I am trying to use signet for OAuth to Google services. And get this error:
SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
Following these questions:
SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
OmniAuth & Facebook: certificate verify failed
Seems the solution is either to fix ca_path or to set VERIFY_NONE for SSL.
The ca_path fix posted only works on Linux (port install) and the fix for VERIFY_NONE seems to be for faraday.
Is there a solution for Windows/signet gem?
Actually the best way I found to solve this in windows for Ruby itself, not just one gem, is to do the following:
Download https://curl.haxx.se/ca/cacert.pem into c:\railsinstaller\cacert.pem. Make sure you save it as a .pem file, rather than a text file.
Go to your Computer -> Advanced Settings -> Environment Variables
Create a new System Variable:
Variable: SSL_CERT_FILE
Value: C:\RailsInstaller\cacert.pem
Close all your command prompts, including your Rails server command prompt, etc.
Start a new ruby irb prompt, and try the following:
$irb>require 'open-uri'
$irb>open('https://www.gmail.com')
It should all work now just fine.
Solution for Windows, which I cobbled together from a few different answers:
Download https://curl.haxx.se/ca/cacert.pem and put it in YOUR_APP/lib/assets (or wherever)
In config/initializers/omniauth.rb:
#config/initializers/omniauth.rb
Rails.application.config.middleware.use OmniAuth::Builder do
provider :facebook, CUSTOMER_KEY, CUSTOMER_SECRET, {client_options: {ssl: {ca_file: Rails.root.join('lib/assets/cacert.pem').to_s}}}
end
Obviously, restart your server.
Footnotes:
You might be able to cut out a lot of the unnecessary certificates in the cacert.pem file to reduce the size. If you only need this solution for development, you could save the file outside of your project and do a if Rails.env.development? _provider line with the client_options hash_ else _provider line without client_options hash_ end
After too much searching and wasted time, I found a very simple solution to fix this issue in Ruby with Windows.
Two simple steps:
In command prompt write: C:\gem install certified
In your rb file add: require 'certified'
That's it.
Updating the rubygems package management framework solved this issue for me on Windows 7.
https://rubygems.org/pages/download
gem update --system # may need to be administrator or root
yes, I've set the omniouth.rb file in the initializers folder to this:
provider :facebook, FACEBOOK_KEY, FACEBOOK_SECRET, {:client_options => {:ssl => {:verify => false}}}
and this seems to work fine now. But don't use this for production.
Using the http:// URL instead of https:// make this easier to you
Change the gem source to http://rubygems.org/ by using the following line of command on your ruby command line
gem sources -a http://rubygems.org/
Adding onto DevDude's solution, but using Windows Powershell:
Download http://curl.haxx.se/ca/cacert.pem into c:\railsinstaller\cacert.pem
At the powershell prompt:
$env:SSL_CERT_FILE = 'c:\RailsInstaller\cacert.pem'
I was then able to run gem update successfully
Note: you can simply define that environment variable in your profile notepad $profile
Go to the rubygems-update download page: https://rubygems.org/gems/rubygems-update
Click on the Download link, and you'll download a file called rubygems-update-2.6.7.gem. At the command line, navigate to the directory you downloaded the .gem file to and type:
gem install rubygems-update-2.6.7.gem
(or whatever the filename was, if a newer version)
Then type:
update_rubygems
You can verify it's updated with:
gem --version
I had this error whilst trying to setup rails 5 on a windows machine, turns out I had to update the rubygem version to 2.6.7 and then it worked.
step 1 download rubygem from below
https://rubygems.org/downloads/rubygems-update-2.6.7.gem
step 2 - install by pointing to downloaded rubygems
gem install --local C:\rubygems-update-2.6.7.gem
step 3 - check new version is 2.6.7
gem --version
step 4 - now safely un-install rubygems-update gem
gem uninstall rubygems-update -x
step 5 tried to install rails 5 again
gem install rails --version 5.0.0
worked like a charm!
I got info from:
http://guides.rubygems.org/ssl-certificate-update/#installing-using-update-packages
I was able to eliminate the PATH or SYSTEM VARIABLE setting mentioned above by importing the certificate as a Trusted Authority.
Invoke certmgr.msc
Right-click the Trusted Root Certificate Authority folder.
Select "All Tasks"
Select "Import"
Select All Files in file type dropdown and select the cacert.pem file.
