Looking for good Ruby OpenSSL TLS docs

[Aaron D. Gifford]

Hi,

I've got a custom TCP protocol that currently runs plaintext/cleartext
to which I want to add something akin to SMTP's STARTTLS. The scripts
use Ruby's TCPSockets. The protocol will for the most part remain
unencrypted, but when client or server requests that TLS begin, I need
to take the existing TCPSocket and initiate TLS over it.

So... any pointers to good Ruby OpenSSL docs? The Rdocs my searches
have found thus far are SEVERELY lacking in anything useful. And
searches for Ruby TLS or SSL stuff turns up only preexisting
protocols, no details about how to interact at a TCPSocket level. My
next step will be to install a few of the libraries I have found and
delve into their source. (But of course I'd MUCH prefer to read
written documentation online if possible, or in combination with my
source code perusal.)

And I do need to preserve the non-blocking nature of my existing code
(which uses IO.select).

Thanks!

Aaron out.

 

[yermej]

Hi,

I've got a custom TCP protocol that currently runs plaintext/cleartext
to which I want to add something akin to SMTP's STARTTLS.  The scripts
use Ruby's TCPSockets.  The protocol will for the most part remain
unencrypted, but when client or server requests that TLS begin, I need
to take the existing TCPSocket and initiate TLS over it.

So...  any pointers to good Ruby OpenSSL docs?  

Ruby's openssl is a very basic wrapper around the OpenSSL library and
I haven't found much good documentation for either.

I'd first look in the samples that come with the Ruby source code. In
the source distribution, check out sample/openssl/echo_cli.rb and
echo_svr.rb. The server uses a TCPSocket, but between the example and
the TCPSocket code, it shouldn't be hard to work out what to do.

Jeremy

 

[Aaron D. Gifford]

Ruby's openssl is a very basic wrapper around the OpenSSL library and
I haven't found much good documentation for either.

I'd first look in the samples that come with the Ruby source code. In
the source distribution, check out sample/openssl/echo_cli.rb and
echo_svr.rb. The server uses a TCPSocket, but between the example and
the TCPSocket code, it shouldn't be hard to work out what to do.

Jeremy

Thanks for the tip, Jeremy! I was going to go source-code digging
anyway, and now you've given me a good starting place.

Aaron out.

 

[Brian Candler]

I've got a custom TCP protocol that currently runs plaintext/cleartext
to which I want to add something akin to SMTP's STARTTLS. The scripts
use Ruby's TCPSockets. The protocol will for the most part remain
unencrypted, but when client or server requests that TLS begin, I need
to take the existing TCPSocket and initiate TLS over it.

I wrote ruby-ldapserver some years ago, and I wrote code which does
exactly that. Shouldn't be too hard to extract it.

IIRC, an OpenSSL socket duck-types a normal socket in most ways, so you
can just wrap the socket in an OpenSSL object. I would imagine you
couldn't #select on it though, but would have to #select on the
underlying socket instead.

(I was using threads, so #select compatibility wasn't a requirement)

HTH,

Brian.