SSL/TLS Support
Various options are supported for configuring rest-man’s TLS settings. By default, rest-man will verify certificates using the system’s CA store on all platforms. This is intended to be similar to how browsers behave. You can also customize it as you like.
- Customize the certificate authorities by specify
:ssl_ca_file,:ssl_ca_path, or:ssl_cert_store. - Set client certificate for mutual authentication by specify
:ssl_client_certand:ssl_client_key
Self-signed certificates can be generated with the openssl command-line tool.
Customize certificate authorities
HEAD
/test
HTTP/1.1
Accept: */*
Accept-Encoding: gzip;q=1.0,deflate;q=0.6,identity;q=0.3
User-Agent: rest-man/1.1.0 (darwin21 arm64) ruby/3.1.2p20
Host: example.com
HTTP/1.1
200
OK
Content-Type: text/plain
Hello world!
RestMan simple mode hasn't support SSL/TLS customization.
Please use advance or resource mode.
# Customize ssl_ca_file
response = RestMan::Request.execute(
method: :get,
url: "https://example.com/test",
ssl_ca_file: "/path/to/ca_certs.pem"
verify_ssl: OpenSSL::SSL::VERIFY_PEER
)
# Customize ssl_ca_path
response = RestMan::Request.execute(
method: :get,
url: "https://example.com/test",
ssl_ca_path: "/path/to/certs"
verify_ssl: OpenSSL::SSL::VERIFY_PEER
)
# Customize ssl_cert_store
store = OpenSSL::X509::Store.new
store.set_default_paths
cert = OpenSSL::X509::Certificate.new(File.read('path/to/certificate.pem'))
store.add_cert(cert)
response = RestMan::Request.execute(
method: :get,
url: "https://example.com/test",
ssl_cert_store: store,
verify_ssl: OpenSSL::SSL::VERIFY_PEER
)
response.code #=>200
response.headers #=> Hash
response.headers[:content_type] #=> text/plain
response.body #=> Hello world!
# Customize ssl_ca_file
resource = RestMan::Resource.new(
"https://example.com/test",
ssl_ca_file: "/path/to/ca_certs.pem"
verify_ssl: OpenSSL::SSL::VERIFY_PEER
)
resposne = resource.get
# Customize ssl_ca_path
resource = RestMan::Resource.new(
"https://example.com/test",
ssl_ca_path: "/path/to/certs"
verify_ssl: OpenSSL::SSL::VERIFY_PEER
)
resposne = resource.get
# Customize ssl_cert_store
store = OpenSSL::X509::Store.new
store.set_default_paths
cert = OpenSSL::X509::Certificate.new(File.read('path/to/certificate.pem'))
store.add_cert(cert)
resource = RestMan::Resource.new(
"https://example.com/test",
ssl_cert_store: store,
verify_ssl: OpenSSL::SSL::VERIFY_PEER
)
resposne = resource.get
response.code #=>200
response.headers #=> Hash
response.headers[:content_type] #=> text/plain
response.body #=> Hello world!
RestMan CLI hasn't support SSL/TLS customization.
Customize client certificates
HEAD
/test
HTTP/1.1
Accept: */*
Accept-Encoding: gzip;q=1.0,deflate;q=0.6,identity;q=0.3
User-Agent: rest-man/1.1.0 (darwin21 arm64) ruby/3.1.2p20
Host: example.com
HTTP/1.1
200
OK
Content-Type: text/plain
Hello world!
RestMan simple mode hasn't support SSL/TLS customization.
Please use advance or resource mode.
response = RestMan::Request.execute(
method: :get,
url: "https://example.com/test",
ssl_client_cert: OpenSSL::X509::Certificate.new(File.read("client.crt")),
ssl_client_key: OpenSSL::PKey::RSA.new(File.read("client.key"))
)
response.code #=>200
response.headers #=> Hash
response.headers[:content_type] #=> text/plain
response.body #=> Hello world!
resource = RestMan::Resource.new(
"https://example.com/test",
ssl_client_cert: OpenSSL::X509::Certificate.new(File.read("client.crt")),
ssl_client_key: OpenSSL::PKey::RSA.new(File.read("client.key"))
)
resposne = resource.get
response.code #=>200
response.headers #=> Hash
response.headers[:content_type] #=> text/plain
response.body #=> Hello world!
RestMan CLI hasn't support SSL/TLS customization.
