Using OpenSSL in Ruby

[Aaron D. Gifford]

Hi,

Anyone have any pointers to documentation, notes, info, or if none of
that, code showing examples of using OpenSSL in Ruby, in particular
memory BIO input/output for SSL/TLS sessions? Searches turn up plenty
of C code, but dearth of Ruby code. I'd like to be able to establish
an SSL or TLS session using memory IO (no sockets, no file IO).

Wondering,

Aaron out.

 

[elise huard]

Anyone have any pointers to documentation, notes, info, or if none of

that, code showing examples of using OpenSSL in Ruby, in particular
memory BIO input/output for SSL/TLS sessions? =A0Searches turn up plenty
of C code, but dearth of Ruby code. =A0I'd like to be able to establish
an SSL or TLS session using memory IO (no sockets, no file IO).

Wondering,

Aaron out.

Hi Aaron,

you might want to take a look at
https://github.com/jamesgolick/always_verify_ssl_certificates
http://www.rubyinside.com/how-to-cure-nethttps-risky-default-https-behavior=
-4010.html
HTH,

Elise

 

[Eric Hodel]

Anyone have any pointers to documentation, notes, info, or if none of
that, code showing examples of using OpenSSL in Ruby, in particular
memory BIO input/output for SSL/TLS sessions? Searches turn up plenty
of C code, but dearth of Ruby code. I'd like to be able to establish
an SSL or TLS session using memory IO (no sockets, no file IO).

I have written introductory documentation for OpenSSL, but it is only in =
ruby trunk.

You can read it here:

https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl.c#L409

I don't know much about openssl beyond learning enough to write this =
documentation, so I would appreciate feedback.

If there's something I missed please tell me so I can learn it and add =
it.=

 

[Michael Granger]

Anyone have any pointers to documentation, notes, info, or if none of
that, code showing examples of using OpenSSL in Ruby, in particular
memory BIO input/output for SSL/TLS sessions? Searches turn up plenty
of C code, but dearth of Ruby code. I'd like to be able to establish
an SSL or TLS session using memory IO (no sockets, no file IO).

There's nothing specifically about using memory IO, but the
samples/openssl/ directory in the Ruby source has some good generic
examples of how the pieces fit together.

I've also found Eric Hodel's OpenSSL-related stuff to be a good source
for how to use it, albeit with sockets and files, e.g.,:

http://segment7.net/projects/ruby/QuickCert/
http://segment7.net/projects/ruby/drb/DRbSSL/

Looking at the openssl ext source, I don't see a way to create a raw
memory source/sink, but OpenSSL::Session.new with a string creates one
to hold the encoded session, so maybe it'd be easy to add that. To be
honest, I'm not entirely sure what it means to "establish a[...] session
using memory IO", so I could be entirely misguided.

Good luck!

 

[Eric Hodel]

Anyone have any pointers to documentation, notes, info, or if none of
that, code showing examples of using OpenSSL in Ruby, in particular
memory BIO input/output for SSL/TLS sessions? Searches turn up plenty
of C code, but dearth of Ruby code. I'd like to be able to establish
an SSL or TLS session using memory IO (no sockets, no file IO).

Do you mean a wrapper for http://www.openssl.org/docs/crypto/bio.html# ?

I don't think ruby's OpenSSL wrapper supports that at this time. (I need to g=
et to a real computer to know for sure.)=

 

[Aaron D. Gifford]

Thank you for the pointers everyone.

Yes, Eric, the bio I/O abstraction is what I am looking for in Ruby.

And yes Michael, a raw memory source/sink is what I meant.

For example, I have two Ruby objects that communicate over a
bidirectional memory FIFO pipe. For reasons I don't care to explain,
I would like to initiate an SSL/TLS session over that pipe, but I need
to handle all I/O directly since I will be muxing/demuxing the SSL/TLS
traffic with other unencrypted traffic over the single channel. The
ability to start and stop arbitrary numbers of SSL/TLS encrypted
streams at will is desirable.

If anyone thinks of any more, please post them.

Aaron out.

 

[Brian Candler]

Aaron D. Gifford wrote in post #968472:

For example, I have two Ruby objects that communicate over a
bidirectional memory FIFO pipe. For reasons I don't care to explain,
I would like to initiate an SSL/TLS session over that pipe, but I need
to handle all I/O directly since I will be muxing/demuxing the SSL/TLS
traffic with other unencrypted traffic over the single channel. The
ability to start and stop arbitrary numbers of SSL/TLS encrypted
streams at will is desirable.

If anyone thinks of any more, please post them.

You could create a SocketPair, and demux the TLS stuff into that. You
would need to beware of it blocking, so perhaps run the TLS stuff in a
separate thread.

http://groups.google.com/group/comp...t&q=Socket.pair&rnum=2&hl=en#fdc3c5c6686ceb49

For regular TLS using a socket, ruby openssl is pretty simple. There's
code in ruby-ldapserver which does it.

 

[Aaron D. Gifford]

You could create a SocketPair, and demux the TLS stuff into that. You
would need to beware of it blocking, so perhaps run the TLS stuff in a
separate thread.

http://groups.google.com/group/comp...t&q=Socket.pair&rnum=2&hl=en#fdc3c5c6686ceb49

For regular TLS using a socket, ruby openssl is pretty simple. There's
code in ruby-ldapserver which does it.

Thanks, Brian. Sadly, I require non-blocking I/O and a
single-threaded app. I'm debating now whether or not to write a bio
wrapper Ruby extension in C and use that... *sigh*

Aaron out.

 

[Eric Hodel]

http://groups.google.com/group/comp.lang.ruby/browse_frm/thread/26d3538da0=
410b8b/fdc3c5c6686ceb49?lnk=3Dgst&q=3DSocket.pair&rnum=3D2&hl=3Den#fdc3c5c=
6686ceb49
=20
Thanks, Brian. Sadly, I require non-blocking I/O and a
single-threaded app. I'm debating now whether or not to write a bio
wrapper Ruby extension in C and use that... *sigh*

If you do this, please let me know. I can help integrate it into Ruby's =
OpenSSL binding.=