You should receive a message "Import Successful"
I believe the correct answer is to update your gem installer: rubygems-update. The explanation for why this is needed is found at: Ssl Certificate Updates
save your cacert.pmp file from https://curl.haxx.se/ca/cacert.pem and then add this file to location yourruby-installation folder\lib\ruby\2.3.0\rubygems\ssl_certs
for example:C:\Ruby23\lib\ruby\2.3.0\rubygems\ssl_certs
This helped me:
https://coderwall.com/p/ubl6iw/fix-ssl_connect-returned-1-errno-0-state-sslv3-read-server-certificate-b-certificate-verify-failed-openssl-ssl-sslerror
My ruby on rails project is posting data to an api internally, and it cannot verify the internal certificate.
These lines helped:
require 'https'
http = Net::HTTP.new('example.com', 443)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_PEER
http.cert_store = OpenSSL::X509::Store.new
http.cert_store.set_default_paths
http.cert_store.add_file('/path/to/internal.cert.pem')
Hope this can help.
I was also facing this issue when I installed older ruby versions. When I installed the latest Ruby version this problem went away. So basically the SSL certificate needed to be updated.
For people who are using rails 4.
Add this in devise.rb
require "omniauth-google-oauth2"
config.omniauth :google_oauth2, "CLIENT_ID", "CLIENT_SECRET", { access_type: "offline", approval_prompt: "", :client_options => {:ssl => {:verify => false}} }
Related
just started to use stream-rails. I've tried to install stream-rails gem both from the terminal and on my gen file. It says that the gem is installed but the "config/initializers/stream_rails.rb" has not been created. Please advise.
Fred
welcome to StackOverflow!
As described in setup instructions over here, you need to add that file. It'll not be auto-generated.
Have a look at setup-instructions -
Login with Github on getstream.io and get your api_key and api_secret from your app configuration (Dashboard screen).
Then you can add the StreamRails configuration in config/initializers/stream_rails.rb
I have the problem that my development machine does not want to connect to my IMAP accounts any more. I know I must have changed something, but cannot think of anything relevant. But what I found is, that with ruby 2.1.0 and 2.1.2 my application works, but with 2.1.5 and 2.2.1 [edit: 2.2.2 failing, too] it does not work.
So I started debugging and extracted the parts that actually connect and throw the SSL error. The shortened script is the following:
require 'net/imap'
#imap = nil
begin
#imap = Net::IMAP.new("mail.example.com", {port: 143})
#imap.starttls({}, true)
#imap.login("username", "password")
rescue => e
puts e
end
The result with 2.0.0 and 2.1.2 is empty, so it worked. But with 2.1.5 and 2.2.1 [edit: and 2.2.2] I get the following error:
SSL_write: certificate verify failed
Of course I immediately checked the server's keychain, but it seems okay. It results in
Verify return code: 0 (ok)
though it has the line
verify error:num=20:unable to get local issuer certificate
but I read that this error is "normal". I cannot explain this error, as I included the certificates correctly with my dovecot server, but when searching the web it looks like everyone else is getting this line with most certificates, too, and it works. Also, like mentioned before, the verify return code is 0, so everything should work.
Do you have an idea if this is a problem with the mentioned line or if it's a bug with newer ruby versions? I could not find any clear search results regarding this.
PS: I need to use starttls, "ssl: true" gives me an unknown protocol error, as I enabled tls only.
edit2: I re-checked again. On the production server, 2.1.5 works. Could it be a problem with CA certificates on the development server or something? But why do older versions work then and newer don't?
--- edit: output as requested ---
I changed my real domain to domain.com in the bin. The host is a sub domain and the certificate a subdomain wildcard certificate from RapidSSL (*.domain.com).
http://pastebin.com/9BGK4w1w
Finally solved it by reinstalling OS X. For some reason it was a problem with my system, though I triple-checked everything from OpenSSL to rvm, Ruby, system-wide installed authority certificates and so on.
Thanks for your help :-)
I have decided to learn through Derek Banas video tutorial on Rails, so i followed the instructions and downloaded the bundled installer in http://railsinstaller.org/en
Rather than following Derek's walkthrough on web app creation with mysql, i decided to use the bundled sqlite with the syntax
rails new sample -d sqlite3
but i got this error
http://i.imgur.com/GsL8SVi.png?1
may i know what exactly what i am doing wrong? thanks for the replies!
I see you're first time use Rails Installer for windows, the OpenSSL library of rails installer delivers has no certificate authorities defined, so you got that problem.
Try this :
download this file https://gist.githubusercontent.com/fnichol/867550/raw/win_fetch_cacerts.rb and store any directory (ex : c:\win_fetch_cacerts.rb)
Open CMD, and run ruby script
ruby "c:\win_fetch_cacerts.rb"
Set SSL_CERT_FILE to your Environment Variables, open CMD and type and run :
set SSL_CERT_FILE=C:\RailsInstaller\cacert.pem
Restart your device.
