So I'm trying to get Google authentication to work with rails and devise. I followed this github setup and when the user gets redirected after a successful login I get this error:
SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
I've literally tried every solution I can find online and nothing seems to work. I downloaded the new cert which is in /usr/local/etc/openssl/certs/cert.pem and this is in my devise.rb:
config.omniauth :google_oauth2, "92780849937-vk78tsfss43p1m9k95ijfhimi422hfh7.apps.googleusercontent.com", "oEM4yvhazRJBgL7ANtpVtpU5", { :client_options => {:ssl => {:ca_path => "/usr/local/etc/openssl/certs"}}}
I'm running ruby 2.1.0 and Rails 4.2.4
Is there something I'm missing? Maybe a different solution for this version of rails?
I added this to my application.rb so I can keep working but obviously its pretty horrible hahahaha
require 'openssl'
OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE
You can add the gem 'certified' to your Gemfile to fix this issue.
Check their Github page
And this SO question
For my Rails 2.3.11 app, I've Omniauth based facebook authentication working in my development environment- Ubuntu box. That works perfectly. However in production it just sits there.
Ultimately I believe it fails because of timeout. I believe its failing in handling the callback from facebook: =">http://ziptrips.in:8002/auth/facebook/callback?code=AQA7cFWwM4Yrvm3dlREWv8-sdassasadas-9xkDVptqLfsl1Bevb9w8dbbcl9sgCmYugkWycgbFjqxWZozuiLAOzAJ1WxAde8T2DpRpJmYBXSNT4NtgGOup2O2XDmiYlEzAGSePEMeMjqvRX2oUCqHw#=
Since mine is a Rails 2.3.11 app, here's how my omniauth.rb in initializers looks like:
ActionController::Dispatcher.middleware.use OmniAuth::Builder do #if you are using rails 2.3.x
provider :facebook, '1234123343', '6aec22dssadsaetcetc', :client_options => {:ssl => {:ca_path => "/etc/ssl/certs"}}, :scope => 'email,offline_access,read_stream'
end
Here's relevant info:
Omniauth Gem : 1.0.2
omniauth-facebook gem: 1.2.0
Hosted in EC2
You can try it here: http://ziptrips.in/auth/facebook
I've made sure that facebook settings are correct.
Any help / pointers are really appreciated.
Thanks,
Navneet
I use Rails 2.3.5 and want to use Omniauth however I can't get them to work together, as rails 2.3.5 requies Rack 1.0.1 and Omniauth (version 0.1.6) requires Rack 1.1
I deploy on Heroku so I don't believe I can hack into Rails and remove the hard dependency on version 1.0.1 of Rack.
Any help very much appreciated.
Paul
We had a similar issue. We were on Rails 2.3.4 and wanted to use OmniAuth (0.2.6). Unfortunately the only possible solution I've found so far is to upgrade to Rails 2.3.8 or later which runs on Rack 1.1 (the minimum required by OmniAuth) and then require OmniAuth like so:
# In config/environment.rb require 'omniauth' (or 'oa-<strategy_name>') before Rails::Initialize
require 'omniauth'
Rails::Initializer.run do |config|
...
# Add your own initializer for OmniAuth
# /config/initializers/omniauth.rb
ActionController::Dispatcher.middleware.use OmniAuth::Builder do
# your strategy provider logic
end
This was mostly groomed from this thread / links in it: http://groups.google.com/group/omniauth/browse_thread/thread/676fa835428e9c83
Unfortunately I'm in the middle of all of this right now so I can't promise this works fully as I'm using a custom strategy and haven't quite made it all the way to the end yet. Hopefully it provides some starting points for you to dig deeper if you're still stuck on this if nothing else.
I am trying to authenticate users with Facebook using OmniAuth. Initially, it was working, but along the way it just stopped working and started to give me this error message:
OpenSSL::SSL::SSLError SSL_connect
returned=1 errno=0 state=SSLv3 read
server certificate B: certificate
verify failed
The same code works well for Twitter and I can't seem to understand why it doesn't work for Facebook. I have looked online for help, but I haven't been successful.
This is the link to the website I am building: http://www.bestizz.com/
And this url would give you the error message: http://www.bestizz.com/auth/facebook
Ruby cannot find any root certificates. Here is an option for debugging purposes. Put following code at the begining of your script:
require 'openssl'
OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE
Add the following code to config/initializers/fix_ssl.rb
require 'open-uri'
require 'net/https'
module Net
class HTTP
alias_method :original_use_ssl=, :use_ssl=
def use_ssl=(flag)
self.ca_file = "/etc/pki/tls/certs/ca-bundle.crt" # for Centos/Redhat
self.verify_mode = OpenSSL::SSL::VERIFY_PEER
self.original_use_ssl = flag
end
end
end
Note:
Many operating systems already come with a supplied certificate bundle.
For example in Red Hat Enterprise Linux and CentOS it's installed in:
/etc/pki/tls/certs/ca-bundle.crt
For Ubuntu its at:
/etc/ssl/certs/ca-certificates.crt
I've been facing the same problem after updating Ruby running on Yosemite, but while trying to authenticate with Google.
Following this: https://toadle.me/2015/04/16/fixing-failing-ssl-verification-with-rvm.html seemed to solve my problem.
For the sake of history I'll quote:
So the rvm-installed ruby does look into the wrong directory for certificates whereas the OSX-ruby will look into the correct one. In it's case that is a OSX system-directory.
So the rvm-installed ruby is the problem.
This discussion on Github finally gave the solution: Somehow RVM comes with a precompiled version of ruby that is statically linked against an openssl that looks into /etc/openssl for it's certificates.
What you wanna do is NOT TO USE any of the precompiled rubies and rather have ruby compiled on your local machine, like so: rvm install 2.2.0 --disable-binary
In the end, I had to run:
rvm uninstall ruby-2.2.4
rvm install ruby-2.2.4 --disable-binary
gem pristine --all
Hope this helps
Looks like SSL verification is failing for Facebook. I'm no OpenSSL master, but I think this should work for you.
Assuming you're using an up-to-date version of OmniAuth (>= 0.2.2, I assume you are) and a version of Faraday >= 0.6.1 (the stack trace says you are), you can pass the location of your CA certificates bundle. Modify your OmniAuth setup for Facebook accordingly:
Rails.application.config.middleware.use OmniAuth::Builder do
provider :facebook, 'appid', 'appsecret', {:scope => 'publish_stream,email', :client_options => {:ssl => {:ca_path => '/etc/ssl/certs'}}}
# other providers...
end
and replace '/etc/ssl/certs' with the path to your bundle. If you need one, I believe this file will work for you--just put it somewhere, give it necessary permissions, and point your app at it.
Thanks to Alex Kremer at this SO answer for the detailed instructions.
This link should work. https://gist.github.com/fnichol/867550 Just follow the instructions. You will need to download Rails installer and run two command line functions.
Do this, this will get ride of the certificate error with openssl
sudo curl http://curl.haxx.se/ca/cacert.pem -o /opt/local/etc/openssl/cert.pem
An ugly workaround I just did is to override the class in Net::HTTP and set the variable which tells it to not verify ssl certs:
require 'net/http'
require 'openssl'
class Net::HTTP
alias_method :orig_connect, :connect
def connect
#ssl_context.verify_mode = OpenSSL::SSL::VERIFY_NONE
orig_connect
end
end
I did it this way because I don't want to muck with the source code of the gem which calls the gem which calls the gem which calls Net::HTTP. I should really go back and figure out how to nudge it to look at a separate cacert.pem file instead. I can't modify the server's cacert.pem file, or that would be the best route.
My application uses the OAuth2 gem (0.1.1) to connect to Facebook, and the ActiveMerchant gem (1.12.0) to connect to PayPal. Under what is the current Rails/Ruby distribution (3.0.5, 1.9.2), both of these gems throw the following OpenSSL::SSL::SSLError when used:
SSL_connect returned=1 errno=0
state=SSLv3 read server certificate
B: certificate verify failed
I did some digging, and found two patches. The first involves plugging this into my initializers folder as "faraday.rb" (http://bit.ly/hZqNwQ). The OAuth2 (Facebook) side of things does work with this patch. However, the ActiveMerchant (PayPal) code still throws the same SSL_connect error.
The second patch I've tried (unsuccessfully) is the 'always_verify_ssl_certificates' gem (http://bit.ly/dXmuUh). I did the following things: (1) gem 'always_verify_ssl_certificates' in the Gemfile (2) require 'always_verify_ssl_certificates' in the ApplicationController file. However, both OAuth2 (Facebook) and ActiveMerchant (PayPal) throw the following TypeError:
wrong argument (NilClass)! (Expected
kind of OpenSSL::SSL::SSLContext)
The links to my OAuth2 Facebook code AuthorizeController and my ActiveMerchant PayPal (PaymentsController as they stand now are in the comments below. This is after following the 2010 OAuth2 guide by Michael Bleigh and the 2008 Cody Fauser ActiveMerchant tutorial. Any help is greatly appreciated! I'm very confused at this point.
No need. After some painful Googling, putting the following into the ApplicationController fixes it. Hope this helps somebody! OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE