Changeset 32639 in project

08/03/15 20:54:48 (5 years ago)

http-client: Add an example on how to use SSL client certificates

1 edited


  • wiki/eggref/4/http-client

    r32597 r32639  
    246246Close all connections to all servers.
     248==== Setting up custom server connections
     250<procedure>(default-server-connector uri proxy)</procedure>
     252The default value of the {{server-connector}} parameter.  This
     253procedure creates a connection to the remote end for the given {{uri}}
     254(an [[uri-common]] object) and returns two values: an input port and
     255an output port.
     257If {{proxy}} is not {{#f}} but an [[uri-common]] object, it will
     258connect to that, instead.
     260This connector supports plain {{http}} connections, and {{https}} if
     261the {{openssl}} egg can be loaded (which it attempts to do on the
     264<parameter>(server-connector [connector])</parameter>
     266This parameter holds a procedure which is invoked to establish a
     267connection for an URI.
     269The procedure should accept two uri-common objects as arguments: the
     270first indicates the URI for which the connection is to be made and the
     271second indicates the proxy through which the connection should be
     272made, or {{#f}} if a direct connection should be made to the first
     273URI's host and port.
     275This can be used for nonstandard or complex connections, like for
     276example connecting to UNIX domain sockets or for supplying SSL/TLS
     277client certificates.
     279===== SSL client certificate authentication example
     281This is how you would make a connection to server, supplying the
     282client certificate.  Many thanks to Ryan Senior for the initial code.
     284<enscript highlight="scheme">
     285(define (make-ssl-context/client-cert ca-cert-path cert-path key-path)
     286  (let ((ssl-ctx (ssl-make-client-context 'tls)))
     288    ;; Set up so the server's certificate can and will be verified
     289    (ssl-load-suggested-certificate-authorities! ssl-ctx ca-cert-path)
     290    (ssl-load-verify-root-certificates! ssl-ctx ca-cert-path)
     291    (ssl-set-verify! ssl-ctx #t)
     293    ;; Now load the client certificate
     294    (ssl-load-certificate-chain! ssl-ctx cert-path)
     295    (ssl-load-private-key! ssl-ctx key-path)
     297    ;; Return the object we created
     298    ssl-ctx))
     300;; This creates server connectors associated with an SSL context
     301(define (make-ssl-server-connector/context ssl-ctx)
     302  (lambda (uri-host uri-port)
     303    (ssl-connect uri-host uri-port ssl-ctx))))
     305;; Now, make a context and matching connector, and register it
     306(let ((ssl-ctx (make-ssl-context/client-cert
     307                 "/etc/ssl/certs/ca.crt"
     308                 "/etc/ssl/certs/my-client-cert.crt"
     309                 "/etc/ssl/private/my-client-cert.key")))
     310  (server-connector ssl-ctx))
     313Now, all requests made with any of the http-client procedures would
     314authenticate with a server using the configured client certificate.
    249316==== Cookie management
    409476=== Changelog
     478* 0.9 Add support for custom connector procedures.  Thanks to Ryan Senior for suggesting support for https client certificates, which this makes possible.
    411479* 0.8 Fix bug in multipart/form-data file uploads with non-file components in the form data causing a crash.  Thanks to Ryan Senior for reporting the bug and testing the fix.
    412480* 0.7.2 Add {{call-with-input-request*}}. Thanks to [[/users/mario-domenech-goulart|Mario Goulart]] for suggesting this.
Note: See TracChangeset for help on using the changeset viewer.