My application uses the OAuth2 gem (0.1.1) to connect to Facebook, and the ActiveMerchant gem (1.12.0) to connect to PayPal. Under what is the current Rails/Ruby distribution (3.0.5, 1.9.2), both of these gems throw the following OpenSSL::SSL::SSLError when used:
SSL_connect returned=1 errno=0
state=SSLv3 read server certificate
B: certificate verify failed
I did some digging, and found two patches. The first involves plugging this into my initializers folder as "faraday.rb" (http://bit.ly/hZqNwQ). The OAuth2 (Facebook) side of things does work with this patch. However, the ActiveMerchant (PayPal) code still throws the same SSL_connect error.
The second patch I've tried (unsuccessfully) is the 'always_verify_ssl_certificates' gem (http://bit.ly/dXmuUh). I did the following things: (1) gem 'always_verify_ssl_certificates' in the Gemfile (2) require 'always_verify_ssl_certificates' in the ApplicationController file. However, both OAuth2 (Facebook) and ActiveMerchant (PayPal) throw the following TypeError:
wrong argument (NilClass)! (Expected
kind of OpenSSL::SSL::SSLContext)
The links to my OAuth2 Facebook code AuthorizeController and my ActiveMerchant PayPal (PaymentsController as they stand now are in the comments below. This is after following the 2010 OAuth2 guide by Michael Bleigh and the 2008 Cody Fauser ActiveMerchant tutorial. Any help is greatly appreciated! I'm very confused at this point.
No need. After some painful Googling, putting the following into the ApplicationController fixes it. Hope this helps somebody! OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE
Related
So I'm trying to get Google authentication to work with rails and devise. I followed this github setup and when the user gets redirected after a successful login I get this error:
SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
I've literally tried every solution I can find online and nothing seems to work. I downloaded the new cert which is in /usr/local/etc/openssl/certs/cert.pem and this is in my devise.rb:
config.omniauth :google_oauth2, "92780849937-vk78tsfss43p1m9k95ijfhimi422hfh7.apps.googleusercontent.com", "oEM4yvhazRJBgL7ANtpVtpU5", { :client_options => {:ssl => {:ca_path => "/usr/local/etc/openssl/certs"}}}
I'm running ruby 2.1.0 and Rails 4.2.4
Is there something I'm missing? Maybe a different solution for this version of rails?
I added this to my application.rb so I can keep working but obviously its pretty horrible hahahaha
require 'openssl'
OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE
You can add the gem 'certified' to your Gemfile to fix this issue.
Check their Github page
And this SO question
I'm developing rails app with social authorization. Facebook and Twitter logins works fine, but something strange is going with Google...
My initializer for google:
provider :google_oauth2, OAUTH_CONFIG[:google_api_key], OAUTH_CONFIG[:google_api_secret], {
:access_type => 'offline',
:prompt => 'consent',
:scope => 'userinfo.email, userinfo.profile, youtube.readonly'
}
My error, which I see when click login with Google:
Faraday::Error::ConnectionFailed
SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
/Users/bmalets/.rvm/rubies/ruby-2.1.4/lib/ruby/2.1.0/net/http.rb:920:in `connect'
/Users/bmalets/.rvm/rubies/ruby-2.1.4/lib/ruby/2.1.0/net/http.rb:920:in `block in connect'
/Users/bmalets/.rvm/rubies/ruby-2.1.4/lib/ruby/2.1.0/timeout.rb:76:in `timeout'
/Users/bmalets/.rvm/rubies/ruby-2.1.4/lib/ruby/2.1.0/net/http.rb:920:in `connect'
/Users/bmalets/.rvm/rubies/ruby-2.1.4/lib/ruby/2.1.0/net/http.rb:863:in `do_start'
/Users/bmalets/.rvm/rubies/ruby-2.1.4/lib/ruby/2.1.0/net/http.rb:852:in `start'
/Users/bmalets/.rvm/rubies/ruby-2.1.4/lib/ruby/2.1.0/net/http.rb:1369:in `request'
faraday (0.8.8) lib/faraday/adapter/net_http.rb:75:in `perform_request'
faraday (0.8.8) lib/faraday/adapter/net_http.rb:38:in `call'
faraday (0.8.8) lib/faraday/request/url_encoded.rb:14:in `call'
faraday (0.8.8) lib/faraday/connection.rb:253:in `run_request'
oauth2 (0.8.1) lib/oauth2/client.rb:88:in `request'
oauth2 (0.8.1) lib/oauth2/client.rb:131:in `get_token'
oauth2 (0.8.1) lib/oauth2/strategy/auth_code.rb:29:in `get_token'
What is wrong with SSL certificates? Please, help
In google search results I see many similar answers - update 'openssl' library, reinstall ruby, rvm, update gemsets, bla-bla and many others... I have tried everithing, nothing helps me.
