Foursquare & Heroku: certificate verify failed - ruby-on-rails

I obtained a key/secret for userless access at the foursquare developer site and now I want to fetch data with the use of the foursquare2 gem:
#foursquare = Foursquare2::Client.new(:client_id => 'xxx', :client_secret => 'yyy')
This works fine on localhost but on Heroku I get the following error:
ActionView::Template::Error (SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed)
I didn't set up any SSL or Omniauth within the app.
Update: Found the solution! You have to pass in a ssl hash with the path to heroku's certificates path.
#foursquare = Foursquare2::Client.new(:client_id => 'xxx',
:client_secret => 'yyy',
:ssl => { :verify => OpenSSL::SSL::VERIFY_PEER, :ca_file => '/usr/lib/ssl/certs/ca-certificates.crt' })

I also mentioned that problem under ruby 1.9.3. After downgrading to ruby 1.9.2 I didn't get that error anymore...

Related

Why isn't a self signed SMTP Certificate ignored by Rails ActionMailer 6.1 / Ruby 3.0?

I can't get Rails ActionMailer 6.1 (with Ruby 3.0) to connect to an SMTP Mailer with a self-signed certificate.
All options that could possibly either use no TLS/SSL at all or to not verify the cert are set in config/production.rb and seem to be picked up properly by rails.
Any ideas what I might be missing?
ruby --version
ruby 3.0.3p157 (2021-11-24 revision 3fb7d2cadc) [x86_64-linux-musl]
RAILS_ENV=production myapp rails c
Loading production environment (Rails 6.1.4.6)
irb(main):001:0> mailer = ActionMailer::Base.new
=> #<ActionMailer::Base:0x00000000029c48>
irb(main):002:0> ap mailer.smtp_settings
{
:address => "smtpout.xxxxx.com",
:port => 25,
:enable_starttls => false,
:enable_starttls_auto => false,
:openssl_verify_mode => 0,
:ssl => false,
:tls => false
}
=> nil
irb(main):003:0> mailer.mail(from: 'user1#example.com', to: 'user2#example.com',
subject: 'test', body: "Hello, you've got mail!").deliver
/usr/local/lib/ruby/3.0.0/net/protocol.rb:46:in `connect_nonblock': SSL_connect
returned=1 errno=0 state=error: certificate verify failed (self signed
certificate) (OpenSSL::SSL::SSLError)
This boils down to the following: When I use the settings
enable_starttls_auto: false,
openssl_verify_mode: OpenSSL::SSL::VERIFY_NONE
it does perform TLS transmission and fails with state=error: certificate verify failed (self signed certificate) (OpenSSL::SSL::SSLError), which is double wrong in my eyes, as it should never even start a TLS handshake and if so, should skip certificate validation.
Rails uses the Mail-Gem to handle these options, which indeed had an incompatible change.
As a workaround in my case, removing the enable_starttls_auto setting completely (thus keeping TLS transmission), only disabling the certificate validation with openssl_verify_mode: OpenSSL::SSL::VERIFY_NONE was helping (but will not help if you have other reasons to avoid TLS than having a bogus certificate).

rails 3 fb_graph notification causing ssl error in production

Trying to send a notification with fb_graph gem and rails 3.2. I have done like the docs describe at https://github.com/nov/fb_graph/wiki/notifications:
user = FbGraph::User.new('matake')
app = FbGraph::Application.new(APP_ID, :secret => APP_SECRET)
app.notify!(
user,
:href => 'http://matake.jp',
:template => 'Your friend #[12345] achieved new badge!'
)
but this returns SSL_connect returned=1 errno=0 state=SSLv3 read server hello A: sslv3 alert handshake failure in production server

SSL error when using Active Merchant and PayPal

I'm trying to use Active Merchant and PayPal to process payments on a staging server. I have everything setup as follows.
Setup PayPal merchant account
Put the credentials into the Active Merchant / PayPal config
Downloaded the PayPal PEM and put it on my server
Bought and uploaded an SSL certificate from PositiveSSL
However, when I run the code (below), I receive this error:
OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3 read finished A: sslv3 alert handshake failure
This is the code I am using
ActiveMerchant::Billing::PaypalGateway.pem_file = File.read("#{Rails.root}/config/cert_key_pem.pem")
#credit_card ||= ActiveMerchant::Billing::CreditCard.new(:brand => "Visa", :number => "4242424242424242", :verification_value => "123", :month => "11", :year => "2016", :first_name => "John", :last_name => "Doe")
gateway = ActiveMerchant::Billing::PaypalGateway.new(:login => "sales_api1.example.com", :password => "password")
response = gateway.authorize(150, #credit_card, :ip=>"123.123.123.1")
Anyone experience this problem or know of a solution to the SSL failing?
Well, I eventually gave up and instead of using the certificate method of validation, I used the PayPal signature.
So I removed the PEM file and am now using
gateway = ActiveMerchant::Billing::PaypalGateway.new(:login => "sales_api1.example.com", :password => "password", :signature => "fake_signature")
and it works great. So... yeah, if anyone else if having problems with Active Merchant and PayPal, try swapping your authentication methods from certificate to signature.
try this,
http://railsapps.github.com/openssl-certificate-verify-failed.html

