I'm trying to utilize a gem to access my accounting site, e-conomic, via Ruby.
Gem (rconomic): https://github.com/substancelab/rconomic
The code I've used is below (where I've replaced the private app ID and the access ID with the relevant IDs):
Dir.chdir 'C:\Ruby22\bin'
require 'rconomic'
economic = Economic::Session.new
economic.connect_with_token 'the_private_app_id', 'the_access_id_you_got_from_the_grant'
However, when I run the code I receive the following error message:
C:/Ruby22/lib/ruby/gems/2.2.0/gems/httpi-2.4.2/lib/httpi/adapter/net_http.rb:51:in 'rescue in request': SSL_connect returned=1 errno=0 state=error: certificate verify failed (HTTPI::SSLError)
from C:/Ruby22/lib/ruby/gems/2.2.0/gems/httpi-2.4.2/lib/httpi/adapter/net_http.rb:33:in 'request'
from C:/Ruby22/lib/ruby/gems/2.2.0/gems/httpi-2.4.2/lib/httpi.rb:161:in `request'
from C:/Ruby22/lib/ruby/gems/2.2.0/gems/httpi-2.4.2/lib/httpi.rb:133:in 'post'
from C:/Ruby22/lib/ruby/gems/2.2.0/gems/savon-2.11.1/lib/savon/operation.rb:94:in 'block in call_with_logging'
from C:/Ruby22/lib/ruby/gems/2.2.0/gems/savon-2.11.1/lib/savon/request_logger.rb:12:in 'call'
from C:/Ruby22/lib/ruby/gems/2.2.0/gems/savon-2.11.1/lib/savon/request_logger.rb:12:in 'log'
from C:/Ruby22/lib/ruby/gems/2.2.0/gems/savon-2.11.1/lib/savon/operation.rb:94:in 'call_with_logging'
from C:/Ruby22/lib/ruby/gems/2.2.0/gems/savon-2.11.1/lib/savon/operation.rb:54:in 'call'
from C:/Ruby22/lib/ruby/gems/2.2.0/gems/savon-2.11.1/lib/savon/client.rb:36:in 'call'
from C:/Ruby22/lib/ruby/gems/2.2.0/gems/rconomic-0.5.2/lib/economic/endpoint.rb:74:in 'request'
from C:/Ruby22/lib/ruby/gems/2.2.0/gems/rconomic-0.5.2/lib/economic/endpoint.rb:20:in 'call'
from C:/Ruby22/lib/ruby/gems/2.2.0/gems/rconomic-0.5.2/lib/economic/session.rb:22:in 'connect_with_token'
from C:/Ruby22/bin/rconomic_test.rb:8:in ''
Any ideas as to what would be causing this?
- I have tried updating my rubygems
- I am running on Windows 7 with Ruby 2.2.6
I'm a bit of a novice in Ruby, but I would really appreciate any help on this!
Best,
Martin
Related
In trying to develop a tool for that would use IMAP to access Gmail, I'm running into difficulties with even this simple start-up code:
require 'net/imap'
imap = Net::IMAP.new('imap.gmail.com', ssl: true)
Running that, it fails as follows (Note: lightly edited for easier display):
Traceback (most recent call last):
5: from test-imap:2:in `<main>'
4: from test-imap:2:in `new'
3: from /.../.rvm/rubies/ruby-2.6.0/lib/ruby/2.6.0/net/imap.rb:1092:in `initialize'
2: from /.../.rvm/rubies/ruby-2.6.0/lib/ruby/2.6.0/net/imap.rb:1533:in `start_tls_session'
1: from /.../.rvm/rubies/ruby-2.6.0/lib/ruby/2.6.0/net/protocol.rb:44:in `ssl_socket_connect'
/.../.rvm/rubies/ruby-2.6.0/lib/ruby/2.6.0/net/protocol.rb:44:in
`connect_nonblock': SSL_connect returned=1 errno=0 state=error:
certificate verify failed (self signed certificate) (OpenSSL::SSL::SSLError)
Searching around, I found some somewhat-similar issues, e.g. imap-backup issue #57, ruby/openssl issue #238 (still open, as of this writing closed after sharing the answer below), and rbenv/ruby-build issue #380... but nothing on SO.
Piecing info from the above resources together, I came up with this command to try:
openssl s_client -connect imap.gmail.com:993 \
-CAfile $(ruby -ropenssl -e 'puts OpenSSL::X509::DEFAULT_CERT_FILE') \
< /dev/null > /dev/null
Which reports:
depth=2 /OU=GlobalSign Root CA - R2/O=GlobalSign/CN=GlobalSign
verify return:1
depth=1 /C=US/O=Google Trust Services/CN=Google Internet Authority G3
verify return:1
depth=0 /C=US/ST=California/L=Mountain View/O=Google LLC/CN=imap.gmail.com
verify return:1
DONE
So, it seems that the SSL certificate does actually verify as OK in that way (as one might expect).
