Forum: Ruby OpenSSL Ruby 1.9? "Certificate verify failed"

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
B0036c87a8fdc3d021db0d08fbda2a9c?d=identicon&s=25 A. Vaillancourt (alex797)
on 2009-01-24 07:57
Hi Guys!

I'm trying to use OpenSSL with Ruby 1.9.1 but each time it tells me
"SSLv3 read server certificate B: certificate verify failed
(OpenSSL::SSL::SSLError)".

Also, I had to copy ssleay32.dll and libeay32.dll else it wouldn't have
"worked"..

Here's the ruby code:

    require 'net/https'
    require 'uri'

    uri = URI.parse(ARGV[0] || 'https://gmail.com/')
    http = Net::HTTP.new(uri.host, uri.port)
    http.use_ssl = true if uri.scheme == "https"  # enable SSL/TLS
    http.start {
      http.request_get(uri.path) {|res|
        print res.body
      }
    }

Nothing complex, I just don't understand WHY it doesn't work?! If
someone could help me, I'd be verry happy, I really don't know what to
do...
5a837592409354297424994e8d62f722?d=identicon&s=25 Ryan Davis (Guest)
on 2009-01-24 10:35
(Received via mailing list)
Below the forwarded email is my verification that this error has
nothing to do with windows (beyond bug #999, but that is tangental).
Is this expected behavior? Is certificate handling stricter in 1.9.1?

Begin forwarded message:

> I'm trying to use OpenSSL with Ruby 1.9.1 but each time it tells me
>    require 'uri'
> Nothing complex, I just don't understand WHY it doesn't work?! If
> someone could help me, I'd be verry happy, I really don't know what to
> do...
> --
> Posted via http://www.ruby-forum.com/.

507 % ./miniruby -I./lib -I.ext/common -I./- -r./ext/purelib.rb  ./
runruby.rb --extout=.ext  -- -v ~/x.rb
ruby 1.9.1p5000 (2009-01-20 trunk 21699) [i386-darwin9.6.0]
/Users/ryan/Work/svn/ruby/ruby/lib/net/http.rb:611:in `connect':
SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B:
certificate verify failed (OpenSSL::SSL::SSLError)
  from /Users/ryan/Work/svn/ruby/ruby/lib/net/http.rb:611:in `connect'
  from /Users/ryan/Work/svn/ruby/ruby/lib/net/http.rb:574:in `do_start'
  from /Users/ryan/Work/svn/ruby/ruby/lib/net/http.rb:563:in `start'
  from /Users/ryan/x.rb:7:in `<main>'
508 % ruby -v ~/x.rbruby 1.8.6 (2008-03-03 patchlevel 114) [universal-
darwin9.0]
warning: peer certificate won't be verified in this SSL session
/System/Library/Frameworks/Ruby.framework/Versions/1.8/usr/lib/ruby/
1.8/net/http.rb:571: warning: using default DH parameters.
<HTML><HEAD><meta http-equiv="content-type" content="text/
html;charset=utf-8">
<TITLE>301 Moved</TITLE></HEAD><BODY>
<H1>301 Moved</H1>
The document has moved
<A HREF="https://mail.google.com/mail/">here</A>.
</BODY></HTML>
509 % cat ~/x.rb
    require 'net/https'
    require 'uri'

    uri = URI.parse(ARGV[0] || 'https://gmail.com/')
    http = Net::HTTP.new(uri.host, uri.port)
    http.use_ssl = true if uri.scheme == "https"  # enable SSL/TLS
    http.start {
      http.request_get(uri.path) {|res|
        print res.body
      }
    }
5a837592409354297424994e8d62f722?d=identicon&s=25 Ryan Davis (Guest)
on 2009-01-24 10:35
(Received via mailing list)
On Jan 23, 2009, at 22:56 , Alexandre Alex wrote:

> I'm trying to use OpenSSL with Ruby 1.9.1 but each time it tells me
> "SSLv3 read server certificate B: certificate verify failed
> (OpenSSL::SSL::SSLError)".

I've forwarded this with additional verification that windows is not
playing part to ruby-core@.
B0036c87a8fdc3d021db0d08fbda2a9c?d=identicon&s=25 A. Vaillancourt (alex797)
on 2009-01-24 16:48
Ryan Davis wrote:
> On Jan 23, 2009, at 22:56 , Alexandre Alex wrote:
>
>> I'm trying to use OpenSSL with Ruby 1.9.1 but each time it tells me
>> "SSLv3 read server certificate B: certificate verify failed
>> (OpenSSL::SSL::SSLError)".
>
> I've forwarded this with additional verification that windows is not
> playing part to ruby-core@.

But then, if the certificate verification is stricter in Ruby 1.9, how
do I do to make it works?

Thank you very much!
059ed46172a087063ce26250e44c8627?d=identicon&s=25 Fernando Perez (fernando)
on 2009-01-24 23:14
Alexandre Alex wrote:
> Hi Guys!
>
> I'm trying to use OpenSSL with Ruby 1.9.1 but each time it tells me
> "SSLv3 read server certificate B: certificate verify failed
> (OpenSSL::SSL::SSLError)".
>
Add the following, just next to http.use_ssl:

http.verify_mode = OpenSSL::SSL::VERIFY_NONE


--
Training screencasts in french: http://www.digiprof.fr
This topic is locked and can not be replied to.