Getting SSL error in ruby on Windows - ruby

I get the following error:
C:\Users\user\Desktop\folder>ruby exchange_rate.rb
C:/Ruby23-x64/lib/ruby/2.3.0/net/http.rb:933:in `connect_nonblock': SSL_connect
returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify fai
led (OpenSSL::SSL::SSLError)
from C:/Ruby23-x64/lib/ruby/2.3.0/net/http.rb:933:in `connect'
from C:/Ruby23-x64/lib/ruby/2.3.0/net/http.rb:863:in `do_start'
from C:/Ruby23-x64/lib/ruby/2.3.0/net/http.rb:852:in `start'
from exchange_rate.rb:55:in `<main>'
According to
https://gist.github.com/luislavena/f064211759ee0f806c88
and other places with the exact same info this affects only rubygems versions up to 2.2.x
However my installation is:
ruby 2.3.0p0 (2015-12-25 revision 53290) [x64-mingw32] with rubygems 2.5.1
and I still get it
I tried the manual solution there, after looking for the .pem file somewhere else https://github.com/rubygems/rubygems/blob/master/lib/rubygems/ssl_certs/rubygems.org/AddTrustExternalCARoot.pem
since the link doesn't work anymore, this is the content of that
-----BEGIN CERTIFICATE-----
MIIENjCCAx6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJTRTEU
MBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFs
IFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290
MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFowbzELMAkGA1UEBhMCU0Ux
FDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5h
bCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9v
dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALf3GjPm8gAELTngTlvt
H7xsD821+iO2zt6bETOXpClMfZOfvUq8k+0DGuOPz+VtUFrWlymUWoCwSXrbLpX9
uMq/NzgtHj6RQa1wVsfwTz/oMp50ysiQVOnGXw94nZpAPA6sYapeFI+eh6FqUNzX
mk6vBbOmcZSccbNQYArHE504B4YCqOmoaSYYkKtMsE8jqzpPhNjfzp/haW+710LX
a0Tkx63ubUFfclpxCDezeWWkWaCUN/cALw3CknLa0Dhy2xSoRcRdKn23tNbE7qzN
E0S3ySvdQwAl+mG5aWpYIxG3pzOPVnVZ9c0p10a3CitlttNCbxWyuHv77+ldU9U0
WicCAwEAAaOB3DCB2TAdBgNVHQ4EFgQUrb2YejS0Jvf6xCZU7wO94CTLVBowCwYD
VR0PBAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wgZkGA1UdIwSBkTCBjoAUrb2YejS0
Jvf6xCZU7wO94CTLVBqhc6RxMG8xCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRU
cnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3QgRXh0ZXJuYWwgVFRQIE5ldHdvcmsx
IjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJvb3SCAQEwDQYJKoZIhvcN
AQEFBQADggEBALCb4IUlwtYj4g+WBpKdQZic2YR5gdkeWxQHIzZlj7DYd7usQWxH
YINRsPkyPef89iYTx4AWpb9a/IfPeHmJIZriTAcKhjW88t5RxNKWt9x+Tu5w/Rw5
6wwCURQtjr0W4MHfRnXnJK3s9EK0hZNwEGe6nQY1ShjTK3rMUUKhemPR5ruhxSvC
Nr4TDea9Y355e6cJDUCrat2PisP29owaQgVR1EX1n6diIWgVIEM8med8vSTYqZEX
c4g/VhsxOBi0cQ+azcgOno4uG+GMmIPLHzHxREzGBHNJdmAPx/i9F4BrLunMTA5a
mnkPIAou1Z5jJh5VkpTYghdae9C8x49OhgQ=
-----END CERTIFICATE-----
which is exactly the same thing I have
I upgraded rubygems to 2.6.4 still getting the same problem
Can anyone can help me get this working?

What worked for me is downloading a certificate file and pointing the SSL_CERT_FILE environment variable to it. My source is this gist by fnichol. (I was following the "The Manual Way (Boring)" instructions.)
Download http://curl.haxx.se/ca/cacert.pem to some permanent location.
Set environment variable SSL_CERT_FILE to the path of the downloaded file.
Now suddenly HTTPS requests (not related to gem installation) would work for me on Windows 10 using Ruby 2.2.x (x64).

