I have a Rails 4 app running omniauth-facebook & omniauth-twitter, but all attempts to login are met with a Faraday::SSLError -- SSL_connect returned=1 errno=0 state=SSLv3 read server key exchange B: bad ecpoint (for Facebook) and an OpenSSL::SSL::SSLError -- SSL_connect returned=1 errno=0 state=SSLv3 read server key exchange B: bad ecpoint (for Twitter.)
I have tried to disable SSL Peer verification completely with the following, but to no avail:
config/initializers/omniauth.rb
if Rails.env.development?
OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE
end
I've also tried a bunch of root certificate solutions, such as:
sudo port install curl-ca-bundle
but to no avail.
Any suggestions? Thanks.
http://ga.be/blog/2013/10/02/fixing-rubygems-ssl-issues-certificate-verify-failed/
The above link might help you just have a look.
It is just the error of SSL certificate.
The key to the solution is to search for the "bad ecpoint" error message. These search results point to an integration problem between Ruby und OpenSSL and will show you how to resolve the issue:
Why do I get "bad ecpoint" with OpenSSL::SSL::SSLError Stripe transaction?
"bad ecpoint" SSL error on fresh RVM Ruby 1.9.3 install on OSX Mountain Lion
Related
I am running a knife solo cook and started getting this error below. Did some searching and it seems it is due to the LetsEncrypt SSL ca needing updates. I updated these on the server and can wget the URL below just fine. But I still get this error w/ chef. I wasn't sure if there was some cache (I did clear out the local-mode-cache dir) or something I am missing here. Any help would be great! Thanks.
================================================================================
Error executing action add on resource 'postgresql_repository[pg repo]'
================================================================================
OpenSSL::SSL::SSLError
----------------------
apt_repository[postgresql_org_repository] (/home/ubuntu/chef-solo/local-mode-cache/cache/cookbooks/postgresql/resources/repository.rb line 76) had an error: OpenSSL::SSL::SSLError: remote_file[/home/ubuntu/chef-solo/local-mode-cache/cache/https___download_postgresql_org_pub_repos_apt_ACCC4CF8_asc] (/opt/chef/embedded/lib/ruby/gems/2.5.0/gems/chef-14.1.1/lib/chef/provider/apt_repository.rb line 199) had an error: OpenSSL::SSL::SSLError: SSL Error connecting to https://download.postgresql.org/pub/repos/apt/ACCC4CF8.asc - SSL_connect returned=1 errno=0 state=error: certificate verify failed (certificate has expired)
Resource Declaration:
---------------------
# In /home/ubuntu/chef-solo/local-mode-cache/cache/cookbooks/rails_app/recipes/postgresql_server_single.rb
Update - I was able to solve this by editing /opt/chef/embedded/ssl/certs/cacert.pem on the server and removing the DST Root CA X3 certificate.
I am trying to establish a connection using the SOAP gem, called Savon. I can't make sense from the documentation on the website, I have this URL: "https://www.example.com/loginWeb/rvu.aspx", and this credentials username: "user", password: "pass".
My code is this (rails console):
client = Savon::Client.new("https://www.example.com/loginWeb/rvu.aspx")
client.wsse.credentials 'user', 'pass'
I get this: (event trying with "digest")
HTTPI executes HTTP GET using the net_http adapter
OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
I downloaded SoapUI and I get this error when I try to connect to the URL:
Error loading [http://www.example.com/loginWeb/rvu.aspx?WSDL]: org.apache.xmlbeans.XmlException: org.apache.xmlbeans.XmlException: error: Unexpected character encountered (lex state 3): '&
So what is going on ? Any help?
I suppose it's the same issue as here: you're trying to access a site with self-signed SSL certificate.
One way to fix it is to prevent Savon checking it:
client = Savon::Client.new("https://www.example.com/loginWeb/rvu.aspx")
client.http.auth.ssl.verify_mode = :none
client.wsse.credentials 'user', 'pass'
My company has a simple oauth server at https://auth.vitalvu.com
I'm developing a rails app that needs to make requests to that server (via the omniauth-oauth2 gem). When I try to run the app on Heroku I get the error:
Faraday::Error::ConnectionFailed: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
I've tested it as described here.
From the app's rails console on my local machine
connection = Faraday::Connection.new 'https://auth.vitalvu.com'
connection.get '/ping.json'
works just fine.
