Ruby » Ruby master

Hello.

I need to work with SSL (HTTPS) with GOST encryption, but ruby doesn't connect to the servers that requires GOST algorithms to be used for encryption.

The issue is in fact, that it is required to modify system OpenSSL config to GOST work properly (see GOST engine README in OpenSSL source: https://github.com/openssl/openssl/blob/master/engines/ccgost/README.gost)

If system OpenSSL correctly configured, openssl tools works fine (e.g. openssl s_client will connect).

But even the system with OpenSSL configured ruby would not connect to the GOST HTTPS servers.

Solution

After some googling I've found post from people who have patched PHP to work with GOST HTTPS, and I've tried to make the similar patch for Ruby. There is also info, that other software like curl also needs such a patching. (Post (in russian): http://habrahabr.ru/post/189352/)

And it works!

Patch is attached to this issue. I've tested it with 2.1.1 and today trunk in Ubuntu Linux 12.04 and Mac OS X 10.9 (both with RVM).

How to test

Upgrade and configure your OpenSSL (you need version 1.0.0 or above), instructions for configuring and testing can be found in links above.

Try to execute attached ssl_example.rb script (it effectively downloads root page of https://ssl-gost.envek.name/ site, that I've configured for this, be aware that usual browsers won't be able to connect to it and only Firefox will display useful error message)

You should get some text with SSL connection info to STDOUT if it works and exception otherwise.

Another server for test: https://service.rosminzdrav.ru/

Workarounds

For HTTPS with GOST I've written a little gem that wrapping openssl s_client utility: https://github.com/Envek/httpi-adapter-openssl_gost