Solved my problem by installing this gem
net_http_ssl_fix
Documentation here:
http://blog.liveeditorcms.com/net-http-ssl-fix-gem/
I don't know why it fixes, why the need of another gem on top of the regular one, but, what the hell, it works!

Any one that has installed 2.3.1 this link solved my SSL problems with installing gems in windows.
https://superdevresources.com/ssl-error-ruby-gems-windows/
Summary:
Download .pem file from here http://curl.haxx.se/ca/cacert.pem and save to C:\Rails\Installer\cacert.pem.
Right click computer and select properties.
Then click Advanced system settings and then Environment Variables.
Create a new system variable with SSL_CERT_FILE as name and C:\Rails\Installer\cacert.pem as path.
Open a command prompt and verify that you can install a gem.
I.E - gem install watir

For me, upgrading to ruby v2.4.3 via the RubyInstaller-2.4.3-1 (for windows) helped. The installer can be downloaded from https://rubyinstaller.org.

Related

Connection Refused RubyGems

I'm currently attempting to install a gem gem install micromidi. Whenever I run it from terminal I receive this error:
ERROR: Could not find a valid gem 'micromidi' (>= 0), here is why:
Unable to download data from https://rubygems.org/ - Errno::ECONNREFUSED: Connection refused - connect(2) for "rubygems.global.ssl.fastly.net" port 443 (https://api.rubygems.org/latest_specs.4.8.gz)
I'm not behind a proxy and I have an internet connection. I've installed gems before and have never had a problem. What's wrong and how do I fix this?
There's been a few recent merges of commits regarding ssl and mentioning "fastly", like this search of the repo: https://github.com/rubygems/rubygems/search?o=desc&q=fastly&s=created&type=Issues
Also, 2.6.3 / 2016-04-05 […] New fastly cert. Pull request #1548 by David Radcliffe see: https://github.com/rubygems/rubygems/blob/ccb9c3300c063f5b5656669972d24a10ef8afbf5/History.txt#L63
ANSWER
I recommend manually updating to RubyGems v2.6.6 - June 22, 2016 via https://rubygems.org/pages/download:
If you don't have any RubyGems installed, there is still the pre-gem
approach to getting software, doing it manually:
Download from above
Unpack into a directory and cd there
Install with: ruby setup.rb (you may need admin/root privilege)
RESOURCES
If the above doesn't resolve the issue, here are some additional resources:
[Comcast ISP] issue: https://github.com/rubygems/rubygems/issues/1001
[OS X] Helpful Stack Overflow question: "gem install rails" fails with DNS error
[Windows] Workaround RubyGems' SSL errors on Ruby for Windows (RubyInstaller), via https://gist.github.com/luislavena/f064211759ee0f806c88#manual-solution-to-ssl-issue:
Step 1: Obtain the new trust certificate
[…]
We need to download AddTrustExternalCARoot-2048.pem[ https://raw.githubusercontent.com/rubygems/rubygems/master/lib/rubygems/ssl_certs/AddTrustExternalCARoot-2048.pem ]
Use the above link and place/save this file somewhere you can later
find easily (eg. your Desktop).
IMPORTANT: File must have .pem as extension. Browsers like Chrome will
try to save it as plain text file. Ensure you change the filename to
have .pem in it after you have downloaded it.
Step 2: Locate RubyGems certificate directory in your installation
In order for us copy this file, we need to know where to put it.
Depending on where you installed Ruby, the directory will be
different.
Take for example the default installation of Ruby 2.1.5, placed in
C:\Ruby21
Open a Command Prompt and type in:
C:\>gem which ruby gems
C:/Ruby21/lib/ruby/2.1.0/rubygems.rb
Now, let's locate that directory. From within the same window,
enter the path part up to the file extension, but using
backslashes instead:
C:\>start C:\Ruby21\lib\ruby\2.1.0\rubygems
This will open a Explorer
window inside the directory we indicated.
Step 3: Copy new trust certificate
Now, locate ssl_certs directory and copy the .pem file we obtained
from previous step inside.
It will be listed with other files like GeoTrustGlobalCA.pem.

