SSL problems in ruby but not curl - ruby

I have the following working curl command:
curl -k -E some_cert.pem https://someurl.com/__dirlist__
Trying to implement this in Ruby I have:
uri = URI.parse('https://someurl.com/__dirlist__')
http_session = Net::HTTP.new(uri.host, uri.port)
http_session.ca_file = "some_cert.pem"
http_session.use_ssl = true
http_session.verify_mode = OpenSSL::SSL::VERIFY_NONE
res = http_session.get(uri.request_uri)
I've played around with using all the different versions of SSL (using http_session.ssl_version = :SSLv2_client etc), all which failed (some with different messages), I matched up versions using wireshark to see what curl was using so don't think that's the problem (although ruby was sending a bunch of extra settings none seemed pertinent).
From reading other bug reports I've seen people have a lot of problems related to not having the appropriate certificates in their cert store however with SSL::VERIFY_NONE I don't see how that could matter.
I can't rule out that it could be the openssl baked into my Ruby but it seems unlikely to me given I've also run this code on another machine and gotten the same error and I would assume curl is linking against the same openssl (I don't know how to check this).
I've looked through the rdocs like I've exhausted all the settings available in Net:HTTP.
This is the nondescript error that I'm seeing (anonymised slightly):
OpenSSL::SSL::SSLError: SSL_read:: ssl handshake failure
from /Users/a_user/.rvm/gems/ruby-1.9.3-p0#project/gems/right_http_connection-1.3.0/lib/net_fix.rb:52:in `sysread'
from /Users/a_user/.rvm/gems/ruby-1.9.3-p0#project/gems/right_http_connection-1.3.0/lib/net_fix.rb:52:in `block in rbuf_fill'
from /Users/a_user/.rvm/rubies/ruby-1.9.3-p0/lib/ruby/1.9.1/timeout.rb:68:in `timeout'
from /Users/a_user/.rvm/rubies/ruby-1.9.3-p0/lib/ruby/1.9.1/timeout.rb:99:in `timeout'
from /Users/a_user/.rvm/gems/ruby-1.9.3-p0#project/gems/right_http_connection-1.3.0/lib/net_fix.rb:51:in `rbuf_fill'
from /Users/a_user/.rvm/rubies/ruby-1.9.3-p0/lib/ruby/1.9.1/net/protocol.rb:122:in `readuntil'
from /Users/a_user/.rvm/rubies/ruby-1.9.3-p0/lib/ruby/1.9.1/net/protocol.rb:132:in `readline'
from /Users/a_user/.rvm/rubies/ruby-1.9.3-p0/lib/ruby/1.9.1/net/http.rb:2562:in `read_status_line'
from /Users/a_user/.rvm/rubies/ruby-1.9.3-p0/lib/ruby/1.9.1/net/http.rb:2551:in `read_new'
from /Users/a_user/.rvm/gems/ruby-1.9.3-p0#project/gems/right_http_connection-1.3.0/lib/net_fix.rb:146:in `request'
from /Users/a_user/.rvm/gems/ruby-1.9.3-p0#project/gems/right_http_connection-1.3.0/lib/net_fix.rb:131:in `block in request'
from /Users/a_user/.rvm/rubies/ruby-1.9.3-p0/lib/ruby/1.9.1/net/http.rb:745:in `start'
from /Users/a_user/.rvm/gems/ruby-1.9.3-p0#project/gems/right_http_connection-1.3.0/lib/net_fix.rb:129:in `request'
from /Users/a_user/.rvm/rubies/ruby-1.9.3-p0/lib/ruby/1.9.1/net/http.rb:1026:in `get'

From the curl manual:
-k, --insecure
(SSL) This option explicitly allows curl to perform "insecure"
SSL connections and transfers. All SSL connections are attempted
to be made secure by using the CA certificate bundle installed
by default. This makes all connections considered "insecure"
fail unless -k, --insecure is used.
So running without -k might reveal the problem on curl as well.

