Support for chained client certificates?

[Deekor]

Basic Info

An API I'm using requires the use of certificate based auth and the certificates must be chained.

Ive been able to get it to work via bare bones net::http

@chained = OpenSSL::X509::Certificate.load(File.read("/path/chained.pem")) # reads a file that has 2 certs in it and returns an array of certs
url = URI("https://apiendpoin.com")

http = Net::HTTP.new(url.host, url.port)
http.cert = @chained.first
http.extra_chain_cert = @chained

http.key = @key
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE

request = Net::HTTP::Post.new(url)
request.body = "grant_type=client_credentials"

response = http.request(request)

I would love to use faraday, but it seems the ssl options only allow for one client_cert and not an array of certs and OpenSSL::X509::Certificate.new(File.read("/path/chained.pem")) only returns the first cert in chained.pem

[yykamei]

I love the idea to support chained client certificates 😄 This issue is being also discussed here.

[iMacTia]

@Deekor @yykamei this was implemented in lostisland/faraday-net_http#42 and is available in the latest version of the faraday-net_http adapter 🎉

[bvogel]

Hi, any chance to cut a new faraday release so this can "officially" be used? Thank you so much.

[iMacTia]

Planning to cut a release soon, was waiting on #1582 to be merged as well 👍

[iMacTia]

Release just went out 🎉

[bvogel]

Thank you!