SSL request without certification

[Michel Pigassou]

Hi.

In this issue (https://github.com/jnunemaker/httparty/issues/issue/67/#comment_764089) I asked if I was doing my stuff correctly but it was not the good place. So here am I.

My script is very simple:

class Foursquare

  include HTTParty

  CLIENT_ID     = 'XXX'

  CLIENT_SECRET = 'YYY'

  

  base_uri 'http://api.foursquare.com'

  def initialize

    @auth = {:client_id => CLIENT_ID, :client_secret => CLIENT_SECRET}

  end

  def get(url, options)

    options[:query].merge! @auth

    super url, options

  end

  

end

response = Foursquare.get '/v2/venues/search', :query => {:ll => lat_long }

It gives the following error: "OpenSSL::SSL::SSLError (SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed):"

According to the plugin's author (https://github.com/jnunemaker/httparty/issues/issue/67/#issue/67/comment/764089) net/http should default to VERIFY_NONE.

But I'm not sure it does:

uri = URI.parse("https://api.foursquare.com/v2/venues/search?ll=#{lat_long}&client_id=#{CLIENT_ID}&client_secret=#{CLIENT_SECRET}")

http = Net::HTTP.new(uri.host, 443)

http.use_ssl = true

request = Net::HTTP::Get.new(uri.request_uri)

response = JSON.parse(http.request(request).body)

gives me the same OpenSSL error.

What do you think?

[Sandro]

Are you using 1.9.2? It looks like 1.8.7 sets VERIFY_NONE by default
but 1.9.2 does not. I guess I was wrong in this commit:
ca8c13b4f9e32747. Thanks for reporting the issue, we'll get on it.

On Feb 11, 2:00 pm, Michel Pigassou <dag...@gmail.com> wrote:
> Hi.
>
> In this issue (https://github.com/jnunemaker/httparty/issues/issue/67/#comment_764089) I
> asked if I was doing my stuff correctly but it was not the good place. So
> here am I.
>
> My script is very simple:
>
> class Foursquare
>   include HTTParty
>
>   CLIENT_ID     = 'XXX'
>   CLIENT_SECRET = 'YYY'
>
>   base_uri 'http://api.foursquare.com'
>
>   def initialize
>     @auth = {:client_id => CLIENT_ID, :client_secret => CLIENT_SECRET}
>   end
>
>   def get(url, options)
>     options[:query].merge! @auth
>     super url, options
>   end
>
> end
>
> response = Foursquare.get '/v2/venues/search', :query => {:ll => lat_long }
>
> It gives the following error: "OpenSSL::SSL::SSLError (SSL_connect
> returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify
> failed):"
>
> According to the plugin's author

> (https://github.com/jnunemaker/httparty/issues/issue/67/#issue/67/comm...)

[John Nunemaker]

Ah. Makes sense. Good catch sandro.

> --
> You received this message because you are subscribed to the Google Groups "HTTParty Gem" group.
> To post to this group, send email to httpar...@googlegroups.com.
> To unsubscribe from this group, send email to httparty-gem...@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/httparty-gem?hl=en.
>

[Michel Pigassou]

I am indeed using Ruby 1.9.2. Thanks for your follow-up.

[Dillon Bailey]

Hi Sandro,

Are you able to confirm that this has been fixed?  I have reposted on GitHub as this was a known issue with the verify_mode not defaulting to none.

Would you be able to let me know if there is anything further I need to do to get this patch off GitHub?

Cheers,

Dillon