OpenSSL Ruby 1.9? "Certificate verify failed"


#1

Hi Guys!

I’m trying to use OpenSSL with Ruby 1.9.1 but each time it tells me
“SSLv3 read server certificate B: certificate verify failed
(OpenSSL::SSL::SSLError)”.

Also, I had to copy ssleay32.dll and libeay32.dll else it wouldn’t have
“worked”…

Here’s the ruby code:

require 'net/https'
require 'uri'

uri = URI.parse(ARGV[0] || 'https://gmail.com/')
http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = true if uri.scheme == "https"  # enable SSL/TLS
http.start {
  http.request_get(uri.path) {|res|
    print res.body
  }
}

Nothing complex, I just don’t understand WHY it doesn’t work?! If
someone could help me, I’d be verry happy, I really don’t know what to
do…


#2

Below the forwarded email is my verification that this error has
nothing to do with windows (beyond bug #999, but that is tangental).
Is this expected behavior? Is certificate handling stricter in 1.9.1?

Begin forwarded message:

I’m trying to use OpenSSL with Ruby 1.9.1 but each time it tells me
require ‘uri’
Nothing complex, I just don’t understand WHY it doesn’t work?! If
someone could help me, I’d be verry happy, I really don’t know what to
do…

Posted via http://www.ruby-forum.com/.

507 % ./miniruby -I./lib -I.ext/common -I./- -r./ext/purelib.rb ./
runruby.rb --extout=.ext – -v ~/x.rb
ruby 1.9.1p5000 (2009-01-20 trunk 21699) [i386-darwin9.6.0]
/Users/ryan/Work/svn/ruby/ruby/lib/net/http.rb:611:in connect': SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (OpenSSL::SSL::SSLError) from /Users/ryan/Work/svn/ruby/ruby/lib/net/http.rb:611:inconnect’
from /Users/ryan/Work/svn/ruby/ruby/lib/net/http.rb:574:in do_start' from /Users/ryan/Work/svn/ruby/ruby/lib/net/http.rb:563:instart’
from /Users/ryan/x.rb:7:in `’
508 % ruby -v ~/x.rbruby 1.8.6 (2008-03-03 patchlevel 114) [universal-
darwin9.0]
warning: peer certificate won’t be verified in this SSL session
/System/Library/Frameworks/Ruby.framework/Versions/1.8/usr/lib/ruby/
1.8/net/http.rb:571: warning: using default DH parameters.

301 Moved

301 Moved

The document has moved here. 509 % cat ~/x.rb require 'net/https' require 'uri'
uri = URI.parse(ARGV[0] || 'https://gmail.com/')
http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = true if uri.scheme == "https"  # enable SSL/TLS
http.start {
  http.request_get(uri.path) {|res|
    print res.body
  }
}

#3

On Jan 23, 2009, at 22:56 , Alexandre Alex wrote:

I’m trying to use OpenSSL with Ruby 1.9.1 but each time it tells me
“SSLv3 read server certificate B: certificate verify failed
(OpenSSL::SSL::SSLError)”.

I’ve forwarded this with additional verification that windows is not
playing part to ruby-core@.


#4

Ryan D. wrote:

On Jan 23, 2009, at 22:56 , Alexandre Alex wrote:

I’m trying to use OpenSSL with Ruby 1.9.1 but each time it tells me
“SSLv3 read server certificate B: certificate verify failed
(OpenSSL::SSL::SSLError)”.

I’ve forwarded this with additional verification that windows is not
playing part to ruby-core@.

But then, if the certificate verification is stricter in Ruby 1.9, how
do I do to make it works?

Thank you very much!


#5

Alexandre Alex wrote:

Hi Guys!

I’m trying to use OpenSSL with Ruby 1.9.1 but each time it tells me
“SSLv3 read server certificate B: certificate verify failed
(OpenSSL::SSL::SSLError)”.

Add the following, just next to http.use_ssl:

http.verify_mode = OpenSSL::SSL::VERIFY_NONE


Training screencasts in french: http://www.digiprof.fr