SSL error on Heroku when using OAuth

I am using the OAuth gem to do two-legged oauth verification, but when I try to use the access token I get the following error:
OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
/usr/ruby1.9.2/lib/ruby/1.9.1/net/http.rb:678:in `connect'
/usr/ruby1.9.2/lib/ruby/1.9.1/net/http.rb:678:in `block in connect'
/usr/ruby1.9.2/lib/ruby/1.9.1/timeout.rb:44:in `timeout'
/usr/ruby1.9.2/lib/ruby/1.9.1/timeout.rb:87:in `timeout'
Here's the code:
uri = construct_uri
consumer = OAuth::Consumer.new("key",
"secret",
:site => "remote site",
:request_token_path => "",
:authorize_path => "",
:access_token_path => "",
:http_method => :get,
:scheme => "query_string"
)
access_token = OAuth::AccessToken.new consumer
response = access_token.request(:get, uri)
The error occurs on the last line. This code had been working for a few months and seemed to break overnight. Also what's strange is this code works when I execute it in the local rails console. From what I've read I think it has to do with the OAuth gem not being able to find the file path to my certificates, although I'm not sure where to start debugging this on heroku. On heroku we're using SNI SSL.
There's a workaround detailed here: https://github.com/intridea/omniauth/issues/404
Put OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE in an initializer. Apparently this is a bug with the OAuth gem that's since been fixed.
There's a workaround detailed here: https://github.com/intridea/omniauth/issues/404
Put OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE in an initializer. Apparently this is a bug with the OAuth gem that's since been fixed.

Error when I try to authenticate through Facebook with omniauth

I followed Ryan Bates Omniauth Part1 railscats http://railscasts.com/episodes/235-omniauth-part-1 . I put twitter and Facebook authentication with their secret numbers and when I try to authenticate through Facebook (auth/facebook) I get this error:
{
"error": {
"message": "Invalid redirect_uri: Given URL is not allowed by the Application configuration.",
"type": "OAuthException"
}
}
And when I try to authenticate through twitter (auth/twitter) I get this 401 Unauthorized response. I don't know how I can correct it
Thanks I corrected entering http://127.0.0.1:3000 in twitter URL callback field and in facebook my website field. But now when I try to authenticate with facebook I get this error:
OpenSSL::SSL::SSLError
SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B:
certificate verify failed
How can I solve it? I solved putting OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE in development.rb
That error appears when your server runs on http protocol. You need to add this piece of code in your_project/script/rails before APP_PATH
require 'rubygems'
require 'rails/commands/server'
require 'rack'
require 'webrick'
require 'webrick/https'
module Rails
class Server < ::Rack::Server
def default_options
super.merge({
:Port => 3000,
:environment => (ENV['RAILS_ENV'] || "development").dup,
:daemonize => false,
:debugger => false,
:pid => File.expand_path("tmp/pids/server.pid"),
:config => File.expand_path("config.ru"),
:SSLEnable => true,
:SSLVerifyClient => OpenSSL::SSL::VERIFY_NONE,
:SSLPrivateKey => OpenSSL::PKey::RSA.new(
File.open("/path_to_your/privatekey.pem").read),
:SSLCertificate => OpenSSL::X509::Certificate.new(
File.open("/path_to_your/servercert.crt").read),
:SSLCertName => [["CN", WEBrick::Utils::getservername]]
})
end
end
end
To generate self-signed certificates read this tutorial http://www.akadia.com/services/ssh_test_certificate.html (steps 1 to 4) or this www.tc.umn.edu/~brams006/selfsign.html
After updating your rails script change the url from http://127.0.0.1:3000 to https://127.0.0.1:3000
I get this problem fairly often with Twitter in development.
The issue is likely your callback url in your app settings. Try setting it to:
http://127.0.0.1
And try again. If it doesn't work from http://localhost:3000 then try it from http://127.0.0.1:3000
The problem with Facebook is also likely to be the callback URL in the app settings. For Facebook, my site url setting is: http://localhost:3000/

Resources