Secure http request from SketchUp ruby
-
Hi,
Sketchup: 2014 14.0.4900
OS: Windows 8I just wanted to share an issue that I encountered and ask for feedback. I was trying to use ruby to make http connection using the net/http library. It worked fine for http connection, but failed for https connection with the error message:
Error; #<OpenSSL;;SSL;;SSLError; SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B; certificate verify failed>
The issue is reasonably well documented:
- An explanation of the issue can be found there https://github.com/oneclick/rubyinstaller/issues/153
- Fix for ruby (standalone) can be found in various place from updating the pem certificate list manually (not really applicable on Windows as the path is hardcoded to a location valid only for the person that compiled the library) to downloading the certificate locally and using the environment variable "SSL_CERT_FILE"
From within SketchUp, the environment variable fix only works if the environment variable is set manually, but does not work when setting the environment variable within ruby using the ENV variable.
I found that the following code works, which set the path to the certificate file manually when creating the http connection:
require 'net/http' uri = URI('https://www.google.com.au') http = Net;;HTTP.new(uri.host, uri.port) http.use_ssl = (uri.scheme =~ /^https$/i) http.ca_file='C;\Users\owner\Documents\cacert.pem' request = Net;;HTTP;;Get.new(uri.request_uri) response = http.request(request) puts response.body
I was wondering if anyone had encountered a similar issue and if so have a different solution. I was also wondering of how to include the certificate file (cacert.pem) in the plugin: (a) ship a predownloaded version or download it when needed, (b) keep it in my own plugins directory (Roaming\SketchUp...\Plugins\MyPlugin\Certificate) or keep it somewhere more accessible?
Have a great day.
-
(b) Any file specific to a plugin, belongs in THAT plugin's folder hierarchy.
-
@dan rathbun said:
(b) Any file specific to a plugin, belongs in THAT plugin's folder hierarchy.
Thanks. It makes sense to me as well. At the moment, my implementation downloads the file (when first needed) in an application specific folder that is outside of the SketchUp/plugin directory - it is not SketchUp specific, nor a specific part of my plugin, but is required by my plugin...
My preference would be to not download and store this file...
-
Now hold on. IF this certificate will be used across all versions of SketchUp, then yes you CAN have your own application folder in the user %AppData% path.
"C:/Users/Joe/AppData/Roaming/YourCompany/ThisPlugin" (Windows)
If it is for any user on a workstation, then it could go in the %ProgramData% path.
That complicates thing though. If it does not matter if there are multiple copies of the file, then it is easiest to include it within the RBZ archive.
Advertisement