SOAP - issue with openssl verification failure


#1

I have the following code in a script that I am trying to use at work -

#!/usr/local/bin/ruby

require ‘rubygems’
require ‘soap/wsdlDriver’

wsdl = ‘myURL’
driver = SOAP::WSDLDriverFactory.new(wsdl).create_rpc_driver

I have a working perl snippet given, which uses SOAP::Lite. I want to
use ruby to code my script, but unable to go past the above lines.

Here is the error I am receiving -

at depth 0 - 20: unable to get local issuer certificate
OpenSSL::SSL::SSLError: certificate verify failed

I am stuck for hours trying to figure a way out. Please help.

Thanks in advance.


#2

I am using ruby 1.8.6 on Mac OS X box. Forgot to mention that in my
first post. Please let me know if you have any thoughts on this. I am
still stuck on this :frowning:


#3

This isn’t a ruby problem looks like your connecting to a server using
ssl
which has self signed certificate. Hence it can’t be verifid. If you get
hold of the cert you can add it to your trusted certs list. But brware
this
means your trusting the certificate implicitly.

Fine for testing though.

On May 1, 2009 10:04 PM, “Venkat A.” removed_email_address@domain.invalid wrote:

I have the following code in a script that I am trying to use at work -

#!/usr/local/bin/ruby

require ‘rubygems’
require ‘soap/wsdlDriver’

wsdl = ‘myURL’
driver = SOAP::WSDLDriverFactory.new(wsdl).create_rpc_driver

I have a working perl snippet given, which uses SOAP::Lite. I want to
use ruby to code my script, but unable to go past the above lines.

Here is the error I am receiving -

at depth 0 - 20: unable to get local issuer certificate
OpenSSL::SSL::SSLError: certificate verify failed

I am stuck for hours trying to figure a way out. Please help.

Thanks in advance.


#4

I am having the same problem. Is adding the cert to your trusted certs
list a Ruby thing or a system related task? It seems that it’s not
possible to specify options to SOAP::WSDLDriverFactory.new, such as an
SSL cert :).

Joseph Gutierrez
Web D. - Inc21
removed_email_address@domain.invalid


#5

How do you add a cert to your list of trusted certs? Is it possible to
specify a cert a some point when creating a new SOAP::WSDLDriverFactory?

Joseph Gutierrez
Web D. - Inc21
removed_email_address@domain.invalid


#6

Hi,

You can follow the guide at:
http://gagravarr.org/writing/openssl-certs/others.shtml#ca-openssl

Cheers
Steve

2009/5/2 Venkat A. removed_email_address@domain.invalid


#7

This is for my tool at the place of work and there is no harm in
trusting this cert as it belongs to one of our internal groups. I have
saved the certificate using firefox. But not sure how to make the
openssl to trust it. Any clues will be greatly appreciated.

Thanks
Venkat

Steven Williamson wrote:

This isn’t a ruby problem looks like your connecting to a server using
ssl
which has self signed certificate. Hence it can’t be verifid. If you get
hold of the cert you can add it to your trusted certs list. But brware
this
means your trusting the certificate implicitly.


#8

Hi guys,

To add the certs to your trusted list using openssl at least you can
google
for the procedure. Basicaly you add the cert to /etc/openssl/certs and
create a symlink to it. The symlinks name should be the fingerprint of
the
certificate. Openssl will then trust the cert.

As for macosx I have no idea I don’t run it :slight_smile:

You could also search the ruby api docs there should be an option to
disable
the verification of certificates. Though this may not be an option.

Cheers

Steve.

On May 2, 2009 1:10 PM, “Venkat A.” removed_email_address@domain.invalid wrote:

I am using ruby 1.8.6 on Mac OS X box. Forgot to mention that in my
first post. Please let me know if you have any thoughts on this. I am
still stuck on this :frowning:

– Posted via http://www.ruby-forum.com/.


#9

Thanks Steve for the link. I thought I did pretty much everything
mentioned in that page but still getting this error -

“error 20 at 0 depth lookup:unable to get local issuer certificate”

Steven Williamson wrote:

Hi,

You can follow the guide at:
http://gagravarr.org/writing/openssl-certs/others.shtml#ca-openssl

Cheers
Steve

2009/5/2 Venkat A. removed_email_address@domain.invalid


#10

Joe G. wrote:

I am having the same problem. Is adding the cert to your trusted certs
list a Ruby thing or a system related task? It seems that it’s not
possible to specify options to SOAP::WSDLDriverFactory.new, such as an
SSL cert :).

Joseph Gutierrez
Web D. - Inc21
removed_email_address@domain.invalid

If you want to ignore SSL verification simply set the following property
on the driver object

obj.options[“protocol.http.ssl_config.verify_mode”] =
OpenSSL::SSL::VERIFY_NONE

I got the answer from soap4r discussion in google groups.
http://groups.google.com/group/soap4r

  • Yesh