I'm trying to get webservice response time using ruby. My code
require 'net/http'
require 'benchmark'
require 'uri'
puts time = Benchmark.realtime = {Net::HTTP.get_response(URI.parse("http://webservice"))}
It works fine but when I'm trying to get response time of https based url I get an error
'connect_nonblock': SSL_connect returned=1 errno=0 state=error: certificate verify faule
Is any way to fix this?
You should make request with enabled ssl:
uri = URI('https://secure.example.com/some_path?query=string')
Net::HTTP.start(uri.host, uri.port, :use_ssl => true) do |http|
request = Net::HTTP::Get.new uri
response = http.request request # Net::HTTPResponse object
end
Related
How do I use SSL certificate verification in GET Request in RUBY (using password parameter in URL)? ->
require 'net/https'
require 'uri'
uri = URI.parse(ARGV[0] || 'https://example.com?password=my_password')
http = Net::HTTP.new(uri.host, uri.port)
if uri.scheme == "https"
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_PEER
http.ca_file=File.join(File.dirname(__FILE__),
"/Users/me/Desktop/demp.pem")
end
http.start do
http.request_get(uri.path) do |res|
print res.body
end
end
--> output
SSL_connect returned=1 errno=0 state=error: certificate verify failed (self signed certificate in certificate chain) (OpenSSL::SSL::SSLError)
This worked for me.
require 'net/http'
require 'net/https'
require 'openssl'
require 'uri'
require 'json'
ContentURI = URI.parse("example.com")
#cert_raw = File.read('cert.pem')
TestDataPath = '.'
req = Net::HTTP::Get.new(ContentURI.path)
https = Net::HTTP.new(ContentURI.host, ContentURI.port)
https.use_ssl = true
https.cert = OpenSSL::X509::Certificate.new(#cert_raw)
https.key = OpenSSL::PKey::RSA.new(#cert_raw)
https.verify_mode = OpenSSL::SSL::VERIFY_PEER
resp = https.start { |cx| cx.request(req) }
p resp
p resp.body
I try create POST request with SSL but without OpenSSL::SSL::VERIFY_NONE because it is opend up security attacks and without PEM certificate.
But I catch problems, my ruby code for send POST request:
post '/test/test1' do
cross_origin
post_data = request.body.read
res_Data = JSON.parse(post_data)
userName = res_Data['username']
#responseFromServer=''
uri = URI('https://test.com/test1')
Net::HTTP.start(uri.host, uri.port,
:use_ssl => uri.scheme == 'https',
:verify_mode => OpenSSL::SSL::VERIFY_NONE) do |http|
request = Net::HTTP::Post.new uri.request_uri
request.basic_auth 'aa', 'bb'
request.body = {'username' =>userName}.to_json
response = http.request request
#responseFromServer = response.body.to_s
end
newJson = JSON.parse(#responseFromServer)
status_msg = newJson['status']['status_msg']
if (status_msg == "Success")
return 'true'
end
return 'false'
end
It is method worked but he use OpenSSL::SSL::VERIFY_NONE. How to create method for send POST request without OpenSSL::SSL::VERIFY_NONE and PEM sertificate?
EDIT
SSL/HTTPS request
Update: There are some good reasons why this code example is bad. It introduces a potential security vulnerability if it's essential you use the server certificate to verify the identity of the server you're connecting to. There's a fix for the issue though!
require "net/https"
require "uri"
uri = URI.parse("https://secure.com/")
http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
request = Net::HTTP::Get.new(uri.request_uri)
response = http.request(request)
response.body
response.status
response["header-here"] # All headers are lowercase
SSL/HTTPS request with PEM certificate
require "net/https"
require "uri"
uri = URI.parse("https://secure.com/")
pem = File.read("/path/to/my.pem")
http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = true
http.cert = OpenSSL::X509::Certificate.new(pem)
http.key = OpenSSL::PKey::RSA.new(pem)
http.verify_mode = OpenSSL::SSL::VERIFY_PEER
request = Net::HTTP::Get.new(uri.request_uri)
My question: How to create POST method without PEM and OpenSSL::SSL::VERIFY_NONE?
This question is quite misleading, but I try my best to figure it out. Here is my advise:
Do you want to connect to a service that is only available through https and you do not care if the certificate is valid?