Related

ruby: ECONNREFUSED from http.rb

I am trying to parse an rss feed with Ruby. This is my (working) code, with the actual feed url:
include 'rss'
myfeed = RSS::Parser.parse('http://allmusicnews.altervista.org/blog/feed/', false)
If I run it from my development computer (Mac OS 10.9), all works fine. If I run it from my server (Debian 7), all i get is:
/home/daniele/.rvm/rubies/ruby-2.2.0/lib/ruby/2.2.0/net/http.rb:879:in `initialize': Connection refused - connect(2) for "allmusicnews.altervista.org" port 80 (Errno::ECONNREFUSED)
from /home/daniele/.rvm/rubies/ruby-2.2.0/lib/ruby/2.2.0/net/http.rb:879:in `open'
from /home/daniele/.rvm/rubies/ruby-2.2.0/lib/ruby/2.2.0/net/http.rb:879:in `block in connect'
from /home/daniele/.rvm/rubies/ruby-2.2.0/lib/ruby/2.2.0/timeout.rb:74:in `timeout'
from /home/daniele/.rvm/rubies/ruby-2.2.0/lib/ruby/2.2.0/net/http.rb:878:in `connect'
from /home/daniele/.rvm/rubies/ruby-2.2.0/lib/ruby/2.2.0/net/http.rb:863:in `do_start'
from /home/daniele/.rvm/rubies/ruby-2.2.0/lib/ruby/2.2.0/net/http.rb:852:in `start'
from /home/daniele/.rvm/rubies/ruby-2.2.0/lib/ruby/2.2.0/open-uri.rb:318:in `open_http'
from /home/daniele/.rvm/rubies/ruby-2.2.0/lib/ruby/2.2.0/open-uri.rb:736:in `buffer_open'
from /home/daniele/.rvm/rubies/ruby-2.2.0/lib/ruby/2.2.0/open-uri.rb:211:in `block in open_loop'
from /home/daniele/.rvm/rubies/ruby-2.2.0/lib/ruby/2.2.0/open-uri.rb:209:in `catch'
from /home/daniele/.rvm/rubies/ruby-2.2.0/lib/ruby/2.2.0/open-uri.rb:209:in `open_loop'
from /home/daniele/.rvm/rubies/ruby-2.2.0/lib/ruby/2.2.0/open-uri.rb:150:in `open_uri'
from /home/daniele/.rvm/rubies/ruby-2.2.0/lib/ruby/2.2.0/open-uri.rb:716:in `open'
from /home/daniele/.rvm/rubies/ruby-2.2.0/lib/ruby/2.2.0/open-uri.rb:724:in `read'
from /home/daniele/.rvm/rubies/ruby-2.2.0/lib/ruby/2.2.0/rss/parser.rb:103:in `normalize_rss'
from /home/daniele/.rvm/rubies/ruby-2.2.0/lib/ruby/2.2.0/rss/parser.rb:89:in `initialize'
from /home/daniele/.rvm/rubies/ruby-2.2.0/lib/ruby/2.2.0/rss/parser.rb:76:in `new'
from /home/daniele/.rvm/rubies/ruby-2.2.0/lib/ruby/2.2.0/rss/parser.rb:76:in `parse'
This does not happen with other rss feeds. example: feeds.blogo.it/soundsblog/it seems working well on both platforms.
I am using the same Ruby version (2.2.0), installed with RVM on both the computers. Same gems too.
Any clue, at least about what to look for?
ps: it may seem something related to connection timeout, but as I run my script suddenly I see the error message above, there's no idle waiting time...
Please ignore my question. I was shooting to the wrong target.
Actually I'm afraid to have some blacklistish problem with my production machine. I cannot connect to altervista.org server in any way (lynx, telnet), I keep getting "connection refused error", so there's nothing to do with my Ruby code...

SSL Error Twitter Request using HTTPS

consumer and token hash is defined in my code
access_token = OAuth::AccessToken.from_hash(consumer, token_hash)
url = URI.encode("https://api.twitter.com/1.1/statuses/update.json?status=awesome!")
response = access_token.request(:post, url)
it gives us
OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
from /usr/lib/ruby/1.8/net/http.rb:586:in `connect'
from /usr/lib/ruby/1.8/net/http.rb:586:in `connect'
from /usr/lib/ruby/1.8/net/http.rb:553:in `do_start'
from /usr/lib/ruby/1.8/net/http.rb:542:in `start'
from /usr/lib/ruby/1.8/net/http.rb:1035:in `__request__'
from /usr/lib/ruby/gems/1.8/gems/rest-client-1.6.7/lib/restclient/net_http_ext.rb:51:in `request'
from /usr/lib/ruby/gems/1.8/gems/oauth-0.4.7/lib/oauth/consumer.rb:161:in `request'
from /usr/lib/ruby/gems/1.8/gems/oauth-0.4.7/lib/oauth/tokens/consumer_token.rb:25:in `request'
from /usr/lib/ruby/gems/1.8/gems/oauth-0.4.7/lib/oauth/tokens/access_token.rb:12:in `request'
Please help me
Use Latest RVM (Ruby Version Manager) to fix third party app integration by using Ruby on Rail framework.
For more info use Step by Step guide here - OpenSSL Errors and Rails Certificate Verify Failed
Hope it helps!
I had the same error. I still havn't been able able to resolve the underlying issues but try pasting this into your .rb files.
OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE
It basically turns off the verification step.