I did find some instructions for using net/imap with SSL with host-checking disabled, which works... but I'd really prefer not to do that.
I also found a non-IMAP gmail interface, but my intention is a tool that could also be used with other IMAP providers, so I'm specifically aiming to stick to IMAP here. So:
How can I get net/imap to connect successfully using SSL, and still validate the certificate (given that it is, in fact, valid)?
Ideal: upgrade to Ruby 2.6.3 or later
Upgrading to Ruby version 2.6.3 or later should fix things, as ruby pull #2077, which provides a fix for related issue #15594, was incorporated into the 2.6.3 change list. With 2.6.3, the original test snippet in the question now works.
If you can't upgrade:
That said, if upgrading is impractical for some reason, the commit that fixed imap-backup issue #57 offers a workaround-type solution. Instead of the following:
imap = Net::IMAP.new('imap.gmail.com', ssl: true)
Try this:
imap = Net::IMAP.new('imap.gmail.com', ssl: {ssl_version: :TLSv1_2})
That seems to make things work, even in Ruby 2.6.0.
In Ruby 2.4, I had to use this patch:
require 'net/imap'
class Net::IMAP
module UseSNI
def start_tls_session(*)
#sock.instance_variable_set(:#hostname, #host)
super
end
end
prepend UseSNI
end
class OpenSSL::SSL::SSLSocket
module UseSNI
def connect(*)
self.hostname = io.instance_variable_get(:#hostname)
super
end
end
prepend UseSNI
end
Maybe there are other questions answered around this, but I cannot seem to be able to solve my problem.
I am trying to use the Apple Push Notification Service as a Provider, using ruby 2.2.3.
I have tried a series of gems that I found and they all have the same problem. The gems that I have tried are:
grocer
apns
houston
They all raise the same exception:
OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server session ticket A
These gems are using OpenSSL to create an SSL connection to APNS end point. But they fail to do that.
Please, note that I am working on a Mac OS X Yosemite machine.
Any help?
EDIT More info on how I use grocer:
pusher = Grocer.pusher(
certificate: "/Users/panayotismatsinopoulos/Documents/ProgrammingSwift/certificate.pem",
passphrase: "the passphrase for loading certificate",
gateway: "gateway.sandbox.push.apple.com",
port: 2195,
retries: 3
)
notification = Grocer::Notification.new(
device_token: "....the device token here...",
alert: "Hello There!",
badge: 42)
pusher.push(notification)
And the exception I get is:
OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server session ticket A
from /Users/panayotismatsinopoulos/.rvm/gems/ruby-2.2.3#my_project/gems/grocer-0.6.1/lib/grocer/ssl_connection.rb:43:in `connect'
from /Users/panayotismatsinopoulos/.rvm/gems/ruby-2.2.3#my_project/gems/grocer-0.6.1/lib/grocer/ssl_connection.rb:43:in `connect'
from /Users/panayotismatsinopoulos/.rvm/gems/ruby-2.2.3#my_project/gems/grocer-0.6.1/lib/grocer/connection.rb:29:in `connect'
from /Users/panayotismatsinopoulos/.rvm/gems/ruby-2.2.3#my_project/gems/grocer-0.6.1/lib/grocer/connection.rb:55:in `with_connection'
from /Users/panayotismatsinopoulos/.rvm/gems/ruby-2.2.3#my_project/gems/grocer-0.6.1/lib/grocer/connection.rb:23:in `write'
from /Users/panayotismatsinopoulos/.rvm/gems/ruby-2.2.3#my_project/gems/grocer-0.6.1/lib/grocer/pusher.rb:8:in `push'
from (irb):29
from /Users/panayotismatsinopoulos/.rvm/gems/ruby-2.2.3#my_project/gems/railties-4.2.4/lib/rails/commands/console.rb:110:in `start'
from /Users/panayotismatsinopoulos/.rvm/gems/ruby-2.2.3#my_project/gems/railties-4.2.4/lib/rails/commands/console.rb:9:in `start'
from /Users/panayotismatsinopoulos/.rvm/gems/ruby-2.2.3#my_project/gems/railties-4.2.4/lib/rails/commands/commands_tasks.rb:68:in `console'
from /Users/panayotismatsinopoulos/.rvm/gems/ruby-2.2.3#my_project/gems/railties-4.2.4/lib/rails/commands/commands_tasks.rb:39:in `run_command!'
from /Users/panayotismatsinopoulos/.rvm/gems/ruby-2.2.3#my_project/gems/railties-4.2.4/lib/rails/commands.rb:17:in `<top (required)>'
from bin/rails:4:in `require'
from bin/rails:4:in `<main>'
Finally, I realised that I was using wrong .pem file. It was not the one specific for the Mobile app that I was trying to push notifications to.
