I am trying to parse an HTTPS XML feed via Nokogiri but I get this OpenSSL error:
SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (OpenSSL::SSL::SSLError)
I can also see the SSL_CERT_FILE:
echo $SSL_CERT_FILE
/home/user/certs/cacert.pem
This is how I am trying to parse:
#feed = "https://example.com/feed1.xml"
doc = Nokogiri::XML(open(#feed)
I tried to bypass the OpenSSL verification, but I still get the same error:
doc = Nokogiri::XML(open(#feed,{ssl_verify_mode: OpenSSL::SSL::VERIFY_NONE}))
Can anyone help?
This problem usually appears on Windows.
One quick solution is to pass ssl_verify_mode to open
require 'open-uri'
require 'openssl'
open(some_url, ssl_verify_mode: OpenSSL::SSL::VERIFY_NONE)
Another quick one is overriding OpenSSL::SSL::VERIFY_PEER in the beginning of your script by doing
require 'openssl'
OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE
Those who want real solution can try method described on https://gist.github.com/fnichol/867550
Related
Im using rails 5 with sentry installed, I have tested it locally and it already works, however moving to production I am getting a certificate error when I boot up console and test Sentry.capture_message("new test 2") with the following error:
Event sending failed: SSL_connect returned=1 errno=0 state=error: certificate verify failed (certificate has expired)
Unreported Event: new test 2
exception happened in background worker: SSL_connect returned=1 errno=0 state=error: certificate verify failed (certificate has expired)
My code is as follows
Sentry.init do |config|
config.dsn = ENV["SENTRY_DNS"]
config.breadcrumbs_logger = [:active_support_logger, :http_logger]
config.traces_sample_rate = 0.25
config.enabled_environments = %[ staging ]
end
Your issue is that your server is attempting to verify the ssl cert when connecting to sentry. For
Sentry.init do |config|
config.transport.ssl_verification = false
config.dsn = ENV["SENTRY_DNS"]
config.breadcrumbs_logger = [:active_support_logger, :http_logger]
config.traces_sample_rate = 0.25
config.enabled_environments = %[ staging ]
end
When attempting to send to sentry your server is failing to verify the SSL certificate correctly. You can cancel verification by adding the above option. This is a bit of a security hole so the more correct way would be to set:
config.transport.ssl_ca_file = 'path to a valid local cert file'
instead.
I'm using Shrine RemoteUrl plugin in a Rails app to get some file (pdf) from a remote site.
This site have an old https certificate a i'm getting some errors like this:
{:media=>["download failed: SSL_connect returned=1 errno=0 state=error: dh key too small"]}
I can't modify the conf of the remote site so i think i need to bypass SSL verification.
But can't find a way to do it.
I'm trying to do this in the Shrine initializer file but i don't know how to pass the right options to Down::Http.
Down::Http backend implements downloads using the http.rb gem (and you can Disabling Certificate Verification with it)
Shrine.plugin :remote_url, max_size: 20*1024*1024, downloader: -> (url, max_size:, **options) do
Down::Http.download(url, max_size: max_size, **options) do |http|
http.follow(max_hops: 2).timeout(connect: 2, read: 2)
end
end
Any help much appreciated. Thanks!
Down::Http.download forwards all options to http.rb, so you can pass the same :ssl_context option:
ctx = OpenSSL::SSL::SSLContext.new
ctx.verify_mode = OpenSSL::SSL::VERIFY_NONE
Down::Http.download(url, max_size: max_size, ssl_context: ctx, **options) do |http|
http.follow(max_hops: 2).timeout(connect: 2, read: 2)
end
I been using httparty to communicate with a API for my rails application
The problem I'm having was when decided to run it on a different server.
we kept getting this error:
SSL_connect returned=1 errno=0 state=unknown state: tlsv1 alert protocol version
its running fine with no errors with my current environment so I'm not sure what I'm missing to make it run on my other server
my code:
require 'httparty'
require 'pp'
require 'openssl'
def self.get_token
include HTTParty
base_uri = self.base_url
base_uri = base_uri+'oauth/'+'token'
response = HTTParty.post(base_uri,verify:false,
:body =>{
:grant_type=>'password',
:client_id=>'3',
:client_secret=> 'eGSjPBZV70IsJwnyjNn7EYI6vci0bGrFbJkJNVof',
:password=>'Passw0rd!',
:username=>'myemail#gmail.com'
},)
token = response.parsed_response['access_token']
return token
end `
You are getting an alert/warning, not an error. This is possible due to the fact that the TLS version you are using is not recommended because of security issues.
According to HTTParty documentation, you can change the TLS version with the following code:
ssl_version :SSLv3
Try this v3 version or v2 version and see if it removes the warning message.
I know there are lots of discussion regarding this error but sorry to say that I'm unable to find any working solution over there.
I'm developing a ecommerce site using ShareTribe.I'm trying to implement Paypal as payment gateway.So I'm using Activemerchant.
Everything works fine on development machine but when I deploy my rails app to production It throws
OpenSSL::SSL::SSLError (SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed)
I'm initializing my Activemerchant as
config.after_initialize do
ActiveMerchant::Billing::Base.mode = :test
paypal_options = {
login: "bla bla",
password: "bla bla",
signature: "bla bla",
appid: "APP-80W284485P519543T"
}
::EXPRESS_GATEWAY = ActiveMerchant::Billing::PaypalExpressGateway.new(paypal_options)
end
I'm trying to add Paypal Pem certificates on production but don't have any idea how to link this file with Activemerchant.Any Appreciation will be appreciated.
Thank you
Create a file active_merchant.rb in initializers & put the below code:
ActiveMerchant::Billing::Base.mode = :test
GATEWAY = ActiveMerchant::Billing::PaypalGateway.new(
:login => "bla-bla",
:password => "bla-bla",
:signature => "bla-bla"
)
SSLv3 was proven to be insecure with the POODLE vulnerability. You should make sure that your system has the latest version of OpenSSL so that you can use TLSv1.2.
I have a Rails 3.2.8 app, with Ruby 1.9.3 on Ubuntu 12.04. It uses mechanize to connect to an https web site.
I am seeing this error intermittently:
SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
I do set the CA file:
Mechanize.new do |agent|
agent.ssl_version = "SSLv3"
agent.ca_file = Rails.root.join("lib/cacert.pem").to_s
end
I have also tried using cert_store:
cert_store = OpenSSL::X509::Store.new
cert_store.set_default_paths
Mechanize.new do |agent|
agent.ssl_version = "SSLv3"
agent.cert_store = cert_store
end
And setting the store explicitly:
cert_store = OpenSSL::X509::Store.new
cert_store.add_file Rails.root.join("lib/cacert.pem").to_s
Mechanize.new do |agent|
agent.ssl_version = "SSLv3"
agent.cert_store = cert_store
end
These errors appear regardless of which method I use to specify the CA/certificates (including relying on default behaviour). When I run the code manually from rails console, it works fine. Which of the above, if any, are correct? What else can I do to debug this?