Ruby SSL Error, read server "certificate B: certificate verify failed" - ruby

I'm attempting to save something to my DB but the default flow requires a successful call to geocode lat/lng before saving, which is when this error is thrown.
The error I get is:
SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
I googled it and found what seemed to be a similar issue with RubyGems. I followed the instructions to manually change the ssl by downloading a new one and copying it into the ssl_certs directory to no avail.
My environment:
OpenSSL 0.9.8zh 14 Jan 2016
RVM 1.29.1
Ruby 2.2.2p95
Rails 4.2.7

Try running
gem update --system
Also make sure your openssl is linked
brew link openssl

I was able to resolve my issue with what I consider to be a bit of a hack, but it may work for you. I just disabled SSL verification in the controller that throws the error with the following line of code:
OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE
From what I can tell, there's an issue with what certs Ruby and RVM use and it differs between versions. Every fix I tried involved downloading new certs and manually placing them in the Ruby or OpenSSL directories but that didn't work. Here are some of the resources I consulted during this adventure:
Coderwall
Toadle.me
Mislav

Related

Issue installing bundler - getting 301 "moved" error

on a fresh install of an old windows ruby binary, I have an error that I dont know how to get around
environment:
windows 10
ruby 2.3.3p222 (2016-11-21 revision 56859) [i386-mingw32] (32 bit version)
devkit - DevKit-mingw64-32-4.7.2-20130224-1151-sfx
PS C:\Users\ALilland> gem install bundler --verbose
HEAD http://api.rubygems.org/api/v1/dependencies
200 OK
GET http://api.rubygems.org/api/v1/dependencies?gems=bundler
301 Moved Permanently
ERROR: While executing gem ... (Gem::RemoteFetcher::FetchError)
SSL_connect returned=1 errno=0 state=error: certificate verify failed (https://api.rubygems.org/api/v1/dependencies)
I've been using this ruby version for almost 8 years and have never seen this issue while installing, any ideas on how to get around it?
i've messed with the proxy settings on the machine and i do not currently believe that is the issue
on my mac I have an old ruby 2.4.1 install with rvm, and I can see that it resolves successfully to a different URI
$ gem install bundler -v 2.3.26 --verbose
HEAD https://rubygems.org/api/v1/dependencies
200 OK
GET https://rubygems.org/api/v1/dependencies?gems=bundler
200 OK
Downloading gem bundler-2.3.26.gem
GET https://rubygems.org/gems/bundler-2.3.26.gem
Fetching bundler-2.3.26.gem
200 OK
...
The problem is that the SSL certificates can't be verified. This is explained in detail in the Bundler documentation:
Why am I seeing certificate verify failed?
If you’ve seen the following SSL error when trying to pull updates from RubyGems: OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
This error happens when your computer is missing a file that it needs to verify that the server behind RubyGems.org is the correct one.
The latest version of RubyGems should fix this problem, so we recommend updating to the current version. To tell RubyGems to update itself to the latest version, run gem update --system. If that doesn’t work, try the manual update process below.
(What do we mean by updating “should fix this problem”? Review the What are these certificates? and How Ruby uses CA certificates sections below to gain a better understanding of the underlying problems.)
How Ruby uses CA certificates
The SSL certificate used by RubyGems.org descends from a new-ish root certificate. Ruby (and therefore RubyGems and Bundler) does not have a regularly updated CA bundle to use when contacting websites. Usually, Ruby uses a CA bundle provided by the operating system (OS). On older OSes, this CA bundle can be really old—as in a decade old. Since a CA bundle that old can’t verify the (new-ish) certificate for RubyGems.org, you might see the error in question: certificate verify failed.
Further complicating things, an otherwise unrelated change 18-24 months ago lead to a new SSL certificate being issued for RubyGems.org. This meant the “root” certificate that needed to verify connections changed. So even if you’d previously upgraded RubyGems/Bundler in order to fix the SSL problem, you would need to upgrade again—this time to an even newer version with even newer certificates.
There are advanced troubleshooting steps available in the documentation that I'm not going to replicate here as they are subject to change and you should always reference the latest instructions.
I can say very broadly though that:
You are using a version of Ruby that is end-of-life and will not receive further updates, including security updates
You are using a version of Ruby that possibly cannot be made to work even with the troubleshooting steps
The safest solution is likely to upgrade to a modern version of Ruby
If you cannot get any of the above steps to work then consider using :ssl_verify_mode: 0 in .gemrc. This should be a last-resort measure as it completely disables SSL certificate validation.

