On ruby-1.9.3 getting OpenSSL::SSL::SSLError from net-https (Mac OSX 10.6)

Question

I have seen a lot of people with this error and no solution seems to fix it for me:

ruby-1.9.3-p0/lib/ruby/1.9.1/net/http.rb:799:in `connect': SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (OpenSSL::SSL::SSLError)

There seem to be a lot of solutions proposing shifting cert files around. I've installed and uninstalled macports, homebrew, the works. I have my keys set up right for github. The error is occurring when trying to do a rails build that calls on a template with files up on github.

System: Mac OSX 10.6 - recent upgrade. Ruby 1.9.3, also a recent upgrade. Rails 3.2. I have googled till the cows come home and spent hours on this problem and even though there seem to be several q's like this I am holding out hope someone found a solution and hasn't yet posted it. I think I know why it's happening - net/http is not finding the certs, right? But I cannot figure out how to fix it. Thanks in advance for any kind help.

Edit: Further info. Attempting the exact same build in ruby 1.9.2 (rvm use 1.9.2) completes without throwing the error.

Another edit: I have tried all the stuff on the rvm page about the openssl package, installing that and reinstalling ruby-1.9.3 with the config flag pointing openssl at that package. Still no joy.

One more edit: It seems to be OpenURI that's having the problem - cannot find a way to make it aware of the cert locations :-(

Answer 1

I just directly modify the http.rb source(L:669) for MacOS:

def use_ssl=(flag)
  flag = flag ? true : false
  if started? and @use_ssl != flag
    raise IOError, "use_ssl value changed, but session already started"
  end
  if flag && !@ca_file //added by riceball
    @ca_file = '/opt/local/share/curl/curl-ca-bundle.crt' 
  end

must install first

 port install curl-ca-bundle