Forum: Ruby SOAP - issue with openssl verification failure

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
C5e4dc3d507f667f5be67f42446e8ae4?d=identicon&s=25 Venkat Alla (spinhoo)
on 2009-05-01 23:03
I have the following code in a script that I am trying to use at work -

#!/usr/local/bin/ruby

require 'rubygems'
require 'soap/wsdlDriver'

wsdl = 'myURL'
driver = SOAP::WSDLDriverFactory.new(wsdl).create_rpc_driver

I have a working perl snippet given, which uses SOAP::Lite. I want to
use ruby to code my script, but unable to go past the above lines.

Here is the error I am receiving -


  at depth 0 - 20: unable to get local issuer certificate
  OpenSSL::SSL::SSLError: certificate verify failed

I am stuck for hours trying to figure a way out. Please help.

Thanks in advance.
C5e4dc3d507f667f5be67f42446e8ae4?d=identicon&s=25 Venkat Alla (spinhoo)
on 2009-05-02 14:09
I am using ruby 1.8.6 on Mac OS X box. Forgot to mention that in my
first post. Please let me know if you have any thoughts on this. I am
still stuck on this :(
Ddba3dc260299fe6d1f52345224256ff?d=identicon&s=25 Steven Williamson (Guest)
on 2009-05-02 16:51
(Received via mailing list)
This isn't a ruby problem looks like your connecting to a server using
ssl
which has self signed certificate. Hence it can't be verifid. If you get
hold of the cert you can add it to your trusted certs list. But brware
this
means your trusting the certificate implicitly.

Fine for testing though.

On May 1, 2009 10:04 PM, "Venkat Alla" <spinhoo2000@yahoo.com> wrote:

I have the following code in a script that I am trying to use at work -

#!/usr/local/bin/ruby

require 'rubygems'
require 'soap/wsdlDriver'

wsdl = 'myURL'
driver = SOAP::WSDLDriverFactory.new(wsdl).create_rpc_driver

I have a working perl snippet given, which uses SOAP::Lite. I want to
use ruby to code my script, but unable to go past the above lines.

Here is the error I am receiving -


 at depth 0 - 20: unable to get local issuer certificate
 OpenSSL::SSL::SSLError: certificate verify failed

I am stuck for hours trying to figure a way out. Please help.

Thanks in advance.
400ee360c0e0f612776d612abd3dfd27?d=identicon&s=25 Joe Gutierrez (Guest)
on 2009-05-02 18:19
(Received via mailing list)
I am having the same problem. Is adding the cert to your trusted certs
list a Ruby thing or a system related task? It seems that it's not
possible to specify options to SOAP::WSDLDriverFactory.new, such as an
SSL cert :).

Joseph Gutierrez
Web Developer - Inc21
jgutierrez@inc21.com
400ee360c0e0f612776d612abd3dfd27?d=identicon&s=25 Joe Gutierrez (Guest)
on 2009-05-02 18:40
(Received via mailing list)
How do you add a cert to your list of trusted certs? Is it possible to
specify a cert a some point when creating a new SOAP::WSDLDriverFactory?

Joseph Gutierrez
Web Developer - Inc21
jgutierrez@inc21.com
C5e4dc3d507f667f5be67f42446e8ae4?d=identicon&s=25 Venkat Alla (spinhoo)
on 2009-05-02 22:00
This is for my tool at the place of work and there is no harm in
trusting this cert as it belongs to one of our internal groups. I have
saved the certificate using firefox. But not sure how to make the
openssl to trust it. Any clues will be greatly appreciated.

Thanks
Venkat

Steven Williamson wrote:
> This isn't a ruby problem looks like your connecting to a server using
> ssl
> which has self signed certificate. Hence it can't be verifid. If you get
> hold of the cert you can add it to your trusted certs list. But brware
> this
> means your trusting the certificate implicitly.
Ddba3dc260299fe6d1f52345224256ff?d=identicon&s=25 Steven Williamson (Guest)
on 2009-05-02 22:51
(Received via mailing list)
Hi,

You can follow the guide at:
 http://gagravarr.org/writing/openssl-certs/others....

Cheers
Steve

2009/5/2 Venkat Alla <spinhoo2000@yahoo.com>
C5e4dc3d507f667f5be67f42446e8ae4?d=identicon&s=25 Venkat Alla (spinhoo)
on 2009-05-03 00:13
Thanks Steve for the link. I thought I did pretty much everything
mentioned in that page but still getting this error -

"error 20 at 0 depth lookup:unable to get local issuer certificate"


Steven Williamson wrote:
> Hi,
>
> You can follow the guide at:
>  http://gagravarr.org/writing/openssl-certs/others....
>
> Cheers
> Steve
>
> 2009/5/2 Venkat Alla <spinhoo2000@yahoo.com>
Ddba3dc260299fe6d1f52345224256ff?d=identicon&s=25 Steven Williamson (Guest)
on 2009-05-03 07:20
(Received via mailing list)
Hi guys,

To add the certs to your trusted list using openssl at least you can
google
for the procedure. Basicaly you add the cert to /etc/openssl/certs and
create a symlink to it. The symlinks name should be the fingerprint of
the
certificate. Openssl will then trust the cert.

As for macosx I have no idea I don't run it :)

You could also search the ruby api docs there should be an option to
disable
the verification of certificates. Though this may not be an option.

Cheers

Steve.

On May 2, 2009 1:10 PM, "Venkat Alla" <spinhoo2000@yahoo.com> wrote:

I am using ruby 1.8.6 on Mac OS X box. Forgot to mention that in my
first post. Please let me know if you have any thoughts on this. I am
still stuck on this :(

-- Posted via http://www.ruby-forum.com/.
57776f527266e61b18ce39ffb295935d?d=identicon&s=25 Yesh Sriram (ysriram)
on 2009-05-03 17:55
Joe Gutierrez wrote:
> I am having the same problem. Is adding the cert to your trusted certs
> list a Ruby thing or a system related task? It seems that it's not
> possible to specify options to SOAP::WSDLDriverFactory.new, such as an
> SSL cert :).
>
> Joseph Gutierrez
> Web Developer - Inc21
> jgutierrez@inc21.com

If you want to ignore SSL verification simply set the following property
on the driver object

obj.options["protocol.http.ssl_config.verify_mode"] =
OpenSSL::SSL::VERIFY_NONE

I got the answer from soap4r discussion in google groups.
http://groups.google.com/group/soap4r

- Yesh
This topic is locked and can not be replied to.