使用Ruby OpenSSL下载和读取证书 [英] Using Ruby OpenSSL to download and read certificates

问题描述

我正在尝试弄清楚如何使用stdlib中的OpenSSL从网址/uri下载证书，然后在警报应用程序中使用它.

I'm trying to work out how to download a certificate from a web address/uri using OpenSSL in the stdlib and then make use of it in an alerting application.

此刻，我实质上是使用s_client调用openssl可执行文件并解析响应以获取证书，但是当我有一个完整的lib来处理此操作时，这样做实在是愚蠢/笨拙.我肯定已经知道了).

At the moment, I'm essentially calling the openssl executable using s_client and parsing the response to get the certificate but it just feels silly/clunky to be doing so when I've got a whole lib to handle this (and that I know for sure already DOES this).

我花了一些时间试图在Ruby中的openssl源代码上缠上我的头，但是我为此感到相当失败.同样，互联网上似乎充斥着许多红宝石主义者，他们试图绕过SSL(wince)，而不是提供有关OpenSSL本身的有用信息，因此我在那也没有太多运气.

I've spent a bit of time trying to wrap my head around the openssl source in Ruby but I feel fairly defeated by it; also the internet appears to be flooded with many rubyists trying to bypass their SSL (wince) rather than helpful information on OpenSSL itself so I'm not having much luck there either.

有人能完全指向我正确的方向吗?也许通过文档或类似的方法可以处理此特定任务?如果您有一个更好的例子，但我更愿意尝试自己解决这个问题.

Would someone be able to point me in the right direction at all? Perhaps via the documentation or something similar to be able handle this particular task? If you have an example that would be even better but I'd much prefer to try and get my head around it myself.

谢谢.

推荐答案

实际上非常简单.要获取远程证书，您需要尝试建立SSL连接，然后从那里读取对等证书，

It's pretty simple actually. To get remote certificate, you need to try to establish an SSL connection, then just read the peer certificate from there,

# Get OpenSSL context
ctx = OpenSSL::SSL::SSLContext.new

# Get remote TCP socket
sock = TCPSocket.new(remote_host, 443)

# pass that socket to OpenSSL
ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)

# establish connection, if possible
ssl.connect

# get peer certificate and do things with it
cert = ssl.peer_cert
cert.version
cert.subject.to_s

现在，这种简单的方法不适用于SNI，但可以帮助您入门.

Now, this simple method doesn't work with SNI, but it will get you started.

这篇关于使用Ruby OpenSSL下载和读取证书的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！