Then you can use :verify_mode => OpenSSL::SSL::VERIFY_NONE when initializing the Net::HTTP client.
You will have some kind of transport security, but you cannot be sure the server you are talking to is the one you think it is. You are vulnerable.
Do you want to connect to a service that is available both through https and http, and you do not care about transport security?
Then you should use the http://... endpoint.
Do you want to connect to a service and you care about transport security?
Then you should definitely use the https://... endpoint.
Do not override :verify_mode!
If you are getting certificate verification errors, make sure you have the correct Certificate Authority installed on your system.
I am making a call to a webservice via HTTPClient ruby gem. The location doesn't matter, but let's say it is at: https://mywebservice.com/api/v1/accounts/login/
When I send a post request:
url = "https://mywebservice.com/api/v1/accounts/login/"
client = HTTPClient.new
client.post url
I get a 404 response, that the page was not found. I setup a proxy and checked out exactly what was being sent it seems like the gem is messing up the url, it actually sends the request to:
https://mywebservice.comhttps://mywebservice.com:443/api/v1/accounts/login/
I am completely lost, I have no why it is doing that. Does it have anything to do with the fact that it's https and I should handle https differently?
Thanks
Yes, if you are requesting a https url do this:
require 'net/http'
require 'net/https'
require 'uri'
uri = URI.parse(url)
http = Net::HTTP.new(uri.host, uri.port)
request = Net::HTTP::Post.new(uri.request_uri)
#you need to set this field to true
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
response = http.request(request)
Here is a link that should help:
http://bibwild.wordpress.com/2012/04/30/httpclient-is-a-nice-http-client-forin-ruby/
You should post to an uri with a body of params. Something like
client.post "http://mysite.com:8080", data
where data is a hash with the required parameters for the page.
For instance:
data = {"var" => "var"}
how can you do a post over https using curb ruby gem?
This is how I do it over http to post a file to a server:
c = Curl::Easy.new("http://www.myserver.com/upload_messages")
c.multipart_form_post = true
post_field = Curl::PostField.content('fieldname', myfile)
c.http_post(post_field)
With net::http I would use use_ssl = true but how to do it with curb?
The post goes to an application running on heroku and the error I get now is:
Curl::Err::SSLCaertBadFile (Curl::Err::SSLCaertBadFile)
Thanks.
Have you tried c = Curl::Easy.new("https://www.myserver.com/upload_messages") (note the https instead of http on the url), cause in this example (https://github.com/taf2/curb/blob/master/samples/gmail.rb) from Curb's Github (that I suppose works, haven't tried it myself) they post to Gmail through https just doing that.
It seems that you have bad certificates and there should be option to trust unsigned.
require 'net/http'
require 'net/https'
require 'uri'
url = URI.parse 'https://myname:mypass#mail.google.com/'
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = (url.scheme == 'https')
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
Also try curb-fu gem. There you can make ssl post request like
form_data = { :color => 'red', :shape => 'sphere' }
response = CurbFu.post({:url => "https://example.com", :protocol => "https"}, form_data)
Consider the following code:
require 'net/https'
uri = URI.parse("https://host/index.html")
http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
request = Net::HTTP::Get.new(uri.path)
response = http.request(request)
where https://host/index.html is a valid address with an invalid certificate on the server.
On older versions of ruby (specifically 1.8.7-p334 and 1.9.2-p180) this code works fine. On all recent versions (1.8.7-p352, 1.9.2-p290 and 1.9.3-p0) it throws the following exception:
OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=unknown state
on the last line.
Changing verify_mode to OpenSSL::SSL::VERIFY_PEER gives exactly the error suggesting it is attempting to verify the certificate in spite of the setting.
How can I convince ruby to ignore the invalid certificate and connect?
uri = URI("https://host/index.html")
req = Net::HTTP::Get.new(uri.path)
res = Net::HTTP.start(
uri.host, uri.port,
:use_ssl => uri.scheme == 'https',
:verify_mode => OpenSSL::SSL::VERIFY_NONE) do |https|
https.request(req)
end
require 'nokogiri'
require 'open-uri'
require 'net/https'
#doc = Nokogiri::HTML(open(my_url, :ssl_verify_mode => OpenSSL::SSL::VERIFY_NONE))