Making an HTTPS Web Request
Problem
You want to connect to an HTTPS web site, one whose traffic is encrypted using SSL.
Solution
You need the OpenSSL extension to Ruby. Youll know if its installed if you can require the net/https library without getting a LoadError.
require et/https # => true
You can make HTTPS requests with the convenience methods described in Recipe 14.1, but you can use the Net::HTTP::Get and Net::HTTP::Post class described in Recipe 14.3. To make an HTTPS request, just instantiate a Net::HTTP object and set its use_ssl member to TRue.
In this example, I try to download a page from a web server that only accepts HTTPS connections. Instead of listening on port 80 like a normal web server, this server listens on port 443 and expects an encrypted request. I can only connect with a Net::HTTP instance that has the use_ssl flag set.
require
et/http
uri = URI.parse("https://www.donotcall.gov/")
request = Net::HTTP.new(uri.host, uri.port)
response = request.get("/")
# Errno::ECONNRESET: Connection reset by peer
require
et/https
request.use_ssl = true
request.verify_mode = OpenSSL::SSL::VERIFY_NONE
response = request.get("/")
# => #
The default Ruby installation for Windows includes the OpenSSL extension, but if you
e on a Unix system, you might have to install it yourself. On Debian GNU/Linux, the package name is libopenssl-ruby[Ruby version]: for instance, libopenssl-ruby1.8. You might need to download the extension from the Ruby PKI homepage (see below), and compile and install it with Make. Setting verify_mode to OpenSSL:SSL::VERIFY_NONE suppresses some warnings, but the warnings are kind of serious: they mean that OpenSSL won verify the servers certificate or proof of identity. Your conversation with the server will be confidential, but you won be able to definitively authenticate the server: it might be an imposter. You can have OpenSSL verify server certificates if you keep a few trusted certificates on your computer. You don need a certificate for every server you might possibly access. You just need certificates for a few "certificate authorities:" the organizations that actually sign most other certificates. Since web browsers need these certificates too, you probably already have a bunch of them installed, although maybe not in a format that Ruby can use (if you don have them, see below). On Debian GNU/Linux, the ca-certificates package installs a set of trusted server certificates into the directory /etc/ssl/certs. I can set my request objects ca_path to that directory, and set its verify_mode to OpenSSL::SSL::VERIFY_PEER. Now OpenSSL can verify that Im actually talking to the web server at donotcall.gov, and not an imposter.
request = Net::HTTP.new(uri.host, uri.port)
request.use_ssl = true
request.ca_path = "/etc/ssl/certs/"
request.verify_mode = OpenSSL::SSL::VERIFY_PEER
response = request.get("/")
# => #
The SSL certificate for www.donotcall.gov (http://www.donotcall.gov) happens to be signed by Network Solutions. I already have Network Solutions certificate installed on my computer, so I can verify the signature. If I trust Network Solutions, I can trust donotcall.gov.
Discussion
See Also
Категории