Reputation: 2572
Ruby Enterprise Edition + OpenSSL -> "certificate verify failed"
I'm having a bit of a nightmare trying to get REE playing nicely with SSL.
Whenever I connect to an SSL site:
require 'open-uri'
open 'https://www.google.com'
I get the following error:
/Users/jon/.rvm/rubies/ree-1.8.7-2011.03/lib/ruby/1.8/net/http.rb:586:in `connect': SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (OpenSSL::SSL::SSLError)
from /Users/jon/.rvm/rubies/ree-1.8.7-2011.03/lib/ruby/1.8/net/http.rb:586:in `connect'
from /Users/jon/.rvm/rubies/ree-1.8.7-2011.03/lib/ruby/1.8/net/http.rb:553:in `do_start'
from /Users/jon/.rvm/rubies/ree-1.8.7-2011.03/lib/ruby/1.8/net/http.rb:542:in `start'
from /Users/jon/.rvm/rubies/ree-1.8.7-2011.03/lib/ruby/1.8/open-uri.rb:242:in `open_http'
from /Users/jon/.rvm/rubies/ree-1.8.7-2011.03/lib/ruby/1.8/open-uri.rb:616:in `buffer_open'
from /Users/jon/.rvm/rubies/ree-1.8.7-2011.03/lib/ruby/1.8/open-uri.rb:164:in `open_loop'
from /Users/jon/.rvm/rubies/ree-1.8.7-2011.03/lib/ruby/1.8/open-uri.rb:162:in `catch'
from /Users/jon/.rvm/rubies/ree-1.8.7-2011.03/lib/ruby/1.8/open-uri.rb:162:in `open_loop'
from /Users/jon/.rvm/rubies/ree-1.8.7-2011.03/lib/ruby/1.8/open-uri.rb:132:in `open_uri'
from /Users/jon/.rvm/rubies/ree-1.8.7-2011.03/lib/ruby/1.8/open-uri.rb:518:in `open'
from /Users/jon/.rvm/rubies/ree-1.8.7-2011.03/lib/ruby/1.8/open-uri.rb:30:in `open'
It works fine under Ruby 1.9.2 or the regular 1.8.7. I tried repackaging OpenSSL and installing ree to link against that, as mentioned on the RVM OpenSSL page, but it had no effect. I'm on OS X 10.6.7, but I'm seeing the same problem with our OpenSolaris REE installation.
Any suggestions would be massively appreciated.
Upvotes: 3
Views: 1590
Answers (1)
Reputation: 239301
It sounds like it isn't correctly picking up the the location of the trusted CA certificates - REE must have a different compiled-in default location, which is incorrect for your system.
For posterity:
The OP's problem was solved by downloading http://curl.haxx.se/ca/cacert.pem and copying it to /opt/local/etc/openssl/cert.pem.
Upvotes: 3
Related Questions
- "Certificate verify failed" OpenSSL error when using Ruby 1.9.3
- Why is Ruby unable to verify an SSL certificate?
- Couldn't require openssl in ruby
- How to fix 'OpenSSL::SSL::SSLError' error in Ruby?
- Ruby Error reading in Certificate File with OpenSSL
- Certificate created with Ruby SSL is not valid
- Ruby and OpenSSL certificate verify failed
- Can't bypass OpenSSL verification - certificate verify failed (OpenSSL::SSL::SSLError)
- OpenSSL trouble with Ruby 1.9.3
- SSL certificate verify failure every other time