SSL Nightmares

On a recent project our development team ran into a brick wall around mutual auth with SSL. The problem is a solved one, but Ruby's OpenSSL documentation leaves something to be desired (I'd love to pair on this, btw). I think had we had a better understanding of SSL under our belts we could have solved this without quite so much pain. Luckily, there is a tremendous amount of information out there concerning SSL. Here I want to review what SSL is, and then quickly go through the process of setting up mutual auth with Ruby.

What is SSL

Unfortunately, this topic is pretty heavy when it comes to vocabulary. For the bulk of this article I'll refer to the ruby process as the client and the service you are trying to interact with the server. Hopefully, it won't be too confusing, but if you have questions feel free to ping me on twitter (@rondale_sc) or leave a comment.

SSL is an acronym for Secure Sockets Layer, and is a way to facilitate the exchange of information securely via the exchange of keys. A typical handshake process looks something like the following:

ssl-negotiation

This process is something that virtually every Ruby HTTP library supports, we'll be using net-http from the standard library for the code samples in this article. The above interaction can be done in just a few lines of Ruby like so:

Many of the following examples are from a repo made by augustl named nethttpcheatsheet. This repo is an excellent resource that will be further sited at the bottom of this post.