Pushing Gem to Hosted Credentialed Feed Is Failing

I'm trying to push a gem to hosted Artifactory and am encountering problems every step of the way.
My environment is:
Operating System: Windows 7 x64 Professional
Ruby: ruby 1.9.3p545
I had to do a trick with cacert.pem to add the artifactory url to my list of sources, but that part is working now. The next step in Artifactory documentation is to get an api key and pipe it to ~/.gem/credentials.
When I do that the api key downloads successfully, but gem completely breaks.
gem
C:/ruby193/lib/ruby/1.9.1/psych.rb:203:in `parse': (<unknown>): control characters are not allowed at line 1 column 1 (Psych::SyntaxError)
from C:/ruby193/lib/ruby/1.9.1/psych.rb:203:in `parse_stream'
from C:/ruby193/lib/ruby/1.9.1/psych.rb:151:in `parse'
from C:/ruby193/lib/ruby/1.9.1/psych.rb:127:in `load'
from C:/ruby193/lib/ruby/site_ruby/1.9.1/rubygems/config_file.rb:253:in `load_file'
from C:/ruby193/lib/ruby/site_ruby/1.9.1/rubygems/config_file.rb:223:in `load_api_keys'
from C:/ruby193/lib/ruby/site_ruby/1.9.1/rubygems/config_file.rb:208:in `initialize'
from C:/ruby193/lib/ruby/site_ruby/1.9.1/rubygems/gem_runner.rb:78:in `new'
from C:/ruby193/lib/ruby/site_ruby/1.9.1/rubygems/gem_runner.rb:78:in `do_configuration'
from C:/ruby193/lib/ruby/site_ruby/1.9.1/rubygems/gem_runner.rb:51:in `run'
I can't even use gem as long as the credentials file is there, so I have to remove it.
If I try to push without the credentials file and using the --host option, gem seems to ignore the --host options.
gem push .\my_gem-0.0.1.0.beta.gem --host $artifactory.source
Enter your RubyGems.org credentials.
Don't have an account yet? Create one at http://rubygems.org/sign_up
Email:
Password:
Pushing gem to https://rubygems.org...
HTTP Basic: Access denied.
This is a proprietary gem, so publishing to rubygems.org is NOT an option. There definitely seems to be a problem with my environment, but I've been unable to figure out what it is--and none of the other documentation of SO questions seem to be on point.
I know that I'm going to need to get gem to read the credentials file to push successfully, but it seems like a more basic issue that gem is ignoring the --host parameter.
It took a lot of effort, but I think I've resolved my issues. It was a problem in 2 parts.
Solution Part 1
With respect to the issue of gem ignoring the --host option, this is resolved by updating gem.
Apparently the version of gem that ships with ruby 1.9.3v545 on Windows is broken. After updating gem it acted like it was trying to upload to the correct url.
Solution Part 2
The second issue involves a corrupted credentials file. What's happening here is that when piping the output from the curl command into the credentials file, the credentials file is being encoded with Unicode. To resolve this I used a slightly different curl command (in powershell)
curl $url | Out-File ~/.gem/credentials -Encoding "ASCII"
Now I'm able to upload the gem successfully.
If the SSL_CERT_FILE environment variable trick doesn't work, you can also try editing your .gemrc file as follows:
:ssl_ca_cert: C:\\path\\to\\cacert.pem

Nasty SSL certificate error occurs in Rails controller, but not in console

This error just keeps popping up at different times. It is absolutely maddening, and productivity-sapping.
This is rvm ruby-1.9.3-p392 and Rails 3.2.13, and Pow.
In the console, this command works:
response = Net::HTTP.start(url.host, url.port, :use_ssl => url.scheme == 'https') {|http| http.request(request)}
The exact same command, when accessed from a controller, FAILS with this error:
SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
I have seen numerous posts and answers on SO about the error. There are scores of answers, because the technology stack used is so brittle because of the many moving parts and many, many different locations of certificate files. However, I have yet to see exactly why this works in the Rails console, while it fails from the Rails controller. Has anyone seen anything like this?
It's still a mystery why this worked in the console and not in the controller. But there were so many moving parts, I decided to scrap the original rvm install and start over.
Many people that have had their Mac environments for a while have used MacPorts in the past. Some, like me, have moved on to Homebrew. But I maintain both, because there are some libraries I can't get on Homebrew that I can only get from MacPorts. I try to avoid building from source as much as humanly possible, because I have gone into dependency hell like that in the past and I need to rely on people smarter than me.
What I did to solve the problem was to set rvm to exclusively use Homebrew, something I had never done before:
rvm autolibs homebrew
This first required a Homebrew update:
brew update
but it will tell you if you need to do that, or do it for you automatically.
Then I did:
rvm install 1.9.3
This built Ruby 1.9.3-p429 from source, since no binaries were available.
I had OpenSSL installed in a couple of different places (MacPorts and Homebrew homes) so that may have been part of my original problem.
The installation went off without a hitch. I recreated my original gemset under 1.9.3 and created the appropriate .rvmrc file.
Now the SSL_connect errors are gone.

