Forum: Ruby OpenSSL Ruby 1.9? "Certificate verify failed"

Hi Guys!

I'm trying to use OpenSSL with Ruby 1.9.1 but each time it tells me
"SSLv3 read server certificate B: certificate verify failed
(OpenSSL::SSL::SSLError)".

Also, I had to copy ssleay32.dll and libeay32.dll else it wouldn't have
"worked"..

Here's the ruby code:

    require 'net/https'
    require 'uri'

    uri = URI.parse(ARGV[0] || 'https://gmail.com/')
    http = Net::HTTP.new(uri.host, uri.port)
    http.use_ssl = true if uri.scheme == "https"  # enable SSL/TLS
    http.start {
      http.request_get(uri.path) {|res|
        print res.body
      }
    }

Nothing complex, I just don't understand WHY it doesn't work?! If
someone could help me, I'd be verry happy, I really don't know what to
do...

Below the forwarded email is my verification that this error has
nothing to do with windows (beyond bug #999, but that is tangental).
Is this expected behavior? Is certificate handling stricter in 1.9.1?

Begin forwarded message:

> I'm trying to use OpenSSL with Ruby 1.9.1 but each time it tells me
>    require 'uri'
> Nothing complex, I just don't understand WHY it doesn't work?! If
> someone could help me, I'd be verry happy, I really don't know what to
> do...
> -- 
> Posted via http://www.ruby-forum.com/.

507 % ./miniruby -I./lib -I.ext/common -I./- -r./ext/purelib.rb  ./
runruby.rb --extout=.ext  -- -v ~/x.rb
ruby 1.9.1p5000 (2009-01-20 trunk 21699) [i386-darwin9.6.0]
/Users/ryan/Work/svn/ruby/ruby/lib/net/http.rb:611:in `connect':
SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B:
certificate verify failed (OpenSSL::SSL::SSLError)
  from /Users/ryan/Work/svn/ruby/ruby/lib/net/http.rb:611:in `connect'
  from /Users/ryan/Work/svn/ruby/ruby/lib/net/http.rb:574:in `do_start'
  from /Users/ryan/Work/svn/ruby/ruby/lib/net/http.rb:563:in `start'
  from /Users/ryan/x.rb:7:in `<main>'
508 % ruby -v ~/x.rbruby 1.8.6 (2008-03-03 patchlevel 114) [universal-
darwin9.0]
warning: peer certificate won't be verified in this SSL session
/System/Library/Frameworks/Ruby.framework/Versions/1.8/usr/lib/ruby/
1.8/net/http.rb:571: warning: using default DH parameters.
<HTML><HEAD><meta http-equiv="content-type" content="text/
html;charset=utf-8">
<TITLE>301 Moved</TITLE></HEAD><BODY>
<H1>301 Moved</H1>
The document has moved
<A HREF="https://mail.google.com/mail/">here</A>.
</BODY></HTML>
509 % cat ~/x.rb
    require 'net/https'
    require 'uri'

    uri = URI.parse(ARGV[0] || 'https://gmail.com/')
    http = Net::HTTP.new(uri.host, uri.port)
    http.use_ssl = true if uri.scheme == "https"  # enable SSL/TLS
    http.start {
      http.request_get(uri.path) {|res|
        print res.body
      }
    }

On Jan 23, 2009, at 22:56 , Alexandre Alex wrote:

> I'm trying to use OpenSSL with Ruby 1.9.1 but each time it tells me
> "SSLv3 read server certificate B: certificate verify failed
> (OpenSSL::SSL::SSLError)".

I've forwarded this with additional verification that windows is not
playing part to ruby-core@.

Ryan Davis wrote:
> On Jan 23, 2009, at 22:56 , Alexandre Alex wrote:
> 
>> I'm trying to use OpenSSL with Ruby 1.9.1 but each time it tells me
>> "SSLv3 read server certificate B: certificate verify failed
>> (OpenSSL::SSL::SSLError)".
> 
> I've forwarded this with additional verification that windows is not
> playing part to ruby-core@.

But then, if the certificate verification is stricter in Ruby 1.9, how 
do I do to make it works?

Thank you very much!

Alexandre Alex wrote:
> Hi Guys!
> 
> I'm trying to use OpenSSL with Ruby 1.9.1 but each time it tells me
> "SSLv3 read server certificate B: certificate verify failed
> (OpenSSL::SSL::SSLError)".
> 
Add the following, just next to http.use_ssl:

http.verify_mode = OpenSSL::SSL::VERIFY_NONE


--
Training screencasts in french: http://www.digiprof.fr