Ssl_Connect Returned=1 Errno=0 State=Sslv3 Read Server Certificate B: Certificate Verify Failed MAC

SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed on Mac

You need to update certificates:

sudo curl http://curl.haxx.se/ca/cacert.pem -o "$(ruby -ropenssl -e "p OpenSSL::X509::DEFAULT_CERT_FILE")"

Although this is considered to be not safe as the certificates are downloaded without https and there is no way to tell if they were not changed on the way.

RVM has updated code that will use OSX certificates to update the file and will pull automatically dependencies, you can get it with:

rvm get head
rvm install 1.9.3

SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed MAC

Download http://curl.haxx.se/ca/ca-bundle.crt
Copy certificate into /usr/local/etc/openssl/certs/

Make omniauth.rb look like this:

options = {
  scope: "email",
  :prompt => "select_account",
  access_type: 'offline',
  :client_options => {
    :ssl => {
      :ca_file => "/usr/local/etc/openssl/certs/ca-bundle.crt",
      :ca_path => "/usr/local/etc/openssl/certs"
    }
  }
}

Rails.application.config.middleware.use OmniAuth::Builder do
  provider :google_oauth2, Rails.application.secrets.client_id, Rails.application.secrets.client_secret, options
end

OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed

That sometimes happens if the default 'OpenSSL directory' is not set correctly with the native OpenSSL library. open-uri uses OpenSSL::X509::Store#set_default_paths in order to tell OpenSSL to look in the OpenSSL directory for the file that contains the trusted root certificates that OpenSSL trusts by default.

In your case, this lookup fails. You can make it succeed by setting an environment variable that overrides the default setting and tells OpenSSL to look in that directory instead:

export SSL_CERT_FILE=/etc/pki/tls/cert.pem

That's the default location for the root CA bundle on my Fedora 16 64 bit, other popular locations are /etc/ssl/ca-bundle.crt etc. In your case, the OpenSSL library used by RVM is located in $rvm_path/usr, so you should look around there for a suitable candidate for the default root CA file. After the environment variable is set correctly, the call to open-uri will succeed.

To make the environment variable permanent, use the usual ways such as defining the export in .bashrc, /etc/profile or whatever fits best in your situation.

connect: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (OpenSSL::SSL::SSLError)

Note: I was working with test automation in lower level environments
that did not have properly signed certificates and would often throw
errors due to domain signatures not matching. For the problem at
hand, bypassing signatures was a plausible solution but it is not a
solution to be used for production level development.

My problem is that I am trying to validate a self-signed certificate. All I had to do was put the following code and omit anything to do with validating certificates.

I had to do this for both my SOAP and REST calls that were both experiencing the same issue.

SOAP using Savon

client = Savon::Client.new order_svc

request = client.create_empty_cart { |soap, http|
  http.auth.ssl.verify_mode = :none
  http.headers = { "Content-Length" => "0", "Connection" => "Keep-Alive" }
  soap.namespaces["xmlns:open"] = "http://schemas.datacontract.org/2004/07/Namespace"
  soap.body = {
      "wsdl:brand" => brand,
      "wsdl:parnter" => [
        {"open:catalogName" => catalogName, "open:partnerId" => partnerId }
      ] }.to_soap_xml

      }

REST using HTTPClient

client = HTTPClient.new
client.ssl_config.verify_mode=(OpenSSL::SSL::VERIFY_NONE)
resp = client.get(Methods)

SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed

The issue has been solved by simply installing root certificates:

apt-get install openssl ca-certificates