I am trying hit an internal testing API server using RestClient and Ruby v. 2.2.1.
This is essentially the code:
url = "https://10.10.0.10/thing/i/want/to/get"
header = {
:content_type => "application/json",
:"x-auth-token" => "testingtoken"
}
response = RestClient.get url, header
This is the failure message I get:
SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (RestClient::SSLCertificateNotVerified)
If I'm reading this right, it looks like Ruby couldn't accept the SSL security certificate. This call works in the Chrome app Postman, but in order for it to work, I have to hit the URL in Chrome itself and accept that the connection is not secure (but proceed anyway), and THEN it will work in postman.
Is there a way to ignore the certificate failures and proceed anyway in Ruby?
Try using #execute(&block) with verify_ssl set to false.
:verify_ssl enable ssl verification, possible values are constants
from OpenSSL::SSL::VERIFY_*, defaults to OpenSSL::SSL::VERIFY_PEER
url = "https://10.10.0.10/thing/i/want/to/get"
headers = {
:content_type => "application/json",
:"x-auth-token" => "testingtoken"
}
RestClient::Request.execute(
:url => url,
:method => :get,
:headers => headers,
:verify_ssl => false
)
see: http://www.rubydoc.info/github/rest-client/rest-client/RestClient/Request#execute-instance_method
RVM
Additional solution for RVM users from: https://toadle.me/2015/04/16/fixing-failing-ssl-verification-with-rvm.html
This discussion on Github finally gave the solution: Somehow RVM comes
with a precompiled version of ruby that is statically linked against
an openssl that looks into /etc/openssl for it's certificates.
What you wanna do is NOT TO USE any of the precompiled rubies and
rather have ruby compiled on your local machine, like so:
rvm install 2.2.0 --disable-binary
rest-client verify certificates using the system's CA store on all platforms by default. But is possible set to false the option :verify_ssl or specify :ssl_ca_file or :ssl_ca_path or :ssl_cert_store to customize the certificate authorities accepted.
See documentation
So you could simply set :verify_ssl to false:
url = "https://10.10.0.10/thing/i/want/to/get"
header = {
:content_type => "application/json",
:"x-auth-token" => "testingtoken"
}
resource = RestClient::Resource.new(
url,
headers: header,
verify_ssl: false
)
response = resource.get
You could try immediately with a host which use a self-signed certificated provided by https://badssl.com/. Simply copy the snippet below in your irb console.
response = RestClient::Resource.new(
'https://self-signed.badssl.com/',
:verify_ssl => false
).get
Related
This is my first experience working with Twitter API's.
I am using the following tools:
ruby 2.2.0p0 (2014-12-25 revision 49005) [x86_64-linux]
gem 'oauth'
oauth (0.5.1)
oauth2 (1.1.0)
omniauth-oauth2 (1.4.0)
I obtained a key and secret from Twitter.
I copied and pasted from the example on Twitter for Ruby.
=begin
code taken directly from the example at
https://dev.twitter.com/oauth/overview/single-user
=end
require 'oauth'
consumer_key, \
consumer_secret = [
'CONSUMER_KEY',
'CONSUMER_SECRET'
].map { |key| ENV[key] }
raise "Some key undefined." unless [consumer_key, consumer_secret].all?
# Exchange your oauth_token and oauth_token_secret for an AccessToken instance.
def prepare_access_token(oauth_token, oauth_token_secret)
consumer = OAuth::Consumer.new("APIKey", "APISecret", { :site => "https://api.twitter.com", :scheme => :header })
# now create the access token object from passed values
token_hash = { :oauth_token => oauth_token, :oauth_token_secret => oauth_token_secret }
access_token = OAuth::AccessToken.from_hash(consumer, token_hash )
return access_token
end
# Exchange our oauth_token and oauth_token secret for the AccessToken instance.
access_token = prepare_access_token(consumer_key, consumer_secret)
p access_token
# use the access token as an agent to get the home timeline
response = access_token.request(:get, "https://api.twitter.com/1.1/statuses/home_timeline.json")
p response
=begin
|| #<OAuth::AccessToken:0x000000021ed938
#token="redacted", #secret="redacted",
#consumer=#<OAuth::Consumer:0x000000021edb68
#key="APIKey",
#secret="APISecret", #options={:signature_method=>"HMAC-SHA1",
:request_token_path=>"/oauth/request_token",
:authorize_path=>"/oauth/authorize",
:access_token_path=>"/oauth/access_token",
:proxy=>nil, :scheme=>:header,
:http_method=>:post, :oauth_version=>"1.0",
:site=>"https://api.twitter.com"}>,
#params={:oauth_token=>"redacted", :oauth_token_secret=>"redacted"}>
|| #<Net::HTTPUnauthorized 401 Authorization Required readbody=true>
=end
What I tried:
Getting a new key and secret.