Environment: rails 4.1.6, ruby 2.1.4, OS_X Yosemite
I add to my app initialize this not beautiful spike:
if Rails.env.development?
OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE
end
Now login works in development mode.
Another answer says to disable OpenSSL's VERIFY_PEER option which means your app is not validating the certificate and you cannot verify you are connecting to Google when you make queries. This is a huge security risk and you should never do this.
There is an issue on the GitHub repo for google-api-ruby-client (https://github.com/google/google-api-ruby-client/issues/253) for the problem you've described. The current workaround is to add this to your application:
ENV['SSL_CERT_FILE'] = Gem.loaded_specs['google-api-client'].full_gem_path+'/lib/cacerts.pem'
For a Rails app, you would add this as a line in config/application.rb.
In short, you should do following things:
rvm remove 2.1.4
rvm install 2.1.4 --disable-binary
Here is complete solution with description:
https://toadle.me/2015/04/16/fixing-failing-ssl-verification-with-rvm.html
Apologies if this has been answered already, but I'm going through the posts here and can't find something that works.
I've got Devise working with rails for authentication, and I'm trying to integrate OmniAuth for facebook. I'm getting the SSL error that has been posted about in the past.
My error:
SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
I've been through the solutions for windows and none seem to work. I'm just trying to get this working in dev on a windows machine, so I'm willing to take unsecure shortcuts to get it up and running and then figure out what's necessary in production later on.
I'm using:
rails 3.2.2
warden 1.1.1
devise 2.0.4
faraday 0.7.6
oauth2 0.5.2
omniauth 1.0.3
omniauth-oauth2 1.0.0
omniauth-facebook 1.2.0
I've tried a couple different things in omniauth.rb:
omniauth.rb:
Rails.application.config.middleware.use OmniAuth::Builder do
provider :facebook, APP_ID, APP_SECRET, {client_options: {ssl: {ca_file: Rails.root.join('lib/assets/cacert.pem').to_s}}}
#provider :facebook, APP_ID, APP_SECRET, {:client_options => {:ssl => {:verify => false}}}
end
The second option (commented) is supposed to suppress ssl cert checking entirely, as far as I understand it. But that doesn't work - same error. With the first option, I downloaded the appropriate file and put it in by lib/assets directory, but that doesn't seem to work either.
Has something changed recently with this? Am I missing something obvious?
Looks like the way to do it is here:
https://gist.github.com/867550
Try following the instructions given in this link:
http://jimneath.org/2011/10/19/ruby-ssl-certificate-verify-failed.html
And you have to make this minor change in fix_ssl.rb at the end:
self.ca_file = Rails.root.join('lib/ca-bundle.crt').to_s
I hope this helps.
I am trying to authenticate users with Facebook using OmniAuth. Initially, it was working, but along the way it just stopped working and started to give me this error message:
OpenSSL::SSL::SSLError SSL_connect
returned=1 errno=0 state=SSLv3 read
server certificate B: certificate
verify failed
The same code works well for Twitter and I can't seem to understand why it doesn't work for Facebook. I have looked online for help, but I haven't been successful.
This is the link to the website I am building: http://www.bestizz.com/
And this url would give you the error message: http://www.bestizz.com/auth/facebook
Ruby cannot find any root certificates. Here is an option for debugging purposes. Put following code at the begining of your script:
require 'openssl'
OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE
Add the following code to config/initializers/fix_ssl.rb
require 'open-uri'
require 'net/https'
module Net
class HTTP
alias_method :original_use_ssl=, :use_ssl=
def use_ssl=(flag)
self.ca_file = "/etc/pki/tls/certs/ca-bundle.crt" # for Centos/Redhat
self.verify_mode = OpenSSL::SSL::VERIFY_PEER
self.original_use_ssl = flag
end
end
end
Note:
Many operating systems already come with a supplied certificate bundle.
For example in Red Hat Enterprise Linux and CentOS it's installed in:
/etc/pki/tls/certs/ca-bundle.crt
For Ubuntu its at:
/etc/ssl/certs/ca-certificates.crt
I've been facing the same problem after updating Ruby running on Yosemite, but while trying to authenticate with Google.
Following this: https://toadle.me/2015/04/16/fixing-failing-ssl-verification-with-rvm.html seemed to solve my problem.
For the sake of history I'll quote:
So the rvm-installed ruby does look into the wrong directory for certificates whereas the OSX-ruby will look into the correct one. In it's case that is a OSX system-directory.
