Google API using Signet, SSL Error - ruby-on-rails

I am making a Ruby On Rails application and I am attempting to use the Google Plus API's for user sign in. To do this I am using Signet an OAuth helper library. I am looking at this code as an example of Signet with Google APIs.
Here is my code:
require "signet/oauth_2/client"
require "google/api_client"
oathClient = Signet::OAuth2::Client.new(
:authorization_uri => "https://accounts.google.com/o/oauth2/auth",
:token_credential_uri => "https://accounts.google.com/o/oauth2/token",
:client_id => Rails.application.secrets.gapi_client_id,
:client_secret => Rails.application.secrets.gapi_client_secret,
:redirect_uri => Rails.application.secrets.gapi_redirect_uri,
:scope => "https://www.googleapis.com/auth/plus.login")
gapi_client = Google::APIClient.new(
:application_name => "Branches",
:application_version => "0.0.1")
oathClient.code = request.body.read
oathClient.fetch_access_token!#Error on this line
gapi_client.authorization = oathClient
An error occurs on the second to last line:
oathClient.fetch_access_token!
This is the error:
SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
I have done some research and it seams like this is caused by the lack of certificate information. However none of the solution's shown address this issue when dealing with Signet.
OS: Windows 8 x64
RoR version: 4.1.1
Signet Version: 0.5.1
Google API Client Version: 0.6.2

Looks related to https://github.com/googleapis/google-api-ruby-client/issues/235, where the solutions were:
update openssl
if you're using a custom .pem file, set it with: export SSL_CERT_FILE=/path/to/custom/certificate/authority.pem

Related

Httpary: OpenSSL::SSL::SSLError

I been using httparty to communicate with a API for my rails application
The problem I'm having was when decided to run it on a different server.
we kept getting this error:
SSL_connect returned=1 errno=0 state=unknown state: tlsv1 alert protocol version
its running fine with no errors with my current environment so I'm not sure what I'm missing to make it run on my other server
my code:
require 'httparty'
require 'pp'
require 'openssl'
def self.get_token
include HTTParty
base_uri = self.base_url
base_uri = base_uri+'oauth/'+'token'
response = HTTParty.post(base_uri,verify:false,
:body =>{
:grant_type=>'password',
:client_id=>'3',
:client_secret=> 'eGSjPBZV70IsJwnyjNn7EYI6vci0bGrFbJkJNVof',
:password=>'Passw0rd!',
:username=>'myemail#gmail.com'
},)
token = response.parsed_response['access_token']
return token
end `
You are getting an alert/warning, not an error. This is possible due to the fact that the TLS version you are using is not recommended because of security issues.
According to HTTParty documentation, you can change the TLS version with the following code:
ssl_version :SSLv3
Try this v3 version or v2 version and see if it removes the warning message.

OpenSSL::SSL::SSLError (SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed)

I know there are lots of discussion regarding this error but sorry to say that I'm unable to find any working solution over there.
I'm developing a ecommerce site using ShareTribe.I'm trying to implement Paypal as payment gateway.So I'm using Activemerchant.
Everything works fine on development machine but when I deploy my rails app to production It throws
OpenSSL::SSL::SSLError (SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed)
I'm initializing my Activemerchant as
config.after_initialize do
ActiveMerchant::Billing::Base.mode = :test
paypal_options = {
login: "bla bla",
password: "bla bla",
signature: "bla bla",
appid: "APP-80W284485P519543T"
}
::EXPRESS_GATEWAY = ActiveMerchant::Billing::PaypalExpressGateway.new(paypal_options)
end
I'm trying to add Paypal Pem certificates on production but don't have any idea how to link this file with Activemerchant.Any Appreciation will be appreciated.
Thank you
Create a file active_merchant.rb in initializers & put the below code:
ActiveMerchant::Billing::Base.mode = :test
GATEWAY = ActiveMerchant::Billing::PaypalGateway.new(
:login => "bla-bla",
:password => "bla-bla",
:signature => "bla-bla"
)
SSLv3 was proven to be insecure with the POODLE vulnerability. You should make sure that your system has the latest version of OpenSSL so that you can use TLSv1.2.

