Alex131089


Hello,

I'm trying to get the LiveID working on my Windows Wista based computer, using Apache and Ruby, and I'm getting a problem : it seem that the ruby OpenSSL doesn't support SHA256 under windows .

I can use

Code Snippet
Digest::SHA256.digest(key)

(loading digest/sha2), but not

Code Snippet
OpenSSL::Digest::SHA256.digest(key)

.

Do you know if there is any "hack", or any other hashing method supported by the LiveID

I tried with SHA1, but it doesn't seem to works :/

I also tried remplacing the OpenSSL DLL's in the ruby bin directory, but no more SHA256 ...

Thank in advance,

Cordially,

Alexandre




Re: Without SHA256 ?

Alex131089


Solved :

the OpenSSL DLL's (libeay32.dll & ssleay32.dll) inclued with Ruby doesn't support SHA256, I find to solutions to this :

you can rename/delete this two DLL if one of the PATH environment is a path containing newest OpenSSL DLL's;

or you can overwrite the DLL's in the Ruby bin directory by the newest ones.

Otherwise, I had to make a change to get the logout works (LiveID said that I were logged out, but once on index.rb, I were always logged ...) :

authlite-handler.rb :

Code Snippet

when 'logout'
cgi.out('status' => 'REDIRECT', 'location' => LOGOUT){ "" }

==>

Code Snippet

when 'logout'
cookie = CGI::Cookie.new(COOKIE, '')
cgi.out('cookie' => [cookie], 'status' => 'REDIRECT', 'location' => LOGOUT){ "" }

EDIT :

An other needed modification :

\ruby\lib\ruby\1.8\openssl\digest.rb :

Code Snippet
if OPENSSL_VERSION_NUMBER > 0x00908000
alg += %w(SHA224 SHA256 SHA384 SHA512)
end

==>

Code Snippet
#if OPENSSL_VERSION_NUMBER > 0x00908000
alg += %w(SHA224 SHA256 SHA384 SHA512)
#end

Hope this can help Wink

Alexandre.






Re: Without SHA256 ?

becker_dev

If you can not change the ruby lib, Use the digest sha256 and the ruby bases HMAC library for the verification of the token.

http://deisui.org/~ueno/ruby/hmac.html

Thank you