Result:
Net::HTTPUnauthorized 401 Authorization Required readbody=true
Synchronized my server's time because many Stack Overflow posts mentioned that a 401 is returned if the server time varies beyond a certain point. I installed ntp.
suggestions from this list
set the Callback URL in Twitter settings: http://127.0.0.1:3000/auth/twitter/callback
API Console Tool on Twitter. After authenticating with my Twitter account https://api.twitter.com/1.1/statuses/home_timeline.json returns
HTTP/1.1 200 OK
along with expected data.
checked to see if Twitter API operating normally
Suggestions of where to go from here appreciated.
UPDATE OAuth Tool on Twitter Developer returns the expected result with a curl execution:
curl --get 'https://api.twitter.com/1.1/statuses/home_timeline.json' --header 'Authorization: OAuth oauth_consumer_key="redacted", oauth_nonce="redacted", oauth_signature="redacted", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1463742270", oauth_token="redacted", oauth_version="1.0"' --verbose
Expected data is returned.
[{"created_at":"Fri May 20 11:05:21 +0000
2016","id":733614584754515968,"id_str":
"733614584754515968","text":"Three Skills Every New Programmer Should
Learn https://t. co/1p9AxO5JPg via
#sitepointdotcom","truncated":false,"entities":{"hashtags":[],"symbols"
(truncated)…
On this line, you should replace "APIKey" and "APISecret" with what you pulled from the CONSUMER_* environment variables.
consumer = OAuth::Consumer.new("APIKey", "APISecret", { :site => "https://api.twitter.com", :scheme => :header })
The example code from Twitter works fine for me. The wrong consumer keys will give you 401 for sure.
I'm using https://github.com/ruby-ldap/ruby-net-ldap gem to connect/bind to LDAP
treebase = "ou=xxxxxx,dc=xxxxx,dc=xx"
credentials = {
:username => "myusername,ou=xxxxxx,dc=xxxxx,dc=xx",
:password => "password"
}
encryption = {
:method => :simple_tls,
:tls_options => { :ca_path => "folder/Chain/pem_folder"}
}
# pem_folder = folder that contains multiple pem files
ldap = Net::LDAP.new :host => "hostname.example.com",
:port => 636,
:encryption => encryption,
:base => treebase,
:auth => credentials
ldap.bind
The above code results in
ruby-2.2.2/gems/net-ldap-0.12.1/lib/net/ldap/connection.rb:47:in open_connection': SSL_connect returned=1 errno=0 state=error: certificate verify failed (Net::LDAP::Error)
I have a feeling it has something to do with the multiple certs but not sure.
What worked for me was
Make sure you are connected to VPN if needed to be on the network
follow the instruction here specially the part about rehashing with c_rehash
my username was also missing uid= before which was causing failed binding
Stackoverflow also helped but I used Figaro Gem instead
I want to use Guzzle and Silex to send request to https pages.
With http url I have a response :
app->get('/',function() use ($app, $client){
$response = $client->get("http://www.google.fr");
var_dump($response);
});
My response:
object(GuzzleHttp\Message\Response)[102]
private 'reasonPhrase' => string 'OK' (length=2)
private 'statusCode' => int 200
private 'effectiveUrl' => string 'http://www.google.fr' (length=20)
private 'headers' (GuzzleHttp\Message\AbstractMessage) =>
array (size=13)
'date' =>
array (size=1)
0 => string 'Wed, 18 Feb 2015 10:57:37 GMT' (length=29)
'expires' =>
But with https :
$app->get('/',function() use ($app, $client){
$url = "https://api.zoapp.com/v1/stc/cans/directory/pub/Employees";
$response = $client->get("https://www.facebook.com/");
var_dump($response);
});
I have to errors :
RequestException in RequestException.php line 51:
and
RingException in CurlFactory.php line 126:
Details : pastbin link
Following your link to the details, the exception message says:
cURL error 60: See http://curl.haxx.se/libcurl/c/libcurl-errors.html
Looking up http://curl.haxx.se/libcurl/c/libcurl-errors.html I found
CURLE_SSL_CACERT (60)
Peer certificate cannot be authenticated with known CA certificates.