Patching classes in Ruby's core lib

I'm trying to set the timeout for subsequent http calls to a very unreliable API. I tried multiple attempts at using Ruby's built-in Timeout.timeout() method but had had no such luck getting it to extend to sub calls. For example, Timeout.timeout(300) will set the first timeout to 300 but sub calls go back to 60. I added a print of the seconds_delay and here is what I saw:
[16:55:16 miker#laughwhat-lm ~/optisol/src/rails/tools_app/trunk/adhoc/ticket] $ bundle exec ruby buck.rb
300
nil
warning: peer certificate won't be verified in this SSL session
60
60
nil
warning: peer certificate won't be verified in this SSL session
60
Here is the error I receive with full stack trace:
[16:49:50 miker#laughwhat-lm ~/optisol/src/rails/tools_app/trunk/adhoc/ticket] $ bundle exec ruby buck.rb
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
/Users/miker/.rvm/rubies/ree-1.8.7-2011.03/lib/ruby/1.8/timeout.rb:64:in `rbuf_fill': execution expired (Timeout::Error)
from /Users/miker/.rvm/rubies/ree-1.8.7-2011.03/lib/ruby/1.8/net/protocol.rb:134:in `rbuf_fill'
from /Users/miker/.rvm/rubies/ree-1.8.7-2011.03/lib/ruby/1.8/net/protocol.rb:116:in `readuntil'
from /Users/miker/.rvm/rubies/ree-1.8.7-2011.03/lib/ruby/1.8/net/protocol.rb:126:in `readline'
from /Users/miker/.rvm/rubies/ree-1.8.7-2011.03/lib/ruby/1.8/net/http.rb:2028:in `read_status_line'
from /Users/miker/.rvm/rubies/ree-1.8.7-2011.03/lib/ruby/1.8/net/http.rb:2017:in `read_new'
from /Users/miker/.rvm/rubies/ree-1.8.7-2011.03/lib/ruby/1.8/net/http.rb:1051:in `request_without_fakeweb'
from /Users/miker/.rvm/gems/ree-1.8.7-2011.03/gems/fakeweb-1.3.0/lib/fake_web/ext/net_http.rb:50:in `request'
from /Users/miker/.rvm/rubies/ree-1.8.7-2011.03/lib/ruby/1.8/net/http.rb:845:in `post'
from /Users/miker/.rvm/rubies/ree-1.8.7-2011.03/lib/ruby/1.8/soap/netHttpClient.rb:93:in `post'
from /Users/miker/.rvm/rubies/ree-1.8.7-2011.03/lib/ruby/1.8/soap/netHttpClient.rb:116:in `start'
from /Users/miker/.rvm/rubies/ree-1.8.7-2011.03/lib/ruby/1.8/net/http.rb:543:in `start'
from /Users/miker/.rvm/rubies/ree-1.8.7-2011.03/lib/ruby/1.8/soap/netHttpClient.rb:115:in `start'
from /Users/miker/.rvm/rubies/ree-1.8.7-2011.03/lib/ruby/1.8/soap/netHttpClient.rb:92:in `post'
from /Users/miker/.rvm/rubies/ree-1.8.7-2011.03/lib/ruby/1.8/soap/streamHandler.rb:170:in `send_post'
from /Users/miker/.rvm/rubies/ree-1.8.7-2011.03/lib/ruby/1.8/soap/streamHandler.rb:109:in `send'
from /Users/miker/.rvm/rubies/ree-1.8.7-2011.03/lib/ruby/1.8/soap/rpc/proxy.rb:170:in `route'
from /Users/miker/.rvm/rubies/ree-1.8.7-2011.03/lib/ruby/1.8/soap/rpc/proxy.rb:141:in `call'
from /Users/miker/.rvm/rubies/ree-1.8.7-2011.03/lib/ruby/1.8/soap/rpc/driver.rb:178:in `call'
from /Users/miker/.rvm/rubies/ree-1.8.7-2011.03/lib/ruby/1.8/soap/rpc/driver.rb:232:in `getByBuyer'
from buck.rb:9
from /Users/miker/.rvm/gems/ree-1.8.7-2011.03/gems/yieldmanager-0.8.2/lib/yieldmanager/client.rb:131:in `session'
from buck.rb:8
from /Users/miker/.rvm/rubies/ree-1.8.7-2011.03/lib/ruby/1.8/timeout.rb:67:in `timeout'
from /Users/miker/.rvm/rubies/ree-1.8.7-2011.03/lib/ruby/1.8/timeout.rb:101:in `timeout'
from buck.rb:6
So I guess my question would be how can I go about patching the protocol.rb BufferedIO's method to look like this:
class BufferedIO
private
def rbuf_fill
puts "working"
timeout(300) { # forced 300 second timeout
#rbuf << #io.sysread(BUFSIZE)
}
end
end
Adding that to my ruby file before or after I do my requires/includes does not have an affect (i.e. no "working" is ever printed out). Hope someone has a solution. Thanks!
Of all the various Ruby library's, the clumsiest to work with and ugliest, in my opinion, would have to be net::http. Have you considered switching to something like this:
https://github.com/dbalatero/typhoeus
The requests in typhoeus occur via lib-curl and so aren't bound by Ruby's not-so-reliable when nested or threaded timeout method.
In terms of the rbuf_fill issue, I'm not sure if that will get you there. If I remember correctly, when a timeout exception fires, it always shows the location that the code is currently at in the stack. That location is only incidental. Take the example below I just ran in irb. Notice how it tells you the timeout occured in "sleep"? Where the timeout is reported is just what it happened to be doing at that moment, not where the timeout code is necessarily implemented, nor do you know which timeout it is that is tripping if there are multiple. I'd have to chase down the rbuf_fill to confirm this for you though, and I have to run at the moment...
irb> timeout(2){sleep 5}
Timeout::Error: execution expired
from (irb):3:in sleep'
from (irb):3:inblock in irb_binding'
from (irb):3
from /home/ebelan

