ruby on rails - Retrieve PEM cert: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed -
as many others i've got error ruby: ssl_connect returned=1 errno=0 state=sslv3 read server certificate b: certificate verify failed.
i downloaded cacert.pem , tried add this:
require 'net/http' # create path file "c:\railsinstaller\cacert.pem" cacert_file = file.join(%w{c: railsinstaller cacert.pem}) net::http.start("curl.haxx.se") |http| resp = http.get("/ca/cacert.pem") if resp.code == "200" open(cacert_file, "wb") { |file| file.write(resp.body) } puts "\n\na bundle of certificate authorities has been installed to" puts "c:\\railsinstaller\\cacert.pem\n" puts "* please set ssl_cert_file in current command prompt session with:" puts " set ssl_cert_file=c:\\railsinstaller\\cacert.pem" puts "* make permanent setting, add environment variables" puts " under control panel -> advanced -> environment variables" else abort "\n\n>>>> cacert.pem bundle not downloaded." end end and this:
require 'open-uri' require 'net/https' module net class http alias_method :original_use_ssl=, :use_ssl= def use_ssl=(flag) self.ca_file = rails.root.join('lib/ca-bundle.crt') self.verify_mode = openssl::ssl::verify_peer self.original_use_ssl = flag end end end i tried cancel check:
require 'faraday' module faraday class adapter class nethttp < faraday::adapter def call(env) super is_ssl = env[:url].scheme == 'https' http = net_http_class(env).new(env[:url].host, env[:url].port || (is_ssl ? 443 : 80)) if http.use_ssl = is_ssl ssl = env[:ssl] if ssl[:verify] == false http.verify_mode = openssl::ssl::verify_none else http.verify_mode = openssl::ssl::verify_none # <= patch or hack ssl[:verify] end http.cert = ssl[:client_cert] if ssl[:client_cert] http.key = ssl[:client_key] if ssl[:client_key] http.ca_file = ssl[:ca_file] if ssl[:ca_file] end req = env[:request] http.read_timeout = net.open_timeout = req[:timeout] if req[:timeout] http.open_timeout = req[:open_timeout] if req[:open_timeout] full_path = full_path_for(env[:url].path, env[:url].query, env[:url].fragment) http_req = net::httpgenericrequest.new( env[:method].to_s.upcase, # request method (env[:body] ? true : false), # there data true, # net/http love you, true or false? full_path, # request uri path env[:request_headers]) # request headers if env[:body].respond_to?(:read) http_req.body_stream = env[:body] env[:body] = nil end http_resp = http.request http_req, env[:body] resp_headers = {} http_resp.each_header |key, value| resp_headers[key] = value end env.update \ :status => http_resp.code.to_i, :response_headers => resp_headers, :body => http_resp.body @app.call env rescue errno::econnrefused raise error::connectionfailed.new(errno::econnrefused) end def net_http_class(env) if proxy = env[:request][:proxy] net::http::proxy(proxy[:uri].host, proxy[:uri].port, proxy[:user], proxy[:password]) else net::http end end end end end but no luck (and not way want fix this). weird thing works sometimes.
now i'm trying this, have trouble finding certificates:
require 'net/http' url = uri.parse('https://www.xpiron.com/schedule') req = net::http::get.new(url.path) sock = net::http.new(url.host, 443) sock.use_ssl = true store = openssl::x509::store.new store.add_cert openssl::x509::certificate.new(file.new('addtrust_ca.pem')) store.add_cert openssl::x509::certificate.new(file.new('utn.pem')) store.add_cert openssl::x509::certificate.new(file.new('user_first_ca.pem')) store.add_cert openssl::x509::certificate.new(file.new('xpiron.pem')) sock.cert_store = store sock.start |http| response = http.request(req) end so opened https://myserver.com/request.ashxrequest in chrome, clicked on little lock-icon certificate details. can't find pem files export. can see it's comodo certificate. don't own server, got find solution on side.
you can disable certificate verification given instance of net::http:
stock.verify_mode = openssl::ssl::verify_none or can disable ssl verification globally in process using:
openssl::ssl::verify_peer = openssl::ssl::verify_none note: ruby interpreter give warning constant initialized. might hard error. if that's case can unassign constant , initialize again using following code:
openssl::ssl.send(:remove_const, :verify_peer) openssl::ssl.const_set(:verify_peer, openssl::ssl::verify_none) this not perfect solution problem, if security not big cocern, can use above methods bypass ssl cert verification. still have encrypted secure connection server.
Comments
Post a Comment