Create an account

Very important

  • To access the important data of the forums, you must be active in each forum and especially in the leaks and database leaks section, send data and after sending the data and activity, data and important content will be opened and visible for you.
  • You will only see chat messages from people who are at or below your level.
  • More than 500,000 database leaks and millions of account leaks are waiting for you, so access and view with more activity.
  • Many important data are inactive and inaccessible for you, so open them with activity. (This will be done automatically)

0Day Forums Coding Ruby "Certificate verify failed" OpenSSL error when using Ruby 1.9.3

Thread Rating:
  • 561 Vote(s) - 3.46 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Options
"Certificate verify failed" OpenSSL error when using Ruby 1.9.3

Offline macdonald296


Member
*
Member
Posts: 0
Threads: 0
Joined: Jan 2023
Reputation: 0
Level: inf [Level]
Total Points: inf
Rank nan / 1
100% to upload Level
Rank
Activity inf / 1
99% to upload your Rank
Activity
Experience nan
100% to upload Experience
Experience

Points: 50
#1
07-18-2023, 04:42 PM
I'm using Ruby 1.9.3p0 on Mac OS 10.6.8 (installed using rvm). When I attempt to create a new Rails application using an [application template hosted on GitHub][1], with this (for example):

<pre>
$ rails new myapp -m

[To see links please register here]

-T -O
</pre>

I get this error message:

<pre>/Users/me/.rvm/rubies/ruby-1.9.3-p0/lib/ruby/1.9.1/net/http.rb:799:in `connect': SSL_connect
returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
(OpenSSL::SSL::SSLError)
</pre>

I understand the Ruby language interpreter is using OpenSSL to connect to GitHub to request the application template file. GitHub requires all connections to be made using SSL. The connection failed because OpenSSL was unable to verify the server certificate.

I was able to resolve the issue by downloading a certificates file:

<pre>$ cd /opt/local/etc/openssl
$ sudo curl -O

[To see links please register here]

$ sudo mv cacert.pem cert.pem
</pre>

I had no problem using Ruby 1.9.2. Why did I get the "certificate verify failed" problem for Ruby 1.9.3? Is this a Ruby 1.9.3 bug? Is it specific to Mac OS 10.6.8? Is my solution the right way to resolve this?


[1]:

[To see links please register here]

Reply

Offline fingerpickgn


Member
*
Member
Posts: 0
Threads: 0
Joined: Apr 2019
Reputation: 0
Level: inf [Level]
Total Points: inf
Rank nan / 1
100% to upload Level
Rank
Activity inf / 1
99% to upload your Rank
Activity
Experience nan
100% to upload Experience
Experience

Points: 50
#2
07-18-2023, 04:49 PM
For me this occurred on OS X with homebrew after updating to the latest RVM (rvm 1.20.12) and then installing ruby-1.9.3-p429. I could reproduce the issue simply by running:

$ rvm use ruby-1.9.3-p429
$ irb
1.9.3p429 :001 > require 'open-uri'; open 'https://google.com'
OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
from /Users/lyahdav/.rvm/rubies/ruby-1.9.3-p429/lib/ruby/1.9.1/net/http.rb:800:in `connect'
from /Users/lyahdav/.rvm/rubies/ruby-1.9.3-p429/lib/ruby/1.9.1/net/http.rb:800:in `block in connect'
from /Users/lyahdav/.rvm/rubies/ruby-1.9.3-p429/lib/ruby/1.9.1/timeout.rb:55:in `timeout'
from /Users/lyahdav/.rvm/rubies/ruby-1.9.3-p429/lib/ruby/1.9.1/timeout.rb:100:in `timeout'
from /Users/lyahdav/.rvm/rubies/ruby-1.9.3-p429/lib/ruby/1.9.1/net/http.rb:800:in `connect'
from /Users/lyahdav/.rvm/rubies/ruby-1.9.3-p429/lib/ruby/1.9.1/net/http.rb:756:in `do_start'
from /Users/lyahdav/.rvm/rubies/ruby-1.9.3-p429/lib/ruby/1.9.1/net/http.rb:745:in `start'
from /Users/lyahdav/.rvm/rubies/ruby-1.9.3-p429/lib/ruby/1.9.1/open-uri.rb:306:in `open_http'
from /Users/lyahdav/.rvm/rubies/ruby-1.9.3-p429/lib/ruby/1.9.1/open-uri.rb:775:in `buffer_open'
from /Users/lyahdav/.rvm/rubies/ruby-1.9.3-p429/lib/ruby/1.9.1/open-uri.rb:203:in `block in open_loop'
from /Users/lyahdav/.rvm/rubies/ruby-1.9.3-p429/lib/ruby/1.9.1/open-uri.rb:201:in `catch'
from /Users/lyahdav/.rvm/rubies/ruby-1.9.3-p429/lib/ruby/1.9.1/open-uri.rb:201:in `open_loop'
from /Users/lyahdav/.rvm/rubies/ruby-1.9.3-p429/lib/ruby/1.9.1/open-uri.rb:146:in `open_uri'
from /Users/lyahdav/.rvm/rubies/ruby-1.9.3-p429/lib/ruby/1.9.1/open-uri.rb:677:in `open'
from /Users/lyahdav/.rvm/rubies/ruby-1.9.3-p429/lib/ruby/1.9.1/open-uri.rb:33:in `open'
from (irb):1
from /Users/lyahdav/.rvm/rubies/ruby-1.9.3-p429/bin/irb:16:in `<main>'1.9.3p429 :002 >

The solution was similar to that in the question, but the path was wrong. Running this fixed it:

curl

[To see links please register here]

-o /usr/local/etc/openssl/cert.pem

The clue as to the correct path was that when I was installing ruby-1.9.3-p429 via RVM this showed in the output:

Certificates in '/usr/local/etc/openssl/cert.pem' already are up to date.