So the rvm-installed ruby is the problem.
This discussion on Github finally gave the solution: Somehow RVM comes with a precompiled version of ruby that is statically linked against an openssl that looks into /etc/openssl for it's certificates.
What you wanna do is NOT TO USE any of the precompiled rubies and rather have ruby compiled on your local machine, like so: rvm install 2.2.0 --disable-binary
In the end, I had to run:
rvm uninstall ruby-2.2.4
rvm install ruby-2.2.4 --disable-binary
gem pristine --all
Hope this helps
Looks like SSL verification is failing for Facebook. I'm no OpenSSL master, but I think this should work for you.
Assuming you're using an up-to-date version of OmniAuth (>= 0.2.2, I assume you are) and a version of Faraday >= 0.6.1 (the stack trace says you are), you can pass the location of your CA certificates bundle. Modify your OmniAuth setup for Facebook accordingly:
Rails.application.config.middleware.use OmniAuth::Builder do
provider :facebook, 'appid', 'appsecret', {:scope => 'publish_stream,email', :client_options => {:ssl => {:ca_path => '/etc/ssl/certs'}}}
# other providers...
end
and replace '/etc/ssl/certs' with the path to your bundle. If you need one, I believe this file will work for you--just put it somewhere, give it necessary permissions, and point your app at it.
Thanks to Alex Kremer at this SO answer for the detailed instructions.
This link should work. https://gist.github.com/fnichol/867550 Just follow the instructions. You will need to download Rails installer and run two command line functions.
Do this, this will get ride of the certificate error with openssl
sudo curl http://curl.haxx.se/ca/cacert.pem -o /opt/local/etc/openssl/cert.pem
An ugly workaround I just did is to override the class in Net::HTTP and set the variable which tells it to not verify ssl certs:
require 'net/http'
require 'openssl'
class Net::HTTP
alias_method :orig_connect, :connect
def connect
#ssl_context.verify_mode = OpenSSL::SSL::VERIFY_NONE
orig_connect
end
end
I did it this way because I don't want to muck with the source code of the gem which calls the gem which calls the gem which calls Net::HTTP. I should really go back and figure out how to nudge it to look at a separate cacert.pem file instead. I can't modify the server's cacert.pem file, or that would be the best route.
Using authlogic 2.1.3, and authlogic-oid 1.0.4 I receive the following error as soon as rails hits a controller making a request to an OpenID provider:
uninitialized constant OpenIdAuthentication::InvalidOpenId
I also have the following installed:
rack-openid (0.2.1)
ruby-openid (2.1.7)
rails/open_id_authentication plugin
Gems in environment.rb are configured as such:
config.gem "authlogic"
config.gem "authlogic-oid", :lib => "authlogic_openid"
config.gem "ruby-openid", :lib => "openid"
Any suggestions would be appreciated, thank you.
rails/open_id_authentication plugin has been updated a few days ago and it breaks compatibility with the authlogic_openid gem (v=1.0.4).
Youl'll have to wait until someone fix the authlogic_openid gem (the issue)
I resolved that issue in my authlogic_openid fork, feel free to grab this commit: http://github.com/mreinsch/authlogic_openid/commit/9b802c347f5addebcbce945af3b5f80b3ee7b214
I was having the same trouble and I really wanted open-id with authlogic, so I copied an old version of plugin from one of Ryan Bates' railscasts apps.
Here's the link git#github.com:senthilnambi/open-id.git. Install it like normally and you should be fine.
Hope this helps. :)
Just like senthil provided, but with no # at URL:
script/plugin install git://github.com/senthilnambi/open-id.git
Then I erase the old (plugin/gem) who does not work
Going through the railscast 170. Troubleshooting lead me here. I tried authlogic_openid fork from last poster (mreinsch). This thankfully corrected openid_identifier error long enough for the regular login system to work, but not openid.
It's giving me an name error on the save method as identified in the block. This is apparently used to allow openid to get me to login.
Error Dump:
NameError in User sessionsController#create
uninitialized constant Rack::OpenID
/usr/lib/ruby/gems/1.8/gems/activesupport-2.3.5/lib/active_support/dependencies.rb:443:in `load_missing_constant'
/usr/lib/ruby/gems/1.8/gems/activesupport-2.3.5/lib/active_support/dependencies.rb:80:in `const_missing'
/Sites/authlogic_b/vendor/plugins/authlogic_openid/lib/authlogic_openid/session.rb:72:in `save'
/Sites/authlogic_b/app/controllers/user_sessions_controller.rb:8:in `create'