Unable to install HomeBrew on Mac

I just really need to install Sass. But then it led to this error:
ERROR: Could not find a valid gem 'sass' (>= 0), here is why:
Unable to download data from https://rubygems.org/ - SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (https://rubygems.org/latest_specs.4.8.gz)
my ruby version is :
ruby 2.0.0p648 (2015-12-16 revision 53162) [universal.x86_64-darwin16]
my rubygem version is:
2.0.14.1
while my openssl version is:
OpenSSL 0.9.8zh 14 Jan 2016
so I tried researching about the error, and then it led me to this link, there was a lot about installing RVM but I couldn't due to curl(60) error - so I checked another probable cause which described a diagnosis that I should upgrade my openssl. So...
I tried to install homebrew so that it would let me update openssl, created a .bash_profile with this PATH="/usr/local/bin:$PATH"
executed this to terminal /usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
and then another error occured:
curl: (60) SSL certificate problem: Invalid certificate chain
More details here: https://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
I already checked my certificates and there are no expired ones.
If there are still any other details you need to know to help me please let me know. I'm really desperate already... I just want to move on and learn SASS. T_T
Just in case someone had this problem.. It's due to proxy. Just use http. Thanks.

Could not find a valid gem 'rhc'. SSL_connect server certificate verify failed on Windows, Unable to connect OpenShift Server

C:\>gem install rhc
ERROR: Could not find a valid gem 'rhc' (>= 0), here is why:
Unable to download data from https://rubygems.org/ - SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (https://rubygems.org/latest_specs.4.8.gz)
tried with the following commands:
gem sources -r https://rubygems.org
gem sources -a http://rubygems.org
But still same error exists when trying to setup rhc.
rhc setup
By following these steps rhc gem is installed successfully, but when executing "rhc setup" for connecting to openshift here is the error message rather connecting to openshift server
The problem is that your Windows machine does not recognize the rubygems server certificate as a trusted certificate because Windows don't have its authority certificate present in its trusted certs store.
As a quick fix you'd need to remove the HTTPS version of the rubygems source URL (not HTTP as you did):
gem sources -r https://rubygems.org
This quick fix should make rubygems use the HTTP version which has no certificate checks involved.
But this should not be the definitive fix. Instead you should add the HTTPS source back (using the -a option) and install a proper CA certificate for the rubygems server cert into your windows trusted CA certs store.
There are quite a few pages that deal with this procedure on the net (google this), e.g. the post here has steps to download and install all CA certificates from the curl command, to your Windows machine, that fixes the problem permanently and without lowering security.
The reason and fix for the problem is stated here
Previously, this certificate was provided by one Certificate Authority, but the new certificate is provided by a different one.
Because of this, verions of RubyGems with both certificates were released, in an attempt to simplify the change.
However, at the scale RubyGems operates at, it’s impossible to make sure everybody updates the software. There are also operating systems shipping with old versions. As such, sometimes manual intervention (as described above) is required.
This has been described on Issue #1050
To fix the problem, follow these steps:
Download rubygems-update-2.6.7.gem. The download should be saved in a location you can later easily point to. Let's use like C:\rubygems-update-2.6.7.gem
On the command line, run the following commands:
C:\>gem install --local C:\rubygems-update-2.6.7.gem
C:\>update_rubygems --no-ri --no-rdoc
Run the following commands to uninstall rubygems-update:
C:\>gem uninstall rubygems-update -x
This should solve the problem.