On ruby-1.9.3 getting OpenSSL::SSL::SSLError from net-https (Mac OSX 10.6)

I have seen a lot of people with this error and no solution seems to fix it for me:
ruby-1.9.3-p0/lib/ruby/1.9.1/net/http.rb:799:in `connect': SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (OpenSSL::SSL::SSLError)
There seem to be a lot of solutions proposing shifting cert files around. I've installed and uninstalled macports, homebrew, the works. I have my keys set up right for github. The error is occurring when trying to do a rails build that calls on a template with files up on github.
System: Mac OSX 10.6 - recent upgrade. Ruby 1.9.3, also a recent upgrade. Rails 3.2. I have googled till the cows come home and spent hours on this problem and even though there seem to be several q's like this I am holding out hope someone found a solution and hasn't yet posted it. I think I know why it's happening - net/http is not finding the certs, right? But I cannot figure out how to fix it. Thanks in advance for any kind help.
Edit: Further info. Attempting the exact same build in ruby 1.9.2 (rvm use 1.9.2) completes without throwing the error.
Another edit: I have tried all the stuff on the rvm page about the openssl package, installing that and reinstalling ruby-1.9.3 with the config flag pointing openssl at that package. Still no joy.
One more edit: It seems to be OpenURI that's having the problem - cannot find a way to make it aware of the cert locations :-(
I just directly modify the http.rb source(L:669) for MacOS:
def use_ssl=(flag)
flag = flag ? true : false
if started? and #use_ssl != flag
raise IOError, "use_ssl value changed, but session already started"
end
if flag && !#ca_file //added by riceball
#ca_file = '/opt/local/share/curl/curl-ca-bundle.crt'
end
must install first
port install curl-ca-bundle

Using curb gem and libcurl on Windows

I am trying to install the curb gem, which is libcurl bindings for Ruby, and of course I need to have "A working (lib)curl installation, with development stuff" installed on my computer. So, I went to the cURL Download Wizard and downloaded this package.
But adding the bin into my PATH does not produce improvement and I still get an error when I try to install the curb gem, such as:
extconf.rb:19: Can't find libcurl or curl/curl.h
(RuntimeError)
Even though, curl is already in the PATH.
EDIT: I also tried raking the gem, as per the instructions. It fails saying "make failed" and throwing a bunch of errors like this:
C:/Ruby/lib/ruby/gems/1.8/gems/curb-0.7.7.1/ext/curb_postfield.c:76:
undefined reference to
`_imp__curl_formadd'
Execute Below command for windows only and its works
gem install curb --platform=mswin32
I realise this is a very old question, but I had this exact problem today and found the instructions on someone else's site. These worked for me so I thought I would share them since people with this issue are most likely to come across StackOverflow first: http://jes.al/2012/10/installing-curb-gem-on-windows-7/
In a nutshell:
Get the 32-bit development version of curl (see my notes below)
Add the curl bin directory to your PATH
Run the following command (replacing the paths to curl as necessary)
gem install curb --platform=ruby -- -- --with-curl-lib="C:/curl-7.27.0-devel-mingw32/bin" --with-curl-include="C:/curl-7.27.0-devel-mingw32/include"
A couple of personal notes:
Even though I am on 64-bit Windows 7, I had to download the 32-bit libcurl version under "Win32 - Generic", identified as "Win32 2000/XP zip".
I got the error c:/Ruby193/lib/ruby/1.9.1/mkmf.rb:246:in 'initialize': Permission denied - mkmftmp1.log (Errno::EACCES) while installing the gem. This rather messed up page here suggested that it might be a problem with my anti-virus, and that just retrying a couple of times might work, and indeed, it did.

Resources