SSL errors with open()

34 views
Skip to first unread message

j...@via.net

unread,
Jun 8, 2015, 1:07:23 PM6/8/15
to rubyonra...@googlegroups.com
I have web site that open ok in the browser - no errors or warnings about the certificate. When I open it with open(), I get the following error:

/Users/joe/.rvm/rubies/ruby-2.2.2/lib/ruby/2.2.0/net/http.rb:931: `SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed' (OpenSSL::SSL::SSLError)

from /Users/joe/.rvm/rubies/ruby-2.2.2/lib/ruby/2.2.0/net/http.rb:852:in `start'

from /Users/joe/.rvm/rubies/ruby-2.2.2/lib/ruby/2.2.0/open-uri.rb:318:in `open_http'

from /Users/joe/.rvm/rubies/ruby-2.2.2/lib/ruby/2.2.0/open-uri.rb:736:in `buffer_open'

from /Users/joe/.rvm/rubies/ruby-2.2.2/lib/ruby/2.2.0/open-uri.rb:211:in `block in open_loop'

from /Users/joe/.rvm/rubies/ruby-2.2.2/lib/ruby/2.2.0/open-uri.rb:209:in `catch'

from /Users/joe/.rvm/rubies/ruby-2.2.2/lib/ruby/2.2.0/open-uri.rb:209:in `open_loop'

from /Users/joe/.rvm/rubies/ruby-2.2.2/lib/ruby/2.2.0/open-uri.rb:150:in `open_uri'

from /Users/joe/.rvm/rubies/ruby-2.2.2/lib/ruby/2.2.0/open-uri.rb:716:in `open'

from /Users/joe/.rvm/rubies/ruby-2.2.2/lib/ruby/2.2.0/open-uri.rb:34:in `open'

from t.rb:13:in `<main>'

/Users/joe/.rvm/rubies/ruby-2.2.2/lib/ruby/2.2.0/net/http.rb:931:          raise exception



Trying another SSL enabled site (https://www.google.com) works ok.

Any ideas here?

Thanks,

Joe

Mike

unread,
Jun 11, 2015, 3:24:41 PM6/11/15
to rubyonra...@googlegroups.com
It is possible you do not have a fully up to date root certificate list, root certificates are stores in the browser, but OpenSSL uses its own directory

Since you are using rvm on OS X by the look of it, so you may want to try the following command to see if this helps

rvm osx-ssl-certs update

j...@via.net

unread,
Jun 12, 2015, 4:16:31 PM6/12/15
to rubyonra...@googlegroups.com
I updated the SSL certs as you suggested, I still get a failure.

There is a workaround: add these 2 lines to the top of your program:

I_KNOW_THAT_OPENSSL_VERIFY_PEER_EQUALS_VERIFY_NONE_IS_WRONG = nil

OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE


The SSL library prints a warning, but it will run.

Mike Simkins

unread,
Jun 13, 2015, 5:31:09 AM6/13/15
to rubyonra...@googlegroups.com
Agreed it will run, but it has obviously removed all the protection :)

Very interested that it works in a browser however

Sent from my iPhone
--
You received this message because you are subscribed to a topic in the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/rubyonrails-talk/ZcKve04PTlw/unsubscribe.
To unsubscribe from this group and all its topics, send an email to rubyonrails-ta...@googlegroups.com.
To post to this group, send email to rubyonra...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/c4970638-6f94-4d36-b29a-0cad2f738b4c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages