Reputation: 2572
I'm having a bit of a nightmare trying to get REE playing nicely with SSL.
Whenever I connect to an SSL site:
require 'open-uri'
open 'https://www.google.com'
I get the following error:
/Users/jon/.rvm/rubies/ree-1.8.7-2011.03/lib/ruby/1.8/net/http.rb:586:in `connect': SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (OpenSSL::SSL::SSLError)
from /Users/jon/.rvm/rubies/ree-1.8.7-2011.03/lib/ruby/1.8/net/http.rb:586:in `connect'
from /Users/jon/.rvm/rubies/ree-1.8.7-2011.03/lib/ruby/1.8/net/http.rb:553:in `do_start'
from /Users/jon/.rvm/rubies/ree-1.8.7-2011.03/lib/ruby/1.8/net/http.rb:542:in `start'
from /Users/jon/.rvm/rubies/ree-1.8.7-2011.03/lib/ruby/1.8/open-uri.rb:242:in `open_http'
from /Users/jon/.rvm/rubies/ree-1.8.7-2011.03/lib/ruby/1.8/open-uri.rb:616:in `buffer_open'
from /Users/jon/.rvm/rubies/ree-1.8.7-2011.03/lib/ruby/1.8/open-uri.rb:164:in `open_loop'
from /Users/jon/.rvm/rubies/ree-1.8.7-2011.03/lib/ruby/1.8/open-uri.rb:162:in `catch'
from /Users/jon/.rvm/rubies/ree-1.8.7-2011.03/lib/ruby/1.8/open-uri.rb:162:in `open_loop'
from /Users/jon/.rvm/rubies/ree-1.8.7-2011.03/lib/ruby/1.8/open-uri.rb:132:in `open_uri'
from /Users/jon/.rvm/rubies/ree-1.8.7-2011.03/lib/ruby/1.8/open-uri.rb:518:in `open'
from /Users/jon/.rvm/rubies/ree-1.8.7-2011.03/lib/ruby/1.8/open-uri.rb:30:in `open'
It works fine under Ruby 1.9.2 or the regular 1.8.7. I tried repackaging OpenSSL and installing ree to link against that, as mentioned on the RVM OpenSSL page, but it had no effect. I'm on OS X 10.6.7, but I'm seeing the same problem with our OpenSolaris REE installation.
Any suggestions would be massively appreciated.
Upvotes: 3
Views: 1590
Reputation: 239301
It sounds like it isn't correctly picking up the the location of the trusted CA certificates - REE must have a different compiled-in default location, which is incorrect for your system.
For posterity:
The OP's problem was solved by downloading http://curl.haxx.se/ca/cacert.pem
and copying it to /opt/local/etc/openssl/cert.pem
.
Upvotes: 3