OpenSSL trouble with Ruby 1.9.3
I had the same problem connecting to an authorization gateway. In the end I was able to connect by forcing sslv3
http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = true if @is_https
http.verify_mode = OpenSSL::SSL::VERIFY_NONE if @is_https
http.ssl_version = :SSLv3
Certificate verify failed OpenSSL error when using Ruby 1.9.3
There are lots of moving parts involved in the correct answer. Depends on your OS, Ruby version, OpenSSL version, Rubygems version. I ended up writing an article after researching it. My article explains the reasons for the error, offers steps for further diagnosis, shows several workarounds, and suggests possible solutions. This will be helpful:
OpenSSL Errors and Rails – Certificate Verify Failed
There are also links to the relevant commits and issues on GitHub.
On ruby-1.9.3 getting OpenSSL::SSL::SSLError from net-https (Mac OSX 10.6)
I just directly modify the http.rb source(L:669) for MacOS:
def use_ssl=(flag)
flag = flag ? true : false
if started? and @use_ssl != flag
raise IOError, "use_ssl value changed, but session already started"
end
if flag && !@ca_file //added by riceball
@ca_file = '/opt/local/share/curl/curl-ca-bundle.crt'
end
must install first
port install curl-ca-bundle
Trouble with OpenSSL on RHEL 6.3 and all Ruby installers
After far too many hours of research, and learning far more about Linux than I ever cared to, I have narrowed the problem to basic peculiarities of RHEL and OpenSSL and an incorrect assumption made by Ruby (extconf.rb) during installation. The following sites gave me some good clues as to what to look at but I found nothing that put it all together like what I needed.
- http://www.openssl.org/support/faq.html#BUILD8
- http://wiki.openssl.org/index.php/Compilation_and_Installation#Fedora_and_Red_Hat
- http://sachachua.com/blog/2011/04/setting-up-ruby-on-rails-on-a-redhat-enterprise-linux-rackspace-cloud-server/
- https://web.archive.org/web/20130430124941/https://rvm.io/packages/openssl/
...and not much thanks to a whole bunch of red herrings involving Ruby patches and EC2M. Also, RVM needs to correct their optimism that they have accounted for this with autolibs and should reinstate their previous openssl page.
Basic solution rules
Rule 1
The install of OpenSSL (1.0.1e) created and maintained by yum in /usr/bin
cannot be used to compile Ruby's OpenSSL extension correctly -- at least, not on my machine at this time with the latest versions of Ruby (1.9.3-p484, 2.0.0, 2.1.0). RHEL 6.3. I can only surmise that this is due to peculiarities in RedHat's compilation of OpenSSL as hinted at in the OpenSSL FAQ.
Rule 2
I found two old versions (0.9.8) of OpenSSL in /usr/local
(in bin
+ openssl
, and ssl/bin
) and updating/replacing these got me a bit closer to a solution. For whatever reason, every manual install of OpenSSL 1.0.1f in /usr/local
(regardless of bin,openssl,ssl directory arrangement) insisted on putting the libraries in /usr/local/lib64
instead of /usr/local/lib
(unless I hacked the Makefile
, of course). Ruby's expconf.rb
script, however, assumes the OpenSSL libraries will always be in a lib
directory. Chasing down this single annoyance (and clash with OpenSSL) was the hardest part of all this. Therefore, to make using an install of OpenSSL in /usr/local
work, you must do two things: (1) install Ruby with the --with-openssl-dir
switch, and (2) recompile Ruby's OpenSSL extension while also modifying the Makefile
to point to lib64
instead of lib
. Thus, run something like the following string of commands as root:
ruby-install ruby 1.9.3-p545 -- --with-openssl-dir=/usr/local
cd /usr/local/src/ruby-1.9.3-p545/ext/openssl
ruby extconf.rb
Edit openssl's Makefile to replace something like this:
libpath = . $(libdir) /usr/local/lib
LIBPATH = -L. -L$(libdir) -Wl,-R$(libdir) -L/usr/local/lib -Wl,-R/usr/local/lib
with something like this:
libpath = . $(libdir) /usr/local/lib64
LIBPATH = -L. -L$(libdir) -Wl,-R$(libdir) -L/usr/local/lib64 -Wl,-R/usr/local/lib64
Save, and back to the command line:
make
make install
The new Ruby install should now work with OpenSSL properly. As a quick check, I restart my sudo session and then (assuming using chruby):
chruby 1.9
ruby -ropenssl -e "puts OpenSSL::VERSION"
Rule 3
Installing OpenSSL anywhere besides /usr
puts the libraries in the expected lib
instead of lib64
. (Don't ask me why... dunno.) This may be the more maintainable solution as it lets you avoid hacking up the Makefile
. This is also the solution RVM uses when running rvm pkg install openssl
. Thus, to install both OpenSSL and Ruby (in /opt
), you may run commands something like these (I run as sudo bash):
Install OpenSSL:
cd /opt/local
wget http://www.openssl.org/source/openssl-1.0.1f.tar.gz
tar -xzf openssl-1.0.1f.tar.gz
cd openssl-1.0.1f
./config --prefix=/opt/local shared no-asm zlib > openssl_config.log
make > openssl_make.log
make install > openssl_install.log
(The shared
switch is required for Ruby to install without error, the no-asm
switch helps get rid of a Make warning but does not appear to be required, and zlib
and other switches are optional.)
Optional, update openssl certs:
cd /opt/local/ssl
wget http://curl.haxx.se/ca/cacert.pem
mv cacert.pem cert.pem
cd /opt
Back to Ruby:
ruby-install ruby 1.9.3-p545 -- --with-openssl-dir=/opt/local
The new Ruby install should now work with OpenSSL properly. As a quick check, I restart my sudo session and then (assuming using chruby):
chruby 1.9
ruby -ropenssl -e "puts OpenSSL::VERSION"
troubles with RVM and OpenSSL
Try this:
rvm get head
rvm pkg remove
rvm requirements run # if brew gives you warnings about formulas to install, run "brew install" for each before moving on.
rvm reinstall [the version you need (i.e: 2.0.0)]
Related Topics
Suppresing Output to Console with Ruby
Access Ruby Hash Using Dotted Path Key String
Custom_Require.Rb:36:In 'Require': No Such File to Load -- Myapp(Loaderror)
Using Ruby to Generate Sha512 Crypt-Style Hashes Formatted for /Etc/Shadow
How to Share State Between Scenarios Using Cucumber
Drop-Down-Menu for Many-To-Many Relation in Rails Using Nested Attributes
Getting Current Line of Code in Ruby
Rake Aborted! Stack Level Too Deep
How to Recursively Remove All Keys with Empty Values from (Yaml) Hash
Rails 4 Devise 3.1.1 Actioncontroller::Unknownformat in Devise::Registrationscontroller#New
Case Expression Different in Ruby 1.9
Rails Render of Partial and Layout in Controller
Saml 2.0 Sso for Ruby on Rails
Activerecords Select(:Id).Collect VS. Pluck(:Id) Methods: Why Is Pure Ar "Pluck" Slower
How to Split a String into Consecutive Substrings of Length at Most 3 in All Possible Ways
How to Modify a Text File in Ruby
Is There a Solution to Bypass 'Can't Add a New Key into Hash During Iteration (Runtimeerror)'