I'm trying to debug a failed job on a production environment version of Resque because this is all the web interface gives me to work with:
Worker: 9c9fe9d3-8ee0-43fe-afcd-c6806fc75f0d:2 on sentiment_pull at just now
Class: SentimentJob
Arguments: [16, 17, 18]13
Exception: OpenSSL::SSL::SSLError
Error: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
This works in development and I'm not sure why I'd get an OpenSSL error on Heroku. I am also using Omniauth so in that initializer I have already set:
Rails.application.config.middleware.use OmniAuth::Builder do
provider #...
:client_options => {:ssl => {:ca_path => "/etc/ssl/certs"}}
end
I haven't found any examples of Resque requiring an SSL certificate on Heroku so I'm a bit stumped because the job is set to do requests on an HTTPS URL.
I've recently had this problem and despite there being plenty of answers out there on how to fix it, this was the only one that worked for me (I'm not on Heroku but instead a Debian VPS). This is a bad idea most of the time but is fine for my usage case where I need to accept self-signed SSL records.
OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE
This will cause OpenSSL to not verify SSL records and will suppress the error.
Related
I'm trying to get an https page with Ruby's open method:
response = open("https://example.com", 'User-Agent' => 'somebot').read
Sometimes it succeeds, but sometimes I get this error:
OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=error: certificate verify failed
from /usr/local/lib/ruby/2.3.0/net/http.rb:933:in `connect_nonblock'
What's the reason this is happening and how come for some websites it works and for some it doesn't?
It's in the error message:
error: certificate verify failed
When you connect to some server using secure connection (https), all certificates in the certificate chain are checked for their validity up to the root certificate. If any of the certificates in the chain does not pass validity or the root certificate is not trusted root certificate, you get that error.
If you are on OSX and use RVM, see this readme. Alternatively, read about the issue here.
I have tried researching this, and have no idea where to even look in my application to fix this error. I have been taking a course on Udemy and I am trying to use Google Cloud storage to upload images. When I add an image into a new record and try to save I receive this error.
SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (OpenSSL::SSL::SSLError) Unable to verify certificate.
This may be an issue with the remote host or with Excon. Excon has certificates bundled, but these can be customized.Excon.defaults[:ssl_ca_path] = path_to_certs, ENV['SSL_CERT_DIR'] = path_to_certs, Excon.defaults[:ssl_ca_file] = path_to_file, ENV['SSL_CERT_FILE'] = path_to_file, Excon.defaults[:ssl_verify_callback] = callback (see OpenSSL::SSL::SSLContext#verify_callback), or Excon.defaults[:ssl_verify_peer] = false (less secure).
Been banging my head against this and need to bounce thoughts against someone else. I keep getting locally:
OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=error: certificate verify failed
I get on heroku:
openssl::ssl::sslerror: ssl_connect returned=1 errno=0 state=sslv3 read server certificate b: certificate verify failed
My discourse instance has a SSL certificate from DNSimple, so that is all working perfectly. On heroku, since I just have a rails API, I opted not to get an SSL cert for that since heroku already provides you with one, and just use the URL from your heroku instance.
Now, I am able to use a Advanced Rest Client (Chrome extension) and make requests to my discourse instance no problem. Here is some code that I am using with the discourse_api gem.
discourse_client = DiscourseApi::Client.new('https://community.desta.co')
discourse_client.api_key = ENV['COMMUNITY_API_KEY']
# path to heroku cert, which I verified exists through `heroku run bash`
discourse_client.ssl(ca_file: '/usr/lib/ssl/certs/ca-certificates.crt')
discourse_client.api_username = 'system'
Maybe I'm misunderstanding certificates? Please help! Thanks
For anyone that may have this issue, I was able to fix it. I tested my SSL config at https://www.ssllabs.com/ssltest/analyze.html and realized I didn't have any intermediate certificates along with my primary certificate :(. Definitely overlooked that one, hope it helps anyone.
I have Rails API server hosted on Heroku, which makes an asynchronous POST request to a callback url specified in an initial API request by the client.