Soap4r : the requested address is not valid in the its context

I was wondering if somebody has seen this error before?
C:/Ruby/lib/ruby/gems/1.8/gems/httpclient-2.1.5.2/lib/httpclient/session.rb:675:in `initialize': The requested address is not valid in its context. - connect(2) (://:0) (Errno::EADDRNOTAVAIL)
from C:/Ruby/lib/ruby/gems/1.8/gems/httpclient-2.1.5.2/lib/httpclient/session.rb:675:in `new'
from C:/Ruby/lib/ruby/gems/1.8/gems/httpclient-2.1.5.2/lib/httpclient/session.rb:675:in `create_socket'
from C:/Ruby/lib/ruby/gems/1.8/gems/httpclient-2.1.5.2/lib/httpclient/session.rb:632:in `connect'
from C:/Ruby/lib/ruby/gems/1.8/gems/httpclient-2.1.5.2/lib/httpclient/timeout.rb:128:in `timeout'
from C:/Ruby/lib/ruby/gems/1.8/gems/httpclient-2.1.5.2/lib/httpclient/session.rb:631:in `connect'
from C:/Ruby/lib/ruby/gems/1.8/gems/httpclient-2.1.5.2/lib/httpclient/session.rb:522:in `query'
from C:/Ruby/lib/ruby/gems/1.8/gems/httpclient-2.1.5.2/lib/httpclient/session.rb:147:in `query'
from C:/Ruby/lib/ruby/gems/1.8/gems/httpclient-2.1.5.2/lib/httpclient.rb:953:in `do_get_block'
from C:/Ruby/lib/ruby/gems/1.8/gems/httpclient-2.1.5.2/lib/httpclient.rb:765:in `do_request'
from C:/Ruby/lib/ruby/gems/1.8/gems/httpclient-2.1.5.2/lib/httpclient.rb:848:in `protect_keep_alive_disconnected'
from C:/Ruby/lib/ruby/gems/1.8/gems/httpclient-2.1.5.2/lib/httpclient.rb:764:in `do_request'
from C:/Ruby/lib/ruby/gems/1.8/gems/httpclient-2.1.5.2/lib/httpclient.rb:666:in `request'
from C:/Ruby/lib/ruby/gems/1.8/gems/httpclient-2.1.5.2/lib/httpclient.rb:596:in `post'
from C:/Ruby/lib/ruby/gems/1.8/gems/soap4r-1.5.8/lib/soap/streamHandler.rb:238:in `send_post'
from C:/Ruby/lib/ruby/gems/1.8/gems/soap4r-1.5.8/lib/soap/streamHandler.rb:172:in `send'
from C:/Ruby/lib/ruby/gems/1.8/gems/soap4r-1.5.8/lib/soap/rpc/proxy.rb:179:in `route'
from C:/Ruby/lib/ruby/gems/1.8/gems/soap4r-1.5.8/lib/soap/rpc/proxy.rb:143:in `call'
from C:/Ruby/lib/ruby/gems/1.8/gems/soap4r-1.5.8/lib/soap/rpc/driver.rb:181:in `call'
from (eval):6:in `preRepairAuthorizationQA'
from C:/documents and settings/ngorbikoff/Desktop/GMW/WSDL/ProcessMessageClient.rb:21
I'm trying to connect to a service, I just generated this soap client from wsdl2ruby. Everything went fine. So I have no idea why this error is happening. This is a fresh install of ruby 1.8.7 on Windows, but I tested this on another Windows machine with Ruby 1.8.6 and on a Debian server with REE 1.8.7 - same error. My gut feeling is that it has to do with the httpclient lib - but I can't find anything on google - regarding this err, other than some references to Pythong and tcl - which seem to be unrelated. Also I'm trying to connect to wsdl service that is on httpS - but I didn't have this problem before and there were no changes on the server.
Does anyone have any insight?
OK nevermind people. For anyone else looking into this cryptic message if you are using wsdl2ruby - make sure that you define your endpoint_url in the WhateverServiceClient.rb file generated by the wsdl3ruby.

