All,
I'm using jruby 1.7.0. I've the following options running well under
native ruby 1.9 however not able to run successfully under jruby 1.7.0.
Specifically the :SSLVerifyCallback does not triggered during the HTTPS
handshaking process.
@webrick_options = {
:Port => 9098,
:Logger => logger,
:RequestCallback => Proc.new do |req,res|
puts "SSL Request Callback!"
end,
:SSLEnable => true,
:SSLVerifyClient => ::OpenSSL::SSL::VERIFY_PEER,
:SSLVerifyCallback => Proc.new do |ok,store|
puts "SSL Verify Callback!"
1
end,
:SSLCertificate => cert,
:SSLPrivateKey => pkey
}
Hacking the jruby source code org/jruby/ext/openssl/
x509store/StoreContext.java found that error already thrown inside the
verifyCertificate() & checkTrust() method after called to the verify
callback, however the verify callback is not the one I've provided from the
above setting. The string never printed. It is calling the default verify
callback instead of the one that I've provided.
Few lines of codes as below fixed the issue:
verifyCertificate()
if(extraData.size() > 1 && extraData.get(1) != null)
{
cb =
(Store.VerifyCallbackFunction)((org.jruby.RubyProc)extraData.get(1)).toJava(Store.VerifyCallbackFunction.class);
}
else
cb=verifyCallback;
checkTrust()
if(extraData.size() > 1 && extraData.get(1) != null)
cb =
(Store.VerifyCallbackFunction)((org.jruby.RubyProc)extraData.get(1)).toJava(Store.VerifyCallbackFunction.class);
else
cb = verifyCallback;
I've checked on the issue tracker show the verify callback issue already
fixed in jruby-openssl 7, however I can't seems to get the callback called
by the java.
I'm not sure I've fixed the correct one or is there any other config needs
to change?
Thanks!
Regards,
Chris