However, after pushing the app to Heroku, heroku run rails console
connection = Faraday::Connection.new 'https://auth.vitalvu.com'
connection.get '/ping.json'
results in the faraday error and
connection = Faraday::Connection.new 'https://auth.vitalvu.com', :ssl => {:ca_file => '/usr/lib/ssl/certs/ca-certificates.crt'}
connection.get '/ping.json'
results in the faraday error and
connection = Faraday::Connection.new 'https://auth.vitalvu.com', :ssl => {:ca_path => "/etc/ssl/certs"}
connection.get '/ping.json'
results in the faraday error
I'm not sure what else to try. Suggestions?
I run heroku restart three times - and than finally is starts to work.
How do I turn off certificate verification in a gem like jiraSOAP. the verification is inbuilt, but I really don't need that verification since the server & client are my properties. It should be doable to tweak the gem to stop this verification.
https://github.com/Marketcircle/jiraSOAP/blob/master/lib/jiraSOAP.rb
This cert verification error is stopping me moving on to my project. I have tried other solutions from forums, to upgrade my /etc/ssl/cert, adding OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE to my project. But none of them worked.
require 'jiraSOAP'
jira = JIRA::JIRAService.new "https://server/rpc/soap/jirasoapservice-v2?wsdl"
jira.login username, password
/usr/local/rvm/rubies/ruby-1.9.3-p125/lib/ruby/1.9.1/net/http.rb:799:in `connect': SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (OpenSSL::SSL::SSLError)
I was able to solve it modifying the Handsoap gem to ignore cert check only for my host.
File to modify in the gems path -
handsoap-1.1.8/lib/handsoap/http/drivers/net_http_driver.rb
Modify after this new http client -
http_client = Net::HTTP.new(url.host, url.port)
Add this -
#Added these new lines below
if url.host == "server" #ignore cert check only for this host
http_client.verify_mode = OpenSSL::SSL::VERIFY_NONE
end
Rails: 3.0.5
Ruby: 1.9.2
apn_on_rails: 0.5.1
Suddenly started receiving Exception: "sslv3 alert certificate revoked" from apn_on_rails gem. However the notifications are still sent out to devices and the certificates are valid until 2013.
To Reproduce:
rails console.
create notification to one of existing devices.
not1 = APN::Notification.create(:device_id => devices[0].id, :sound => true, :badge => 1, :alert => "Testing")
Execute APN::App.send_notifications. (Note: APN::Notification.send_notifications is not at all sending any notifications and in turn calls APN::App.send_notifications)
Expected Output: Notification to be sent to device. No Exception thrown.
Actual Output: Notification sent to device. Exception thrown. Full stack trace of exception below:
ruby-1.9.2-p0 > APN::App.send_notifications
SSL_connect returned=1 errno=0 state=SSLv3 read finished A: sslv3 alert certificate revoked
OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3 read finished A: sslv3 alert certificate revoked
from /gems/apn_on_rails-0.5.1/lib/apn_on_rails/libs/connection.rb:59:in `connect'
from /gems/apn_on_rails-0.5.1/lib/apn_on_rails/libs/connection.rb:59:in `open'
from /gems/apn_on_rails-0.5.1/lib/apn_on_rails/libs/connection.rb:23:in `open_for_delivery'
from /gems/apn_on_rails-0.5.1/lib/apn_on_rails/app/models/apn/app.rb:48:in `send_notifications_for_cert'
from /gems/apn_on_rails-0.5.1/lib/apn_on_rails/app/models/apn/app.rb:36:in `send_notifications'
As the stack trace indicates - the issue was within /gems/apn_on_rails-0.5.1/lib/apn_on_rails/app/models/apn/app.rb
In App.rb, in method self.send_notifications method:
def self.send_notifications
apps = APN::App.all
apps.each do |app|
app.send_notifications
end
if !configatron.apn.cert.blank?
global_cert = File.read(configatron.apn.cert)
send_notifications_for_cert(global_cert, nil)
end
end
Note: (if !configatron.apn.cert.blank?) The code checks for global certificate, whether you have defined this or not, it will check for "config/apple_push_develpment_certification.pem" and send notification with this certificate.
In my case, i had this file "config/apple_push_develpment_certification.pem" and i also add two different certificates for my iPhone and iPad apps defined by two configatron variables. Hence i encountered the certificate revoked issue and also my notifications were sent to devices.
To fix this:
define "configatron.apn.cert" to point to your new certificate in development.rb and production.rb files