Jens Krämer

Soap4r / openSSL woes

 |  soap, openssl, ruby  |  2 comments

While testing a SOAP service that’s only reachable via HTTPS, I had kind of a hard time before I got soap4r 1.5.7 to connect successfully.

It always bailed out with an SSLError when trying to fetch the wsdl file from the server:

at depth 0 - 20: unable to get local issuer certificate
/usr/lib/ruby/gems/1.8/gems/httpclient-2.1.0/lib/httpclient.rb:950:in connect: certificate verify failed (OpenSSL::SSL::SSLError)

The certificate in question is shown as valid and correct in major browsers, I’m still not sure why OpenSSL behaves like that.

Getting around this problem on the Soap4r side turned out to be a bit tricky, so here’s what I did, mabe it saves somebody else some hours:

After hunting around in Soap4r’s code I found out that a set of properties gets loaded from a file named soap/property which is looked for in $:. When connecting via http Soap4r takes all props starting with client.protocol.http from this file and hands them through to the http client lib.

That knowledge combined with those hints made me put

client.protocol.http.ssl_config.verify_mode=OpenSSL::SSL::VERIFY_NONE

into lib/soap/property, et voila - openSSL still grumbles about the certificate but at least doesn’t throw errors at me any more.

Comments

Chris Williams

I struggled with this problem for along time too. You can also get it to verify the certificate if you set this:

service.options['protocol.http.ssl_config.ca_file'] ='/path/to/cacert.pem'

You need to download a file with the CA certificates from here: http://curl.haxx.se/docs/caextract.html

That should do the trick.

-Chris

Jens

Ah, cool. Thanks :-)

You can use Markdown here.

For the sake of spam checking any data you submit, including your IP address, will be transferred to the US based Akismet web service (akismet.com). If that's not acceptable for you, you can also reach me by other means.