Verify client certificate using SSLServer in Ruby

Question

Heres the code I\'m using to setup the server:

require \'socket\'
require \'openssl\'

socket = TCPServer.new(\'127.0.0.1\', 4433)

ssl_context = OpenSSL::SS         


        

Answer 1

Have a look at test_client_auth and start_server in the tests for OpenSSL::SSL.

From the top of my head, the only thing I see missing in your code is that you forgot to explicitly require client authentication on the server side - it is important to set the flag combination

flags = OpenSSL::SSL::VERIFY_PEER|OpenSSL::SSL::VERIFY_FAIL_IF_NO_PEER_CERT
ctx.verify_mode = flags

so that the server will actually require client authentication and not silently accept requests that come unauthenticated. If you don't set these, the server will be happy without requesting client authentication and as a result there will also be no peer certificate available.