SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed on Mac
You need to update certificates:
sudo curl http://curl.haxx.se/ca/cacert.pem -o "$(ruby -ropenssl -e "p OpenSSL::X509::DEFAULT_CERT_FILE")"
Although this is considered to be not safe as the certificates are downloaded without https
and there is no way to tell if they were not changed on the way.
RVM has updated code that will use OSX certificates to update the file and will pull automatically dependencies, you can get it with:
rvm get head
rvm install 1.9.3
SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed MAC
- Download http://curl.haxx.se/ca/ca-bundle.crt
- Copy certificate into
/usr/local/etc/openssl/certs/
Make omniauth.rb look like this:
options = {
scope: "email",
:prompt => "select_account",
access_type: 'offline',
:client_options => {
:ssl => {
:ca_file => "/usr/local/etc/openssl/certs/ca-bundle.crt",
:ca_path => "/usr/local/etc/openssl/certs"
}
}
}
Rails.application.config.middleware.use OmniAuth::Builder do
provider :google_oauth2, Rails.application.secrets.client_id, Rails.application.secrets.client_secret, options
end
OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
That sometimes happens if the default 'OpenSSL directory' is not set correctly with the native OpenSSL library. open-uri uses OpenSSL::X509::Store#set_default_paths
in order to tell OpenSSL to look in the OpenSSL directory for the file that contains the trusted root certificates that OpenSSL trusts by default.
In your case, this lookup fails. You can make it succeed by setting an environment variable that overrides the default setting and tells OpenSSL to look in that directory instead:
export SSL_CERT_FILE=/etc/pki/tls/cert.pem
That's the default location for the root CA bundle on my Fedora 16 64 bit, other popular locations are /etc/ssl/ca-bundle.crt etc. In your case, the OpenSSL library used by RVM is located in $rvm_path/usr, so you should look around there for a suitable candidate for the default root CA file. After the environment variable is set correctly, the call to open-uri will succeed.
To make the environment variable permanent, use the usual ways such as defining the export in .bashrc, /etc/profile or whatever fits best in your situation.
connect: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (OpenSSL::SSL::SSLError)
Note: I was working with test automation in lower level environments
that did not have properly signed certificates and would often throw
errors due to domain signatures not matching. For the problem at
hand, bypassing signatures was a plausible solution but it is not a
solution to be used for production level development.
My problem is that I am trying to validate a self-signed certificate. All I had to do was put the following code and omit anything to do with validating certificates.
I had to do this for both my SOAP and REST calls that were both experiencing the same issue.
SOAP using Savon
client = Savon::Client.new order_svc
request = client.create_empty_cart { |soap, http|
http.auth.ssl.verify_mode = :none
http.headers = { "Content-Length" => "0", "Connection" => "Keep-Alive" }
soap.namespaces["xmlns:open"] = "http://schemas.datacontract.org/2004/07/Namespace"
soap.body = {
"wsdl:brand" => brand,
"wsdl:parnter" => [
{"open:catalogName" => catalogName, "open:partnerId" => partnerId }
] }.to_soap_xml
}
REST using HTTPClient
client = HTTPClient.new
client.ssl_config.verify_mode=(OpenSSL::SSL::VERIFY_NONE)
resp = client.get(Methods)
SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
The issue has been solved by simply installing root certificates:
apt-get install openssl ca-certificates
Related Topics
Accessing the Child Instance in a Rabl Template
Rails 4 Error with Every Command "'Load': No Implicit Conversion of Nil into String" (MAC Os X 10.9)
Capybara Trouble Filling in Js Modal
Call Next on Ruby Loop from External Method
How to Install Libksba on MAC Osx
What Does a Single Splat/Asterisk in a Ruby Argument List Mean
Arbitrary Precision Arithmetic with Ruby
Rails Reload Dynamic Routes on Multiple Instances/Servers
What Is the Equivalent to Rspec's 'It "Should …", Focus: True Do' in Minitest/Spec
Selenium Webdriver Getting a Cookie Value
Validate That String Contains Only Allowed Characters in Ruby
How to Prevent Rails Controller Generator to Modify Config/Routes.Rb
Rails Is Not Using My Global Ruby Version
Testing Rake Tasks with Rspec Is Not Accepting Arguments
Should I Be Using Rails or Ruby for This Website Application? How