ruby on rails - Retrieve PEM cert: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed -

as many others i've got error ruby: ssl_connect returned=1 errno=0 state=sslv3 read server certificate b: certificate verify failed.

i downloaded cacert.pem , tried add this:

require 'net/http'  # create path file "c:\railsinstaller\cacert.pem" cacert_file = file.join(%w{c: railsinstaller cacert.pem})  net::http.start("curl.haxx.se") |http|   resp = http.get("/ca/cacert.pem")   if resp.code == "200"     open(cacert_file, "wb") { |file| file.write(resp.body) }     puts "\n\na bundle of certificate authorities has been installed to"     puts "c:\\railsinstaller\\cacert.pem\n"     puts "* please set ssl_cert_file in current command prompt session with:"     puts "     set ssl_cert_file=c:\\railsinstaller\\cacert.pem"     puts "* make permanent setting, add environment variables"     puts "  under control panel -> advanced -> environment variables"   else     abort "\n\n>>>> cacert.pem bundle not downloaded."   end end

and this:

require 'open-uri' require 'net/https'  module net   class http     alias_method :original_use_ssl=, :use_ssl=      def use_ssl=(flag)       self.ca_file = rails.root.join('lib/ca-bundle.crt')       self.verify_mode = openssl::ssl::verify_peer       self.original_use_ssl = flag     end   end end

i tried cancel check:

require 'faraday' module faraday class adapter  class nethttp < faraday::adapter   def call(env)     super      is_ssl = env[:url].scheme == 'https'      http = net_http_class(env).new(env[:url].host, env[:url].port || (is_ssl ? 443 : 80))     if http.use_ssl = is_ssl       ssl = env[:ssl]       if ssl[:verify] == false         http.verify_mode = openssl::ssl::verify_none       else         http.verify_mode = openssl::ssl::verify_none # <= patch or hack ssl[:verify]       end       http.cert    = ssl[:client_cert] if ssl[:client_cert]       http.key     = ssl[:client_key]  if ssl[:client_key]       http.ca_file = ssl[:ca_file]     if ssl[:ca_file]     end     req = env[:request]     http.read_timeout = net.open_timeout = req[:timeout] if req[:timeout]     http.open_timeout = req[:open_timeout]               if req[:open_timeout]      full_path = full_path_for(env[:url].path, env[:url].query, env[:url].fragment)     http_req  = net::httpgenericrequest.new(       env[:method].to_s.upcase,    # request method       (env[:body] ? true : false), # there data       true,                        # net/http love you, true or false?       full_path,                   # request uri path     env[:request_headers])       # request headers      if env[:body].respond_to?(:read)       http_req.body_stream = env[:body]       env[:body] = nil     end      http_resp = http.request http_req, env[:body]      resp_headers = {}     http_resp.each_header |key, value|       resp_headers[key] = value     end      env.update \       :status           => http_resp.code.to_i,       :response_headers => resp_headers,       :body             => http_resp.body      @app.call env   rescue errno::econnrefused     raise error::connectionfailed.new(errno::econnrefused)   end    def net_http_class(env)     if proxy = env[:request][:proxy]       net::http::proxy(proxy[:uri].host, proxy[:uri].port, proxy[:user], proxy[:password])     else       net::http     end   end  end end end

but no luck (and not way want fix this). weird thing works sometimes.

now i'm trying this, have trouble finding certificates:

require 'net/http'  url = uri.parse('https://www.xpiron.com/schedule') req = net::http::get.new(url.path) sock = net::http.new(url.host, 443) sock.use_ssl = true store = openssl::x509::store.new store.add_cert openssl::x509::certificate.new(file.new('addtrust_ca.pem')) store.add_cert openssl::x509::certificate.new(file.new('utn.pem')) store.add_cert openssl::x509::certificate.new(file.new('user_first_ca.pem')) store.add_cert openssl::x509::certificate.new(file.new('xpiron.pem')) sock.cert_store = store sock.start |http|   response = http.request(req) end

so opened https://myserver.com/request.ashxrequest in chrome, clicked on little lock-icon certificate details. can't find pem files export. can see it's comodo certificate. don't own server, got find solution on side.

you can disable certificate verification given instance of net::http:

stock.verify_mode = openssl::ssl::verify_none

or can disable ssl verification globally in process using:

openssl::ssl::verify_peer = openssl::ssl::verify_none

note: ruby interpreter give warning constant initialized. might hard error. if that's case can unassign constant , initialize again using following code:

openssl::ssl.send(:remove_const, :verify_peer) openssl::ssl.const_set(:verify_peer, openssl::ssl::verify_none)

this not perfect solution problem, if security not big cocern, can use above methods bypass ssl cert verification. still have encrypted secure connection server.

Search This Blog

Brazell

ruby on rails - Retrieve PEM cert: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed -

Comments

Post a Comment