So it's most likely a problem with the SSL verification/CA bundle. By setting the verify request option to false, guzzle (resp. curl) will not try to verify the host against a certificate, hence the error disappears (-- in reply to https://stackoverflow.com/a/28582692/413531)
However, you do not want to do that ;) Instead, you should try to solve the issue by providing a valid CA bundle.
IIRC, in v4 guzzle provided a default certificate (see https://github.com/guzzle/guzzle/blob/4.2.3/src/cacert.pem ), but removed that in version 5 and now tries to discover your default system CA bundle. From the docs, those locations are checked:
Check if openssl.cafile is set in your php.ini file.
Check if curl.cainfo is set in your php.ini file.
Check if /etc/pki/tls/certs/ca-bundle.crt exists (Red Hat, CentOS, Fedora; provided by the ca-certificates package)
Check if /etc/ssl/certs/ca-certificates.crt exists (Ubuntu, Debian; provided by the ca-certificates package)
Check if /usr/local/share/certs/ca-root-nss.crt exists (FreeBSD; provided by the ca_root_nss package)
Check if /usr/local/etc/openssl/cert.pem (OS X; provided by homebrew)
Check if C:\windows\system32\curl-ca-bundle.crt exists (Windows)
Check if C:\windows\curl-ca-bundle.crt exists (Windows)
However, I found it easier to set the certificate explicitly when creating a new Client. That means:
Download https://github.com/guzzle/guzzle/blob/4.2.3/src/cacert.pem or better (because newer) http://curl.haxx.se/ca/cacert.pem (see http://curl.haxx.se/docs/caextract.html)
Use the local path to this certifcate in the Client instantiation
Example (assuming you have the certificate named cacert.pem located in the same directory as the script):
$default = ["verify" => __DIR__ . "/cacert.pem"];
$config = ["defaults" => $default];
$client = new Client($config);
$response = $client->get("https://www.facebook.com");
I found a solution but do not know why it works :
$client->setDefaultOption('verify', false);
$response = $client->get("https://www.facebook.com");
My test environment for my Ruby (Sinatra + twitter_oauth) project is behind a proxy.
In the documentation, I read how to use the twitter_oauth gem with a proxy. But there the author says:
First you need to authorize the Twitter user via OAuth directly via the Twitter API (this part cannot be proxied)
But unfortunately, on this step I receive an proxy error when testing locally.
Is there any possibility to proxy this?
client = TwitterOAuth::Client.new(
:consumer_key => 'YOUR_APP_CONSUMER_KEY',
:consumer_secret => 'YOURA_APP_CONSUMER_SECRET'
)
request_token = client.request_token(:oauth_callback => 'YOUR_CALLBACK_URL')
Thanks in advance!!
No, but OAuth can be skipped if a check for local environment is wrapped around the authentication:
def localhost
client = "Test"
request_token = "Me"
def webhost
client = TwitterOAuth::Client.new(
:consumer_key => 'YOUR_APP_CONSUMER_KEY',
:consumer_secret => 'YOURA_APP_CONSUMER_SECRET'
)
request_token = client.request_token(:oauth_callback => 'YOUR_CALLBACK_URL')
I have a problem with a daemon accessing a REST api.
The access requires basic authentication. The username and password are fixed and can not be changed.
The problem seems to be, that the username looks like this: #ws+R4nd0mS7r1n
I access the API like this:
resource = RestClient::Resource.new( "#{base_url}/failover/#{failover_ip}", { :user => user_name, :password => user_password})
response = resource.get
This gets me an bad URI error:
bad URI(absolute but no path): https://#ws+R4nd0mS7r1n:RaNdOmPaSsWoRd#robot-ws.your-server.de/failover/11.11.11.11
When I itentionally remove the # from the username it works, but I get a NOT Authenticated error.
Is there a way to pass a username or password containing # to restclient?
Passing the complete URI manually to a .get does not work either.
I don't get the same error. What version of rest-client do you have installed?
You may simply be able to update the version to fix your problem (I tested with version 1.6.7 of the gem)
Alternatively, this works around the URI failure by directly writing to the Authorization header (which is where this data ends up anyway):
require 'base64'
auth = 'Basic ' + Base64.encode64( "#{user_name}:#{user_password}" ).chomp
resource = RestClient::Resource.new( "#{base_url}/failover/#{failover_ip}", { :headers => { 'Authorization' => auth } } )
resource.get