Can't bypass OpenSSL verification - certificate verify failed (OpenSSL::SSL::SSLError)

I am trying to parse an HTTPS XML feed via Nokogiri but I get this OpenSSL error:
SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (OpenSSL::SSL::SSLError)
I can also see the SSL_CERT_FILE:
echo $SSL_CERT_FILE
/home/user/certs/cacert.pem
This is how I am trying to parse:
#feed = "https://example.com/feed1.xml"
doc = Nokogiri::XML(open(#feed)
I tried to bypass the OpenSSL verification, but I still get the same error:
doc = Nokogiri::XML(open(#feed,{ssl_verify_mode: OpenSSL::SSL::VERIFY_NONE}))
Can anyone help?
This problem usually appears on Windows.
One quick solution is to pass ssl_verify_mode to open
require 'open-uri'
require 'openssl'
open(some_url, ssl_verify_mode: OpenSSL::SSL::VERIFY_NONE)
Another quick one is overriding OpenSSL::SSL::VERIFY_PEER in the beginning of your script by doing
require 'openssl'
OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE
Those who want real solution can try method described on https://gist.github.com/fnichol/867550

cURL and RestClient - SSL

I cannot access to server through RestClient.
I have this code written in cURL (it sends XML file to server for parsing)
curl -T /Users/amok/Code/1188/dragon/test.xml --cert Users/amok/Code/1188/dragon/client_1188.pem --key Users/amok/Code/1188/dragon/client_1188.key -k -u 1188:aaa https://smart.com/index.cgi
Need to make the same in RestClient. I've tried this one, but it doesnt work.
return RestClient::Resource.new(
'https://smart.com/index.cgi',
:ssl_client_cert => OpenSSL::X509::Certificate.new(File.read(File.join(Rails.root, "/cert/client_1188.pem"))),
:ssl_client_key => OpenSSL::PKey::RSA.new(File.read(File.join(Rails.root, "/cert/client_1188.key"))),
:user => '1188',
:password => 'aaa'
).post(xml, :content_type => 'application/xml')
(xml is file, stored on server)
The problem is:
OpenSSL::SSL::SSLError in BackOffice::DragonPilotController#create
SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
The palm is on my face now... ((( Thank you
use PUT method instead of POST

OpenSSL problems using oAuth2 gem and facebook

So I've upgraded an app from rails 2.2 to 2.3.12 and my last remaining issue is the problem of facebook connect integration.
I am using the oauth2 gem for this and well I keep getting the following error
OpenSSL::SSL::SSLError (SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed):
I've tried to follow the descriptions on the oauth2 wiki page just to end up with anohter error that was solved by forking the project and adapting the code. read here.
I do not have the issue on my development server but only in production.
my client code looks as follows
def client
ca_file = File.join('/etc/ssl/cacert.pem')
#client ||= OAuth2::Client.new( 'app_id', 'app_secret', {
:site => {
:url=>'https://graph.facebook.com',
:ssl=>{
:verify => OpenSSL::SSL::VERIFY_PEER,
:ca_file => ca_file
}
},
:adapter => :NetHttp
})
#client
end
I've confirmed about a hundred times now that my cacert.pem file is there and that
the rights are ok.
Any ideas on where to begin debugging are welcome.
SOLVED
I moved this site on to a new server running Debian 6.0 (sqeeze) instead of 5.0 (etch) and this solved my problem. My take on this is that I got a newer version of OpenSSL:
Debian 6.0: OpenSSL 0.9.8o 01 Jun 2010
Debian 5.0: OpenSSL 0.9.8g 19 Oct 2007
I can't guarantee that this was the issue but since it's now working with no code changes. I assume it is.

Resources