Feature #9758
closedAllow setting SSLContext#extra_chain_cert in Net::HTTP
Description
Currently, Net::HTTP
can only send a single SSL certificate when it
establishes a connection. Some use-cases involve sending an entire
certificate chain to the destination; for this, SSLContext
supports
assigning to #extra_chain_cert=
.
This adds support in Net::HTTP
for exposing this underlying SSLContext
property to end-users.
Files
Updated by nobu (Nobuyoshi Nakada) over 9 years ago
- Tracker changed from Bug to Feature
- Description updated (diff)
Updated by stan3 (Tristan Hill) about 6 years ago
any feedback on this?
Updated by kitchen (Jeremy Kitchen) almost 6 years ago
I would also love to know about this. I'm running into an issue right now where I'm trying to use ruby (specifically with rest-client, but it's just a wrapper around Net::HTTP) to call out to an API with a client certificate and need a certificate chain to go along with it. The problem is described very well here: https://medium.com/in-the-weeds/net-http-and-x509-client-certificate-chains-and-monkey-patches-oh-my-ea5258dcb697
Thanks!
Updated by danielc192 (Daniel Cohen) about 5 years ago
This change is still blocking X509 certificate presentation with Net::HTTP, specifically when an intermediate certificate is required. The current workaround is to create a mixin for the Net::HTTP module (see the blog post linked in the previous comment), but this isn't a great long term solution. Is there another, less hacky way to solve this?
This issue has been open for nearly 5 years. Other than the patch being outdated, is there a reason this hasn't been merged? I'm happy to update the patch and resubmit, if that's the only obstacle.
Thanks!
Updated by Anonymous over 4 years ago
- Status changed from Open to Closed
Applied in changeset git|31af0dafba6d3769d2a39617c0dddedb97883712.
Expose SSLContext#extra_chain_cert in Net::HTTP
Currently, Net::HTTP can only send a single SSL certificate when it
establishes a connection. Some use-cases involve sending an entire
certificate chain to the destination; for this, SSLContext supports
assigning to #extra_chain_cert=.
This adds support in Net::HTTP for exposing this underlying SSLContext
property to end-users. [Feature #9758]