It was the .pem file corresponding to signing certificate to sign my code.
As soon as I used the correct .pem file, everything went smoothly.
How can I get access to the peer_cert when making a SSL request?
I've updated my ruby ssl certs with rvm osx-ssl-certs update all
What I'm trying is
require 'httpclient'
c = HTTPClient.new
r = c.get( "https://gmail.com" )
puts r.peer_cert
But I keep getting either
OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3 read server hello A: sslv3 alert handshake failure
or
OpenSSL::SSL::SSLError: hostname "gmail.com" does not match the server certificate
What does the first error mean? Is there a way to get it to set the property version automatically?
I'm able to load up the data on the URL using HTTParty and Farday, but in that case I don't know here to access the actual SSL cert that was used.
You can't get the peer cert until you succesfully make the connection, and you're getting an error in succesfully making the connection. Have you upgraded to the latest httpclient? Many servers changed their SSL handshake configurations in response to recent vulnerabilties, and a new httpclient was released in response to same, which perhaps is neccesary to be compatible with new server configurations.
I just wanna know how to set proxy values(Url, user, password) for Berkshelf3 under windows platform when I launch the command >berks intall ?
I already try in cmd command:
http_proxy='http://xx.xx.xx.xx'
http_proxy_user=USERNAME
http_proxy_pass=PASSWORD
The reamining issue:
C:\chef-repo-distant\cookbooks\putty>berks install
Resolving cookbook dependencies...
Fetching 'putty' from source at .
Fetching cookbook index from ttps://supermarket.getchef.com...
C:/opscode/chefdk/embedded/lib/ruby/2.0.0/net/http.rb:918:in connect': SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certific
ate verify failed (Faraday::SSLError)
from C:/opscode/chefdk/embedded/lib/ruby/2.0.0/net/http.rb:918:inblock in connect'
from C:/opscode/chefdk/embedded/lib/ruby/2.0.0/timeout.rb:66:in timeout'
from C:/opscode/chefdk/embedded/lib/ruby/2.0.0/net/http.rb:918:inconnect'
from C:/opscode/chefdk/embedded/lib/ruby/2.0.0/net/http.rb:862:in do_start'
from C:/opscode/chefdk/embedded/lib/ruby/2.0.0/net/http.rb:851:instart'
from C:/opscode/chefdk/embedded/lib/ruby/2.0.0/net/http.rb:1367:in request'
from C:/opscode/chefdk/embedded/lib/ruby/2.0.0/net/http.rb:1126:inget'
from C:/opscode/chefdk/embedded/lib/ruby/gems/2.0.0/gems/faraday-0.9.0/lib/faraday/adapter/net_http.rb:78:in perform_request'
from C:/opscode/chefdk/embedded/lib/ruby/gems/2.0.0/gems/faraday-0.9.0/lib/faraday/adapter/net_http.rb:39:incall'
from C:/opscode/chefdk/embedded/lib/ruby/gems/2.0.0/gems/faraday-0.9.0/lib/faraday/request/retry.rb:87:in call'
from C:/opscode/chefdk/embedded/lib/ruby/gems/2.0.0/gems/faraday-0.9.0/lib/faraday/response.rb:8:incall'
from C:/opscode/chefdk/embedded/lib/ruby/gems/2.0.0/gems/faraday-0.9.0/lib/faraday/response.rb:8:in call'
from C:/opscode/chefdk/embedded/lib/ruby/gems/2.0.0/gems/faraday-0.9.0/lib/faraday/rack_builder.rb:139:inbuild_response'
from C:/opscode/chefdk/embedded/lib/ruby/gems/2.0.0/gems/faraday-0.9.0/lib/faraday/connection.rb:377:in run_request'
from C:/opscode/chefdk/embedded/lib/ruby/gems/2.0.0/gems/faraday-0.9.0/lib/faraday/connection.rb:140:inget'
from C:/opscode/chefdk/embedded/lib/ruby/gems/2.0.0/gems/berkshelf-api-client-1.2.0/lib/berkshelf/api_client/connection.rb:62:in universe'
from c:/opscode/chefdk/embedded/apps/berkshelf/lib/berkshelf/source.rb:22:inbuild_universe'
from c:/opscode/chefdk/embedded/apps/berkshelf/lib/berkshelf/installer.rb:21:in `block (2 levels) in build_universe'
Thanks for the support!