Ruby networking problem on windows

I am running windows XP with ruby 1.8.6 patchlevel 111. I am using HTTP to connect to a remote server and it has been running fine. All of a sudden it started to through the exception listed below (I did not change any code since the last time I ran it successfully). Does anybody know what is going on?
c:/ruby/lib/ruby/1.8/timeout.rb:54:in `rbuf_fill': execution expired (Timeout::E
rror)
from c:/ruby/lib/ruby/1.8/timeout.rb:56:in `timeout'
from c:/ruby/lib/ruby/1.8/timeout.rb:76:in `timeout'
from c:/ruby/lib/ruby/1.8/net/protocol.rb:132:in `rbuf_fill'
from c:/ruby/lib/ruby/1.8/net/protocol.rb:116:in `readuntil'
from c:/ruby/lib/ruby/1.8/net/protocol.rb:126:in `readline'
from c:/ruby/lib/ruby/1.8/net/http.rb:2029:in `read_status_line'
from c:/ruby/lib/ruby/1.8/net/http.rb:2018:in `read_new'
from c:/ruby/lib/ruby/1.8/net/http.rb:1059:in `request'
... 19 levels...
from c:/ruby/lib/ruby/1.8/test/unit/autorunner.rb:216:in `run'
from c:/ruby/lib/ruby/1.8/test/unit/autorunner.rb:12:in `run'
from c:/ruby/lib/ruby/1.8/test/unit.rb:278
from c:/ruby/lib/ruby/gems/1.8/gems/rake-0.8.3/lib/rake/rake_test_loader
.rb:5
rake aborted!
Command failed with status (3): [c:/ruby/bin/ruby -Ilib;test "c:/ruby/lib/r...]
Maybe the remote host is down? Or a new firewall has been put between your machine and the remote host?
"Timeout::Error" usually points to that direction.
besides the obvious (firewall, you got blacklisted for bad user-agent or ignoring robots.txt), you can try curl
http://curl.haxx.se/libcurl/ruby/
OR increase net/http timeout to say, 30+ seconds
http://groups.google.com/group/rubyonrails-talk/msg/cc89e8ae6703d6fb
It could be related to this known Ruby bug where Timeout::Error does not subclass Exception. (fixed in 1.9.2 I believe)
http://lindsaar.net/2007/12/9/rbuf_filltimeout-error
It can be fixed by rescuing from Timeout::Error like rescue Timeout::Error => e

Resources