems/rest-client-1.6.7/lib/restclient/request.rb:172:in `transmit'
    from /home/duncan/.rvm/gems/ruby-1.9.3-p374/gems/rest-client-1.6.7/lib/restclient/request.rb:64:in `execute'
    from /home/duncan/.rvm/gems/ruby-1.9.3-p374/gems/rest-client-1.6.7/lib/restclient/request.rb:33:in `execute'
    from /home/duncan/.rvm/gems/ruby-1.9.3-p374/gems/rest-client-1.6.7/lib/restclient/resource.rb:51:in `get'
    from (irb):7
    from /home/duncan/.rvm/rubies/ruby-1.9.3-p374/bin/irb:13:in `<main>'

我很确定这是身份验证失败,因为如果我不安装客户端证书,我会在浏览器中遇到同样的错误。

我使用OpenSSL::SSL::VERIFY_NONE是因为服务器有一个自签名证书,我相信这是传递忽略它的正确值。

任何有关如何使这项工作的建议将不胜感激 - 即使是指向一些详细文档的指针,或不同 Gem 的建议也可以工作。我对 Gem 文档或 Google 的运气都不太好 :(

4

1 回答 1

7

您的 HTTPS 请求将需要客户端证书和密钥。尝试:

client = RestClient::Resource.new('https://example.com/',
                                  :ssl_client_cert => p12.certificate,
                                  :ssl_client_key => p12.key,
                                  :verify_ssl => OpenSSL::SSL::VERIFY_NONE)

如果这不起作用,您可以尝试捕获握手数据包(例如使用 WireShark)以验证 API 是否提供证书。

于 2013-05-25T16:17:00.960 回答