OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
That sometimes happens if the default 'OpenSSL directory' is not set correctly with the native OpenSSL library. open-uri uses OpenSSL::X509::Store#set_default_paths
in order to tell OpenSSL to look in the OpenSSL directory for the file that contains the trusted root certificates that OpenSSL trusts by default.
In your case, this lookup fails. You can make it succeed by setting an environment variable that overrides the default setting and tells OpenSSL to look in that directory instead:
export SSL_CERT_FILE=/etc/pki/tls/cert.pem
That's the default location for the root CA bundle on my Fedora 16 64 bit, other popular locations are /etc/ssl/ca-bundle.crt etc. In your case, the OpenSSL library used by RVM is located in $rvm_path/usr, so you should look around there for a suitable candidate for the default root CA file. After the environment variable is set correctly, the call to open-uri will succeed.To make the environment variable permanent, use the usual ways such as defining the export in .bashrc, /etc/profile or whatever fits best in your situation.
OpenSSL::SSL::SSLError SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
if you using brew and rvm, use the following:
rvm remove 1.9.3
brew install openssl
rvm install 1.9.3 --with-openssl-dir=`brew --prefix openssl`
SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed ONLY WHEN PROXYING
What is going on here is that Charles cannot provide you with a valid certificate for "https://www.ibm.com", because whatever certificate you set up Charles with (or if Charles creates its own certificate) it cannot be for the "www.ibm.com" name AND certified by a trusted certificate authority. That's why the connection fails if the client verifies the the certificate, and works if you skip verification with
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
It probably worked with the older version of ruby because "net/https" was adjusted to verifycertificates by default only recently.
Related Topics
Escaping Strings for Ruby Sqlite Insert
Ruby Readline Fails If Process Started with Arguments
Sinatra Not Persisting Session with Redirect on Chrome
How Can Multiple Trailing Slashes Can Be Removed from a Url in Ruby
How to Override a Variable in a Ruby Subclass Without Affecting The Superclass
Devise with Ruby on Rails - Force User to Change Password on First Login
Fresh Ruby Gem from Bundler - Cannot Load My Version.Rb File
Thor Executable - Ignore Task Name
Are Rack-Based Web Servers Represent Fastcgi Protocol
Rails Parameters from Get/Post
Deleting a Specific Line in a Text File
How Do Erlang Actors Differ from Oop Objects
Where to Reopen a Class in Ror
How to Use Variable Arguments with Ruby's Optionparser
Ruby - Append Content at The End of The Existing S3 File Using Fog