SSL certs errors with Gem install

I have setup a gem repo with https. We have internal singed certificates for which i have the singer/trust certificates.
But where to install those pem files i am not sure, hence getting the ssl error when trying to do a gem install
We are using CHEF, hence using the ruby installed as part of chef client install.
Have searched through the net the only aswer people have is a workaround, which is to change from https to http, but i want the gem repo to be setup with HTTPS (port 443)
Below is the error i get
[root#opslx0005 ~]# /opt/chef/embedded/bin/gem install lvm
ERROR: Could not find a valid gem 'lvm' (>= 0) in any repository
ERROR: While executing gem ... (Gem::RemoteFetcher::FetchError)
SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (https://myself.mydomain.com/artifactory/simple/infra-automation/gem-repo/latest_specs.4.8.gz)
Tried with Ruby remote_fetcher to test
/opt/chef/embedded/bin/ruby -rrubygems/remote_fetcher -e 'p Gem::RemoteFetcher.new.fetch_http(URI.parse("https://myself.mydomain.com/artifactory/simple/infra-automation/gem-repo/latest_specs.4.8.gz")).bytesize'
UPDATE :
Found this online and this is my default pem file, updated the certs here but the error is still not going
/opt/chef/embedded/bin/ruby -ropenssl -e 'puts OpenSSL::X509::DEFAULT_CERT_FILE'
/opt/chef/embedded/ssl/cert.pem
Easiest solution is probably to just set the SSL_CERT_FILE environment variable to the CA certificate file. This should be picked up by Ruby's OpenSSL layer automatically.
From here: SSL Error During Gem Installation (on MinGW64-MSys2)
Try downloading the http://curl.haxx.se/ca/cacert.pem certificate. Then, point a special environment variable to it like that: export SSL_CERT_FILE=~/cacert.pem After that, issue an update command: gem update --system The problem should be solved after that. Relaunch the console and continue your work.
I had the same problem, thought it was corporate proxy but I just need to update rubygems.
You might want to download the latest version from https://github.com/rubygems/rubygems/releases/
copy it to ruby gems folder
and then on cmd
C:\>gem install --local C:\rubygems-update-1.8.30.gem
C:\>update_rubygems --no-ri --no-rdoc
Hope that helps!

Authorization and fetching data from api in ruby

I am trying to hit an API to fetch values, but the api prompts me for authentication where I shoud provide username and password.
I if try with some other APIs, I am able to get the data. Wondering how to do this authentication. I am pretty new to Ruby and this is how I am doing:
require 'open-uri'
require 'json'
result = JSON.parse(open("http://api.geonames.org/searchJSON?q=london&maxRows=10&username=demo").read)
puts "#{result}"
I'm not familiar with this service, but most probably you can try Basic Authentication
result = JSON.parse(open("http://username:password#api.geonames.org/searchJSON?q=london&maxRows=10&username=demo").read)
As #Slicedpan suggested, you can also use opens options arguments:
result = JSON.parse(open("http://api.geonames.org/searchJSON?q=london&maxRows=10&username=demo", :http_basic_authentication=>['user', 'password']).read)
If you get SSL errors, look at this blog post:
Errors
--- Have you seen one of these error messages?
openssl::ssl::sslerror: ssl_connect returned=1 errno=0 state=sslv3 read server certificate b: certificate verify failed
could not load openssl. you must recompile ruby with openssl support or change the sources in your gemfile from 'https' to 'http'.
instructions for compiling with openssl using rvm are available at
rvm.io/packages/openssl.
Use RVM to Fix SSL Certificates
--- Recent versions of RVM, the Ruby Version Manager, include a utility to diagnose and resolve errors caused by outdated
certificate files. See the article Installing
Rails for
instructions and advice. The RVM website explains how to install
RVM.
If you’ve installed RVM, try this:
$ rvm -v
# rvm 1.19.1 (stable)
$ rvm osx-ssl-certs status all
# Certificates for...
$ rvm osx-ssl-certs update all
# Updating certificates...

Resources