I have a problem when I try to POST to one of my clients' webapp over SSL.
connection = Faraday::Connection.new('https://subdomain.some_client.com', ssl: { ca_file: '/usr/lib/ssl/certs/ca-certificates.crt' })
connection.get '/test'
The following throws an error:
Faraday::Error::ConnectionFailed: SSL_connect returned=1 errno=0 state=error: certificate verify failed
However, if I post to another server over HTTPS, for example google, it works fine
connection = Faraday::Connection.new('https://www.google.com', ssl: { ca_file: '/usr/lib/ssl/certs/ca-certificates.crt' })
connection.get '/'
Does this mean the fault is on the client's SSL configuration? and if so, how can I assist them in debugging the problem?
UPDATE:
I can cURL POST to the client's webapp without problems, it's only when I do it through ruby's HTTP libraries it fails
Much appreciated
Thanks
My guess is that there is a problem with the SSL cert for your client's web app. Perhaps there is a certificate that is out of date or invalid. You could try this answer.
If you need to get around this (but probably not a good permanent solution, because of the potential security hole) you should be able to turn off the certificate verification by putting this before Bundler.require in your application.rb:
require 'openssl'
OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE
This question already has answers here:
SSL Error When installing rubygems, Unable to pull data from 'https://rubygems.org/
(26 answers)
Closed 8 years ago.
I'm trying to authenticate a user via Facebook or Twitter, get them to fill out their information, and then click save (thus creating a user record). I'm getting an OpenSSL error on that final step -- after clicking save. This happens at the Devise RegistrationsController#create method.
So I'm getting this error in my Rails application, hosted on Heroku:
2012-07-28T18:25:13+00:00 app[web.1]: OpenSSL::SSL::SSLError (SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed)
I've seen plenty of solutions, none of them work. Here are some things I've tried:
1) Installing the certified gem
2) Upgrading the Heroku gem to v2.30, pushing again
3) This:
Rails.application.config.middleware.use OmniAuth::Builder do
provider :twitter, TWITTER_KEY, TWITTER_SECRET, {:client_options => {:ssl => {:ca_file => "/usr/lib/ssl/certs/ca-certificates.crt"}}}
provider :facebook, FACEBOOK_KEY, FACEBOOK_SECRET, {:scope => "publish_actions,user_location,email", :client_options => {:ssl => {:ca_file => "/usr/lib/ssl/certs/ca-certificates.crt"}}}
end
It seems like one problem could be that this cert file doesn't actually exist -- I've seen it in several places, and it seems like that is the default path to the ca_cert file for Heroku, but I could be wrong.
Oddly enough, this is happening after I've already authenticated via FB/Twitter, and am trying to create a user's account. Why would this be, and how can I solve/debug this? Sincerely confused.
Update: I added this line to the Omniauth initializer, and now it "works". Thus I've diagnosed the problem is with Omniauth. However, I'd like to still have the SSL verification... this obviously leaves a security gap.
OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE
After some searching here is what I found:
If you’re using Ruby to open connections to an external server over https, eg. the Facebook Graph API, you may run into the following error:
OpenSSL::SSL::SSLError:SSL_connectreturned=1errno=0state=SSLv3readservercertificateB:certificateverifyfailed
This error is due to Ruby not being able to find the certification authority certificates (CA Certs) used to verify the authenticity of secured web servers. The solution is to download the this ca-bundle.crt into your application’s lib/ directory:
Then add the following code to config/initializers/fix_ssl.rb:
require 'open-uri'
require 'net/https'
module Net
class HTTP
alias_method :original_use_ssl=, :use_ssl=
def use_ssl=(flag)
self.ca_file = Rails.root.join('lib/ca-bundle.crt').to_s
self.verify_mode = OpenSSL::SSL::VERIFY_PEER
self.original_use_ssl = flag
end
end
end
This should force ruby to use the CA bundle from your application’s lib/ directory.
Taken from: http://jimneath.org/2011/10/19/ruby-ssl-certificate-verify-failed.html
UPDATE:
You may need to use self.ca_path= instead of self.ca_file= depending on your system.
It sounds like you've got the right openssl configuration in OmniAuth, but perhaps your CA certs path isn't correct?
You can check that on your heroku servers by running:
heroku run bash
... and then running openssl to display the proper path:
$ openssl version -a
OpenSSL 1.0.0e 6 Sep 2011
OPENSSLDIR: "/usr/lib/ssl"
... You should find the ca_certificates.crt file at $OPENSSLDIR/certs/ca-certificates.crt
I would confirm that path an update your code to match.