1
0
Fork 0
mirror of https://github.com/puma/puma.git synced 2022-11-09 13:48:40 -05:00
puma--puma/examples/puma/client-certs
joe miller 4ae0de4f4c support TLS client auth (verify_mode) in jruby
Adds support for `verify_mode` to configure client authentication when running under JRuby.

Things to note:

- Assumes the CA used to verify client certs is in the same java
  keystore file that is used when setting up the HTTPS TLS listener. We
could split this out, but not sure if it's necessary.
- Friendly/helpful error messages explaining why the verification failed
  are not present in the same way they are in the CRuby/OpenSSL code
path. I'm not sure how to make them available.
- I did not include any code to create the `keystore.jks` file in the
  `examples/puma/client-certs` directory because I didn't see any
existing code to create the `examples/puma/keystore.jks` file. The
commands to create this keystore would be:

```
cd examples/puma/client-certs
  openssl pkcs12 -chain -CAfile ./ca.crt -export -password pass:blahblah -inkey server.key -in server.crt -name server -out server.p12
  keytool -importkeystore -srckeystore server.p12 -srcstoretype pkcs12 -srcstorepass blahblah -destkeystore keystore.jks -deststoretype JKS -storepass blahblah
  keytool -importcert -alias ca -noprompt -trustcacerts -file ca.crt -keystore keystore.jks -storepass blahblah
```
2015-11-28 18:17:01 -08:00
..
ca.crt ssl: Add Client Side Certificate Auth 2015-06-06 23:15:00 +02:00
ca.key ssl: Add Client Side Certificate Auth 2015-06-06 23:15:00 +02:00
client.crt ssl: Add Client Side Certificate Auth 2015-06-06 23:15:00 +02:00
client.key ssl: Add Client Side Certificate Auth 2015-06-06 23:15:00 +02:00
client_expired.crt ssl: Add Client Side Certificate Auth 2015-06-06 23:15:00 +02:00
client_expired.key ssl: Add Client Side Certificate Auth 2015-06-06 23:15:00 +02:00
client_unknown.crt ssl: Add Client Side Certificate Auth 2015-06-06 23:15:00 +02:00
client_unknown.key ssl: Add Client Side Certificate Auth 2015-06-06 23:15:00 +02:00
generate.rb ssl: Add Client Side Certificate Auth 2015-06-06 23:15:00 +02:00
keystore.jks support TLS client auth (verify_mode) in jruby 2015-11-28 18:17:01 -08:00
server.crt ssl: Add Client Side Certificate Auth 2015-06-06 23:15:00 +02:00
server.key ssl: Add Client Side Certificate Auth 2015-06-06 23:15:00 +02:00
server.p12 support TLS client auth (verify_mode) in jruby 2015-11-28 18:17:01 -08:00
unknown_ca.crt ssl: Add Client Side Certificate Auth 2015-06-06 23:15:00 +02:00
unknown_ca.key ssl: Add Client Side Certificate Auth 2015-06-06 23:15:00 +02:00