I had the `/usr/local/etc/openssl` path, but no `cert.pem` file in that directory, so I'm not sure why RVM claimed the certificates were up to date. It would be nice to know why I had to do this in first place, but I don't have time to investigate now.
Reply

Offline Proculicide78


Valued member
***
Valued member
Posts: 0
Threads: 0
Joined: Jun 2020
Reputation: 0
Level: inf [Level]
Total Points: inf
Rank nan / 1
100% to upload Level
Rank
Activity inf / 1
99% to upload your Rank
Activity
Experience nan
100% to upload Experience
Experience

Points: 50
#3
07-18-2023, 05:19 PM
I had a similar issue but not on Rails, but on just Ruby on Windows. I resolved it by using the **cacert.pem** certificate and setting the location of the certificate to the environmental variable "SSL_CERT_FILE"

Detailed answer here:

[To see links please register here]

Reply

Offline documentationpw


Member
*
Member
Posts: 0
Threads: 0
Joined: Feb 2020
Reputation: 0
Level: inf [Level]
Total Points: inf
Rank nan / 1
100% to upload Level
Rank
Activity inf / 1
99% to upload your Rank
Activity
Experience nan
100% to upload Experience
Experience

Points: 50
#4
07-18-2023, 05:33 PM
Openssl certification directory is `/usr/lib/ssl/` in Debian. So, following three lines was enough for me,

$ cd /usr/lib/ssl/
$ sudo curl -O

[To see links please register here]

$ sudo mv cacert.pem cert.pem
Reply

Offline deathiness86659


Valued member
***
Valued member
Posts: 0
Threads: 0
Joined: Jul 2017
Reputation: 0
Level: inf [Level]
Total Points: inf
Rank nan / 1
100% to upload Level
Rank
Activity inf / 1
99% to upload your Rank
Activity
Experience nan
100% to upload Experience
Experience

Points: 50
#5
07-18-2023, 05:34 PM
I had the same problem, having compiled my RVM Ruby against an RVM install of OpenSSL. I moved the cacerts.pem file as downloaded by the original poster under ~/.rvm/usr/ssl/cert.pem to make the problem go away.
Reply

Offline zolavsq


Member
*
Member
Posts: 0
Threads: 0
Joined: Sep 2017
Reputation: 0
Level: inf [Level]
Total Points: inf
Rank nan / 1
100% to upload Level
Rank
Activity inf / 1
99% to upload your Rank
Activity
Experience nan
100% to upload Experience
Experience

Points: 50
#6
07-18-2023, 05:48 PM
There are lots of moving parts involved in the correct answer. Depends on your OS, Ruby version, OpenSSL version, Rubygems version. I ended up writing an article after researching it. My article explains the reasons for the error, offers steps for further diagnosis, shows several workarounds, and suggests possible solutions. This will be helpful:

[OpenSSL Errors and Rails – Certificate Verify Failed][1]

[1]:

[To see links please register here]


There are also links to the relevant commits and issues on GitHub.
Reply

Offline Sirvermeiled806


Member
*
Member
Posts: 0
Threads: 0
Joined: Dec 2020
Reputation: 0
Level: inf [Level]
Total Points: inf
Rank nan / 1
100% to upload Level
Rank
Activity inf / 1
99% to upload your Rank
Activity
Experience nan
100% to upload Experience
Experience

Points: 50
#7
07-18-2023, 06:15 PM
I was having the same problem.

The way I finally fixed it was by upgrading my version of OpenSSL I had installed through MacPorts. I was running a version of OpenSSL from 2009 so I have upgraded my MacPorts installation then upgraded my OpenSSL installtion via the `ports` command line interface and the error disappeared.

There must be some integration between Ruby/Rails and OpenSSL on Mac based installations that goes without saying. In my case I was having problems getting the *Login with Facebook* to work properly when Facebook was sending the oAuth/Login token back to my app, Devise & OmniAuth must have needed a valid SSL cert for `graph.facebook.com` which wasn't in my old version of OpenSSL.
Reply

Offline battle106013


Luxury
*****
Luxury
Posts: 0
Threads: 0
Joined: Jan 2017
Reputation: 0
Level: inf [Level]
Total Points: inf
Rank nan / 1
100% to upload Level
Rank
Activity inf / 1
99% to upload your Rank
Activity
Experience nan
100% to upload Experience
Experience

Points: 50
#8
07-18-2023, 06:38 PM
It could possibly be because of how you built 1.9.2 and 1.9.3 — maybe whatever tool you used to build each configured things slightly differently. Or maybe they use different versions of OpenSSL.

Here is the only potentially relevant change I could spot to Net:HTTP between 1.9.2 and 1.9.3

require 'net/protocol'
-autoload :OpenSSL, 'openssl'
require 'uri'
+autoload :OpenSSL, 'openssl'


(if you want to view the diff...)

<pre>
git clone

[To see links please register here]

cd ruby
git diff origin/ruby_1_9_2 origin/ruby_1_9_3 -- http.rb
</pre>
Reply

« Next Oldest
Next Newest »


Forum Jump:


Users browsing this thread:
1 Guest(s)

©0Day  2016 - 2023 | All Rights Reserved.  Made with    for the community. Connected through