Try to follow all the fix I can find on the web but it didn't make it :(
I use "source 'ttp://api.berkshelf.com" in my Berksfile
And launch the command berks install in a powershell windows
WITHOUT the proxy set, I got:
Error retrieving universe from source: ttp://api.berkshelf.com
* [Berkshelf::APIClient::TimeoutError] Unable to connect to: ttp://api.berkshelf.com
WITH the proxy set, I got:
Installing windows (1.34.2) from ttp://api.berkshelf.com ([opscode] ttp://supermarket.getchef.com/api/v1)
E, [2014-09-01T18:27:50.775682 #13104] ERROR -- : Actor crashed!
Faraday::SSLError: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
C:/opscode/chefdk/embedded/lib/ruby/2.0.0/net/http.rb:918:in `connect'
C:/opscode/chefdk/embedded/lib/ruby/2.0.0/net/http.rb:918:in `block in connect'
C:/opscode/chefdk/embedded/lib/ruby/2.0.0/timeout.rb:52:in `timeout'
C:/opscode/chefdk/embedded/lib/ruby/2.0.0/net/http.rb:918:in `connect'
C:/opscode/chefdk/embedded/lib/ruby/2.0.0/net/http.rb:862:in `do_start'
C:/opscode/chefdk/embedded/lib/ruby/2.0.0/net/http.rb:851:in `start'
C:/opscode/chefdk/embedded/lib/ruby/2.0.0/net/http.rb:1367:in `request'
C:/opscode/chefdk/embedded/lib/ruby/2.0.0/net/http.rb:1126:in `get'
C:/opscode/chefdk/embedded/lib/ruby/gems/2.0.0/gems/faraday-0.9.0/lib/faraday/adapter/net_http.rb:78:in `perform
_request'
I'm desperate to solve this issue :(
Yeah, it works I'll have to add 3 certificates retrieve from IE to the cacert.pem !!!
Great ;)
Thanks Tensibai ;)
Your problem is here:
connect': SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certific
ate verify failed (Faraday::SSLError)
Your proxy is doing an interception on SSL traffic and use its own certificate to resign the distant site certificate.
So you have to add your proxy certificate into the cacerts.pem of your ruby install.
With a navigator show the proxy information of a ssl site and use 'copy to file' and chose base64 encoded x509 format.
Next edit this file to copy its content
Edit the cacert file (for chefdk according to you install it would be c:/opscode/chefdk/embedded/ssl/cacerts.pem
Paste your proxy certificate before the last one (to avoid messing with the end of file)
and retry that should do the trick.
For some cases you have to setup the SSL_CERT_FILE env var:
set SSL_CERT_FILE=c:/opscode/chefdk/embedded/ssl/cacerts.pem
Source
consumer and token hash is defined in my code
access_token = OAuth::AccessToken.from_hash(consumer, token_hash)
url = URI.encode("https://api.twitter.com/1.1/statuses/update.json?status=awesome!")
response = access_token.request(:post, url)
it gives us
OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
from /usr/lib/ruby/1.8/net/http.rb:586:in `connect'
from /usr/lib/ruby/1.8/net/http.rb:586:in `connect'
from /usr/lib/ruby/1.8/net/http.rb:553:in `do_start'
from /usr/lib/ruby/1.8/net/http.rb:542:in `start'
from /usr/lib/ruby/1.8/net/http.rb:1035:in `__request__'
from /usr/lib/ruby/gems/1.8/gems/rest-client-1.6.7/lib/restclient/net_http_ext.rb:51:in `request'
from /usr/lib/ruby/gems/1.8/gems/oauth-0.4.7/lib/oauth/consumer.rb:161:in `request'
from /usr/lib/ruby/gems/1.8/gems/oauth-0.4.7/lib/oauth/tokens/consumer_token.rb:25:in `request'
from /usr/lib/ruby/gems/1.8/gems/oauth-0.4.7/lib/oauth/tokens/access_token.rb:12:in `request'
Please help me
Use Latest RVM (Ruby Version Manager) to fix third party app integration by using Ruby on Rail framework.
For more info use Step by Step guide here - OpenSSL Errors and Rails Certificate Verify Failed
Hope it helps!
I had the same error. I still havn't been able able to resolve the underlying issues but try pasting this into your .rb files.
OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE
It basically turns off the verification step.