HttpClienbt SSL Errors - OS Specific (RHEL 4 versus CentOS 5.4)

Hi, Im looking for help using HttpClient with Ruby on Rails. Heres our
environment:

Red Hat Enterprise Linux ES release 4 (Nahant Update 4) OR Cent OS 5.4
openssl version: OpenSSL 0.9.8e 23 Feb 2007 or OpenSSL 0.9.8e-fips-rhel5
01 Jul 2008 or OpenSSL 0.9.7a Feb 19 2003
ruby: 1.8.6 or 1.8.7
httpclient ruby gem: httpclient 2.1.5.2

On the RHEL4 based machines (with openssl of 0.9.7 OR 0.9.8) I get one
of these 2 errors 9whereas the same code on CentOS works):

  1. cacerts loading failed
    at depth 1 - 20: unable to get local issuer certificate
    OpenSSL::SSL::SSLError: certificate verify failed
    from
    /usr/local/lib/ruby/gems/1.8/gems/httpclient-2.1.5.2/lib/httpclient/session.rb:247:in
    `connect’

OR

  1. cacerts loading failed
    OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3 read
    server certificate B: certificate verify failed
    from
    /usr/local/lib/ruby/gems/1.8/gems/httpclient-2.1.5.2/lib/httpclient/session.rb:247:in
    `connect’

I thought that upgrading SSL would fix the RHEL4 servers but thats not
the case.

Anyone have an idea of what other packages or libraries I need to
upgrade on RHEL4 to make these errors go away?

Any input is appreciated, thanks,

Mike

Mike P. wrote in post #989708:

On the RHEL4 based machines (with openssl of 0.9.7 OR 0.9.8) I get one
of these 2 errors 9whereas the same code on CentOS works):

  1. cacerts loading failed
    at depth 1 - 20: unable to get local issuer certificate

This means it can’t find a root certificate with which to verify the
site certificate.

To start with, forget about ruby. Make it verify using the openssl
command line tool:

openssl s_client -connect my.server.name:443 # should not verify

openssl s_client -connect my.server.name:443 -CApath /path/to/certs

where /path/to/certs is whatever directory contains your collection of
root certificates; I don’t know what it is for RHEL4, but googling
suggests this:

http://www.linux-archive.org/centos/63476-ca-files-ssl-where.html

When you get “verify return code 0” then you know everything is working.

Then you just need to pass the correct option to ruby so it can find the
CA directory. For example, with Net::HTTP it would be
:ca_path=>"/path/to/certs"

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs