Changeset 32639 in project


Ignore:
Timestamp:
08/03/15 20:54:48 (5 years ago)
Author:
sjamaan
Message:

http-client: Add an example on how to use SSL client certificates

File:
1 edited

Legend:

Unmodified
Added
Removed
  • wiki/eggref/4/http-client

    r32597 r32639  
    246246Close all connections to all servers.
    247247
     248==== Setting up custom server connections
     249
     250<procedure>(default-server-connector uri proxy)</procedure>
     251
     252The default value of the {{server-connector}} parameter.  This
     253procedure creates a connection to the remote end for the given {{uri}}
     254(an [[uri-common]] object) and returns two values: an input port and
     255an output port.
     256
     257If {{proxy}} is not {{#f}} but an [[uri-common]] object, it will
     258connect to that, instead.
     259
     260This connector supports plain {{http}} connections, and {{https}} if
     261the {{openssl}} egg can be loaded (which it attempts to do on the
     262fly).
     263
     264<parameter>(server-connector [connector])</parameter>
     265
     266This parameter holds a procedure which is invoked to establish a
     267connection for an URI.
     268
     269The procedure should accept two uri-common objects as arguments: the
     270first indicates the URI for which the connection is to be made and the
     271second indicates the proxy through which the connection should be
     272made, or {{#f}} if a direct connection should be made to the first
     273URI's host and port.
     274
     275This can be used for nonstandard or complex connections, like for
     276example connecting to UNIX domain sockets or for supplying SSL/TLS
     277client certificates.
     278
     279===== SSL client certificate authentication example
     280
     281This is how you would make a connection to server, supplying the
     282client certificate.  Many thanks to Ryan Senior for the initial code.
     283
     284<enscript highlight="scheme">
     285(define (make-ssl-context/client-cert ca-cert-path cert-path key-path)
     286  (let ((ssl-ctx (ssl-make-client-context 'tls)))
     287
     288    ;; Set up so the server's certificate can and will be verified
     289    (ssl-load-suggested-certificate-authorities! ssl-ctx ca-cert-path)
     290    (ssl-load-verify-root-certificates! ssl-ctx ca-cert-path)
     291    (ssl-set-verify! ssl-ctx #t)
     292
     293    ;; Now load the client certificate
     294    (ssl-load-certificate-chain! ssl-ctx cert-path)
     295    (ssl-load-private-key! ssl-ctx key-path)
     296
     297    ;; Return the object we created
     298    ssl-ctx))
     299
     300;; This creates server connectors associated with an SSL context
     301(define (make-ssl-server-connector/context ssl-ctx)
     302  (lambda (uri-host uri-port)
     303    (ssl-connect uri-host uri-port ssl-ctx))))
     304
     305;; Now, make a context and matching connector, and register it
     306(let ((ssl-ctx (make-ssl-context/client-cert
     307                 "/etc/ssl/certs/ca.crt"
     308                 "/etc/ssl/certs/my-client-cert.crt"
     309                 "/etc/ssl/private/my-client-cert.key")))
     310  (server-connector ssl-ctx))
     311</enscript>
     312
     313Now, all requests made with any of the http-client procedures would
     314authenticate with a server using the configured client certificate.
    248315
    249316==== Cookie management
     
    409476=== Changelog
    410477
     478* 0.9 Add support for custom connector procedures.  Thanks to Ryan Senior for suggesting support for https client certificates, which this makes possible.
    411479* 0.8 Fix bug in multipart/form-data file uploads with non-file components in the form data causing a crash.  Thanks to Ryan Senior for reporting the bug and testing the fix.
    412480* 0.7.2 Add {{call-with-input-request*}}. Thanks to [[/users/mario-domenech-goulart|Mario Goulart]] for suggesting this.
Note: See TracChangeset for help on using the changeset viewer.