How to get soap4r to not bother verifying SSL certificate (verify_mode none)?

dubstep · January 3, 2011, 12:21pm

Using Ruby 1.8.7, Rails 2.3.8. I don’t want it to verify the cert…

This is my backtrace:

OpenSSL::SSL::SSLError (SSL_connect returned=1 errno=0 state=SSLv3 read
server certificate B: certificate verify failed):
httpclient (2.1.5.2) lib/httpclient/session.rb:247:in connect' httpclient (2.1.5.2) lib/httpclient/session.rb:247:inssl_connect’
httpclient (2.1.5.2) lib/httpclient/session.rb:639:in connect' httpclient (2.1.5.2) lib/httpclient/timeout.rb:128:intimeout’
httpclient (2.1.5.2) lib/httpclient/session.rb:631:in connect' httpclient (2.1.5.2) lib/httpclient/session.rb:522:inquery’
httpclient (2.1.5.2) lib/httpclient/session.rb:147:in query' httpclient (2.1.5.2) lib/httpclient.rb:953:indo_get_block’
httpclient (2.1.5.2) lib/httpclient.rb:765:in do_request' httpclient (2.1.5.2) lib/httpclient.rb:848:inprotect_keep_alive_disconnected’
httpclient (2.1.5.2) lib/httpclient.rb:764:in do_request' httpclient (2.1.5.2) lib/httpclient.rb:666:inrequest’
httpclient (2.1.5.2) lib/httpclient.rb:596:in post' /opt/local/lib/ruby/gems/1.8/gems/soap4r-1.5.8/lib/soap/streamHandler.rb:238:insend_post’
/opt/local/lib/ruby/gems/1.8/gems/soap4r-1.5.8/lib/soap/streamHandler.rb:172:in
send' /opt/local/lib/ruby/gems/1.8/gems/soap4r-1.5.8/lib/soap/rpc/proxy.rb:179:inroute’
/opt/local/lib/ruby/gems/1.8/gems/soap4r-1.5.8/lib/soap/rpc/proxy.rb:143:in
call' /opt/local/lib/ruby/gems/1.8/gems/soap4r-1.5.8/lib/soap/rpc/driver.rb:181:incall’
(eval):6:in `getDataBySecure’

frebe73 · January 3, 2011, 1:04pm

On Jan 3, 11:21am, “Fredrik B.” [email protected] wrote:

Using Ruby 1.8.7, Rails 2.3.8. I don’t want it to verify the cert…

I think you can do something like
driver.options[“protocol.http.ssl_config”] = {‘verify_mode’ => foo} or
maybe driver.options[“protocol.http.ssl_config.verify_mode”] = foo

Fred

frebe73 · January 3, 2011, 1:08pm

I tried that. In ~GEM_HOME/gems/soap4r-1.5.8/lib/soap/netHttpClient.rb,
I changed it to:

180 if SSLEnabled
181 http.ssl_config.verify_mode = nil
182 http.use_ssl = true

And I also tried with

http.ssl_config.verify_mode = (OpenSSL::SSL::VERIFY_NONE)

None of those seem to work.

frebe73 · January 3, 2011, 1:08pm

It works locally… Hmm. My OpenSSL versions differs on the server and
locally. That’s probably the culprit.

frebe73 · January 3, 2011, 1:51pm

You tried what i suggested or you tried the monkey patch you posted
below? It’s worth noting that soap4r will use the httpaccess gem if it
is present, falling back to net/http if it isn’t - I think you may only
have monkeypatched the net/http part of soap4r

Fred

Sent from my iPhone