[ruby-core:62090] [ruby-trunk - Bug #9758] [Open] Allow setting SSLContext#extra_chain_cert in Net::HTTP

[ruby-core:62090] [ruby-trunk - Bug #9758] [Open] Allow setting SSLContext#extra_chain_cert in Net::HTTP

[stephen]

Issue #9758 has been reported by Stephen Touset.

----------------------------------------
Bug #9758: Allow setting SSLContext#extra_chain_cert in Net::HTTP
https://bugs.ruby-lang.org/issues/9758

* Author: Stephen Touset
* Status: Open
* Priority: Normal
* Assignee: 
* Category: lib
* Target version: current: 2.2.0
* ruby -v: ruby 2.1.0p0 (2013-12-25 revision 44422) [x86_64-darwin12.0]
* Backport: 2.0.0: UNKNOWN, 2.1: UNKNOWN
----------------------------------------
Currently, Net::HTTP can only send a single SSL certificate when it
establishes a connection. Some use-cases involve sending an entire
certificate chain to the destination; for this, SSLContext supports
assigning to #extra_chain_cert=.
    
This adds support in Net::HTTP for exposing this underlying SSLContext
property to end-users.


---Files--------------------------------
0001-Expose-SSLContext-extra_chain_cert-in-Net-HTTP.patch (1.54 KB)


-- 
https://bugs.ruby-lang.org/

[ruby-core:70784] [Ruby trunk - Bug #9758] Allow setting SSLContext#extra_chain_cert in Net::HTTP

[zzak]

Issue #9758 has been updated by Zachary Scott.

Assignee set to openssl

----------------------------------------
Bug #9758: Allow setting SSLContext#extra_chain_cert in Net::HTTP
https://bugs.ruby-lang.org/issues/9758#change-54167

* Author: Stephen Touset
* Status: Open
* Priority: Normal
* Assignee: openssl
* ruby -v: ruby 2.1.0p0 (2013-12-25 revision 44422) [x86_64-darwin12.0]
* Backport: 2.0.0: UNKNOWN, 2.1: UNKNOWN
----------------------------------------
Currently, Net::HTTP can only send a single SSL certificate when it
establishes a connection. Some use-cases involve sending an entire
certificate chain to the destination; for this, SSLContext supports
assigning to #extra_chain_cert=.
    
This adds support in Net::HTTP for exposing this underlying SSLContext
property to end-users.


---Files--------------------------------
0001-Expose-SSLContext-extra_chain_cert-in-Net-HTTP.patch (1.54 KB)


-- 
https://bugs.ruby-lang.org/

[ruby-core:70797] [Ruby trunk - Feature #9758] Allow setting SSLContext#extra_chain_cert in Net::HTTP

[nobu]

Issue #9758 has been updated by Nobuyoshi Nakada.

Tracker changed from Bug to Feature
Description updated

----------------------------------------
Feature #9758: Allow setting SSLContext#extra_chain_cert in Net::HTTP
https://bugs.ruby-lang.org/issues/9758#change-54182

* Author: Stephen Touset
* Status: Open
* Priority: Normal
* Assignee: openssl
----------------------------------------
Currently, `Net::HTTP` can only send a single SSL certificate when it
establishes a connection. Some use-cases involve sending an entire
certificate chain to the destination; for this, `SSLContext` supports
assigning to `#extra_chain_cert=`.
    
This adds support in `Net::HTTP` for exposing this underlying `SSLContext`
property to end-users.


---Files--------------------------------
0001-Expose-SSLContext-extra_chain_cert-in-Net-HTTP.patch (1.54 KB)


-- 
https://bugs.ruby-lang.org/

[ruby-core:90130] [Ruby trunk Feature#9758] Allow setting SSLContext#extra_chain_cert in Net::HTTP

[tristan]

Issue #9758 has been updated by stan3 (Tristan Hill).


sny feedback on this?

----------------------------------------
Feature #9758: Allow setting SSLContext#extra_chain_cert in Net::HTTP
https://bugs.ruby-lang.org/issues/9758#change-75250

* Author: stouset (Stephen Touset)
* Status: Open
* Priority: Normal
* Assignee: openssl
* Target version: 
----------------------------------------
Currently, `Net::HTTP` can only send a single SSL certificate when it
establishes a connection. Some use-cases involve sending an entire
certificate chain to the destination; for this, `SSLContext` supports
assigning to `#extra_chain_cert=`.
    
This adds support in `Net::HTTP` for exposing this underlying `SSLContext`
property to end-users.


---Files--------------------------------
0001-Expose-SSLContext-extra_chain_cert-in-Net-HTTP.patch (1.54 KB)


-- 
https://bugs.ruby-lang.org/

[ruby-core:91877] [Ruby trunk Feature#9758] Allow setting SSLContext#extra_chain_cert in Net::HTTP

[kitchen]

Issue #9758 has been updated by kitchen (Jeremy Kitchen).


I would also love to know about this. I'm running into an issue right now where I'm trying to use ruby (specifically with rest-client, but it's just a wrapper around Net::HTTP) to call out to an API with a client certificate and need a certificate chain to go along with it. The problem is described very well here: https://medium.com/in-the-weeds/net-http-and-x509-client-certificate-chains-and-monkey-patches-oh-my-ea5258dcb697

Thanks!

----------------------------------------
Feature #9758: Allow setting SSLContext#extra_chain_cert in Net::HTTP
https://bugs.ruby-lang.org/issues/9758#change-77145

* Author: stouset (Stephen Touset)
* Status: Open
* Priority: Normal
* Assignee: openssl
* Target version: 
----------------------------------------
Currently, `Net::HTTP` can only send a single SSL certificate when it
establishes a connection. Some use-cases involve sending an entire
certificate chain to the destination; for this, `SSLContext` supports
assigning to `#extra_chain_cert=`.
    
This adds support in `Net::HTTP` for exposing this underlying `SSLContext`
property to end-users.


---Files--------------------------------
0001-Expose-SSLContext-extra_chain_cert-in-Net-HTTP.patch (1.54 KB)


-- 
https://bugs.ruby-lang.org/

[ruby-core:96174] [Ruby master Feature#9758] Allow setting SSLContext#extra_chain_cert in Net::HTTP

[danielc192]

Issue #9758 has been updated by danielc192 (Daniel Cohen).


This change is still blocking X509 certificate presentation with Net::HTTP, specifically when an intermediate certificate is required. The current workaround is to create a mixin for the Net::HTTP module (see the blog post linked in the previous comment), but this isn't a great long term solution. Is there another, less hacky way to solve this?

This issue has been open for nearly 5 years. Other than the patch being outdated, is there a reason this hasn't been merged? I'm happy to update the patch and resubmit, if that's the only obstacle.

Thanks!

----------------------------------------
Feature #9758: Allow setting SSLContext#extra_chain_cert in Net::HTTP
https://bugs.ruby-lang.org/issues/9758#change-83050

* Author: stouset (Stephen Touset)
* Status: Open
* Priority: Normal
* Assignee: openssl
* Target version: 
----------------------------------------
Currently, `Net::HTTP` can only send a single SSL certificate when it
establishes a connection. Some use-cases involve sending an entire
certificate chain to the destination; for this, `SSLContext` supports
assigning to `#extra_chain_cert=`.
    
This adds support in `Net::HTTP` for exposing this underlying `SSLContext`
property to end-users.


---Files--------------------------------
0001-Expose-SSLContext-extra_chain_cert-in-Net-HTTP.patch (1.54 KB)


-- 
https://bugs.ruby-lang.org/