Forum: JRuby Issue: Specifing jruby SSL keystore location

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
E413e67f84dd83d35973e4251790bd8c?d=identicon&s=25 Chason Choate (Guest)
on 2015-05-01 17:44
(Received via mailing list)
Hello everyone,

I've been having some trouble specifying a custom keystore for use with
SSL. I'm creating a local CA and then creating a self-signed cert from
that
CA. Now I want to be able to start a Jetty server and hit it with jruby.
My
current issue is I can't seem to get jruby to pick up the local keystore
and trust it. I'm hopeful someone has ran into this issue before or can
walk me through how to fix it. Below is my test case:

*Env:*

* CentOS 6.5
* Java 7
* jruby-complete-1.7.12

*Steps to reproduce:*

* Install this simple jetty server (
http://blog.knoldus.com/2013/09/10/configure-ssl-o...
)
* Run the commands to generate the CA and self-signed cert.
* Start the jetty server (should be on 8443)
* Use the following jruby script to contact the jetty server over SSL:

require 'java'
require 'net/https'
host = 'localhost'
path = '/'

puts 'javax.net.ssl.trustStore = ' +
java.lang.System.getProperty('javax.net.ssl.trustStore')
puts 'javax.net.ssl.trustStorePassword = ' +
java.lang.System.getProperty('javax.net.ssl.trustStorePassword')

https = Net::HTTP.new(host, 8443)
https.use_ssl = true
https.ssl_timeout = 2
https.verify_mode = OpenSSL::SSL::VERIFY_PEER
response = https.request(Net::HTTP::Get.new('/'))
puts response.body

* If everything is working correctly you should see HTML dumped to your
terminal.
* Otherwise if there are issues verifying the certificates you'll see an
error like: (which is what i'm seeing)

[vagrant@localhost ~]$ java
-Djavax.net.ssl.trustStore=~/jetty-hightide-8.1.8.v20121106/etc/certs/keystore
-D -Djavax.net.ssl.trustStorePassword=changeit -jar
/path/to/jruby-complete-1.7.12.jar local.rb
javax.net.ssl.trustStore =
~/jetty-hightide-8.1.8.v20121106/etc/certs/keystore
javax.net.ssl.trustStorePassword = changeit
OpenSSL::SSL::SSLError: certificate verify failed
   connect at org/jruby/ext/openssl/SSLSocket.java:170
   connect at
file:/synthesysserver/lib/jruby-complete-1.7.12.jar!/META-INF/jruby.home/lib/ruby/1.9/net/http.rb:799
   timeout at org/jruby/ext/timeout/Timeout.java:104
   connect at
file:/synthesysserver/lib/jruby-complete-1.7.12.jar!/META-INF/jruby.home/lib/ruby/1.9/net/http.rb:799
  do_start at
file:/synthesysserver/lib/jruby-complete-1.7.12.jar!/META-INF/jruby.home/lib/ruby/1.9/net/http.rb:755
     start at
file:/synthesysserver/lib/jruby-complete-1.7.12.jar!/META-INF/jruby.home/lib/ruby/1.9/net/http.rb:744
   request at
file:/synthesysserver/lib/jruby-complete-1.7.12.jar!/META-INF/jruby.home/lib/ruby/1.9/net/http.rb:1292
    (root) at local.rb:13
Caa2df9372ffa0a9e95b2bab1e8fea34?d=identicon&s=25 Karol Bucek (Guest)
on 2015-05-05 09:43
(Received via mailing list)
might be a JRuby-OpenSSL regression ... please try *gem install
jruby-openssl* and make sure the installed gem gets loaded as some of
the
older 1.7.x releases had issues not allowing to override default gems.
thus
if possible I would upgrade JRuby 1.7.x as well - alternatively wait a
few
hours and get a freshly baked 1.7.20 :) !

K.

On Fri, May 1, 2015 at 5:43 PM, Chason Choate <
This topic is locked and can not be replied to.