Not the best solution but you can change the first line of your Gemfile to use unsecure connection source 'http://rubygems.org' and run bundle install manually.
I am getting an error with my ruby on rails application.
I am trying to use this repository :https://github.com/nomad/dubai to generate a pkpass.
However, I am getting a pcks12Error::Mac verify failure at this step:
Dubai::Passbook.certificate, Dubai::Passbook.password = "/resources/certificate.p12", "mypassword"
# Example.pass is a directory with files "pass.json", "icon.png" & "icon#2x.png"
File.open("Example.pkpass", 'w') do |f|
f.write Dubai::Passbook::Pass.new("Example.pass").pkpass.string
end
I looked on the web but founded nothing about this kind of error in RoR.
EDIT:
I am pretty sure that this is an OpenSSL error. My certificates are coming from another machine. Is that thing can influence this error? Do I have to create a certificate on my machine? To configure OpenSSL?
I founded the answer by myself.
In the Dubai gem, you just have to change the read() by a binread().
It solved my mac verify failure.
This question already has answers here:
SSL Error When installing rubygems, Unable to pull data from 'https://rubygems.org/
(26 answers)
Closed 8 years ago.
I'm trying to authenticate a user via Facebook or Twitter, get them to fill out their information, and then click save (thus creating a user record). I'm getting an OpenSSL error on that final step -- after clicking save. This happens at the Devise RegistrationsController#create method.
So I'm getting this error in my Rails application, hosted on Heroku:
2012-07-28T18:25:13+00:00 app[web.1]: OpenSSL::SSL::SSLError (SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed)
I've seen plenty of solutions, none of them work. Here are some things I've tried:
1) Installing the certified gem
2) Upgrading the Heroku gem to v2.30, pushing again
3) This:
Rails.application.config.middleware.use OmniAuth::Builder do
provider :twitter, TWITTER_KEY, TWITTER_SECRET, {:client_options => {:ssl => {:ca_file => "/usr/lib/ssl/certs/ca-certificates.crt"}}}
provider :facebook, FACEBOOK_KEY, FACEBOOK_SECRET, {:scope => "publish_actions,user_location,email", :client_options => {:ssl => {:ca_file => "/usr/lib/ssl/certs/ca-certificates.crt"}}}
end
It seems like one problem could be that this cert file doesn't actually exist -- I've seen it in several places, and it seems like that is the default path to the ca_cert file for Heroku, but I could be wrong.
Oddly enough, this is happening after I've already authenticated via FB/Twitter, and am trying to create a user's account. Why would this be, and how can I solve/debug this? Sincerely confused.
Update: I added this line to the Omniauth initializer, and now it "works". Thus I've diagnosed the problem is with Omniauth. However, I'd like to still have the SSL verification... this obviously leaves a security gap.
OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE
After some searching here is what I found:
If you’re using Ruby to open connections to an external server over https, eg. the Facebook Graph API, you may run into the following error:
OpenSSL::SSL::SSLError:SSL_connectreturned=1errno=0state=SSLv3readservercertificateB:certificateverifyfailed
This error is due to Ruby not being able to find the certification authority certificates (CA Certs) used to verify the authenticity of secured web servers. The solution is to download the this ca-bundle.crt into your application’s lib/ directory:
Then add the following code to config/initializers/fix_ssl.rb:
require 'open-uri'
require 'net/https'
module Net
class HTTP
alias_method :original_use_ssl=, :use_ssl=
def use_ssl=(flag)
self.ca_file = Rails.root.join('lib/ca-bundle.crt').to_s
self.verify_mode = OpenSSL::SSL::VERIFY_PEER
self.original_use_ssl = flag
end
end
end
This should force ruby to use the CA bundle from your application’s lib/ directory.
Taken from: http://jimneath.org/2011/10/19/ruby-ssl-certificate-verify-failed.html
UPDATE:
You may need to use self.ca_path= instead of self.ca_file= depending on your system.
It sounds like you've got the right openssl configuration in OmniAuth, but perhaps your CA certs path isn't correct?
You can check that on your heroku servers by running:
heroku run bash
... and then running openssl to display the proper path:
$ openssl version -a
OpenSSL 1.0.0e 6 Sep 2011
OPENSSLDIR: "/usr/lib/ssl"
... You should find the ca_certificates.crt file at $OPENSSLDIR/certs/ca-certificates.crt
I would confirm that path an update your code to match.