I am having a semi-serious problem with OpenSSL 1.0.1 + Ruby 1.9.3 on Ubuntu 12.04.
All rubies are installed with rvm
require 'uri'
require 'net/http'
require 'net/https'
endpoint = "https://secure.mmoagateway.com/api/transact.php"
RUBY_184_POST_HEADERS = { "Content-Type" => "application/x-www-form-urlencoded" }
body = "orderid=ae5dd847d9f31209cbffeeea076ed966&orderdescription=Active+Merchant+Remote+Test+Purchase&ccnumber=4111111111111111&ccexp=0913&cvv=123&company=Widgets+Inc&address1=1234+My+Street&address2=Apt+1&city=Ottawa&state=ON&zip=K1C2N6&country=CA&phone=%28555%29555-5555&firstname=&lastname=&email=&amount=1.00&type=auth&username=demo&password=password"
headers = {}
endpoint = endpoint.is_a?(URI) ? endpoint : URI.parse(endpoint)
http = Net::HTTP.new(endpoint.host, endpoint.port)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
http.set_debug_output(STDOUT)
result = http.post(endpoint.request_uri, body, RUBY_184_POST_HEADERS.merge(headers))
puts(result)
On Ubuntu 12.04 + Ruby 1.9.3 + Openss 1.0.1 I get the following output:
% ruby test.rb
opening connection to secure.mmoagateway.com...
opened
Conn close because of connect error Connection reset by peer - SSL_connect
/usr/lib/ruby/1.9.1/net/http.rb:799:in `connect': Connection reset by peer - SSL_connect (Errno::ECONNRESET)
from /usr/lib/ruby/1.9.1/net/http.rb:799:in `block in connect'
from /usr/lib/ruby/1.9.1/timeout.rb:54:in `timeout'
from /usr/lib/ruby/1.9.1/timeout.rb:99:in `timeout'
from /usr/lib/ruby/1.9.1/net/http.rb:799:in `connect'
from /usr/lib/ruby/1.9.1/net/http.rb:755:in `do_start'
from /usr/lib/ruby/1.9.1/net/http.rb:744:in `start'
from /usr/lib/ruby/1.9.1/net/http.rb:1284:in `request'
from /usr/lib/ruby/1.9.1/net/http.rb:1307:in `send_entity'
from /usr/lib/ruby/1.9.1/net/http.rb:1096:in `post'
from test.rb:17:in `<main>'
With Ruby 1.8.7 I get the correct output:
$ ruby test.rb
opening connection to secure.mmoagateway.com...
opened
<- "POST /api/transact.php HTTP/1.1\r\nAccept: */*\r\nContent-Type: application/x-www-form-urlencoded\r\nConnection: close\r\nContent-Length: 347\r\nHost: secure.mmoagateway.com\r\n\r\n"
<- "orderid=ae5dd847d9f31209cbffeeea076ed966&orderdescription=Active+Merchant+Remote+Test+Purchase&ccnumber=4111111111111111&ccexp=0913&cvv=123&company=Widgets+Inc&address1=1234+My+Street&address2=Apt+1&city=Ottawa&state=ON&zip=K1C2N6&country=CA&phone=%28555%29555-5555&firstname=&lastname=&email=&amount=1.00&type=auth&username=demo&password=password"
-> "HTTP/1.1 200 OK\r\n"
-> "Date: Wed, 04 Jul 2012 01:26:35 GMT\r\n"
-> "Server: Apache\r\n"
-> "Content-Length: 240\r\n"
-> "Connection: close\r\n"
-> "Content-Type: text/html\r\n"
-> "\r\n"
reading 240 bytes...
-> "response=1&responsetext=SUCCESS&authcode=123456&transactionid=1648894346&avsresponse=N&cvvresponse=N&orderid=ae5dd847d9f31209cbffeeea076ed966&type=auth&response_code=100&merchant_defined_field_6=&merchant_defined_field_7=&customer_vault_id="
read 240 bytes
Conn close
#<Net::HTTPOK:0xb74175c8>
response=1&responsetext=SUCCESS&authcode=123456&transactionid=1648894346&avsresponse=N&cvvresponse=N&orderid=ae5dd847d9f31209cbffeeea076ed966&type=auth&response_code=100&merchant_defined_field_6=&merchant_defined_field_7=&customer_vault_id=
I have the same issue in arch with 1.9.3 and 1.0.1.
If I install 1.0.0e from oneiric on my 12.04 system it also works fine with ruby 1.9.3
I think this may be related to ubuntu bug here: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/965371
Although I downloaded the packages from Debian where they said it was fixed and had no luck.
Has anyone else experienced a similar problem?
I had the same problem connecting to an authorization gateway. In the end I was able to connect by forcing sslv3
http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = true if #is_https
http.verify_mode = OpenSSL::SSL::VERIFY_NONE if #is_https
http.ssl_version = :SSLv3
I have the same problem... here is information, that rvm pkg install openssl and rvm reinstall 1.9.3-p194 --with-openssl-dir=~/.rvm/usr solves the problem, but it doesn't help me
Related
I am trying to pull a binary from our repo in Artifactory that is of HTTPS.
/var/chef/cookbooks/app/providers/setup.rb:48:in `determineRepoURL'
/var/chef/cookbooks/app/providers/setup.rb:86:in `deploy_compile_time_config_application'
/var/chef/cookbooks/app/providers/setup.rb:24:in `block (2 levels) in class_from_file'
/var/chef/cookbooks/app/providers/setup.rb:20:in `block in class_from_file'
...
[2019-03-26T17:11:39-07:00] ERROR: Running exception handlers
[2019-03-26T17:11:39-07:00] ERROR: Exception handlers complete
[2019-03-26T17:11:39-07:00] FATAL: Stacktrace dumped to /var/chef/cache/chef-stacktrace.out
Chef Client failed. 5 resources updated
[2019-03-26T17:11:39-07:00] ERROR: app_setup[test] (app::default line 40) had an error: OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3 read server hello A: tlsv1 alert protocol version
Previously I had
def determineRepoURL(*param)
url = "#{repository_url}/api/search/pattern?pattern=#{param[0]}:#{name}/#{version}/*#{param[1]}"
uri = URI(url)
http = Net::HTTP.new(uri.host, uri.port)
request = Net::HTTP::Get.new(uri.request_uri)
request.basic_auth "#{user}", "#{token}"
response = http.request request # Net::HTTPResponse object
result = JSON.parse(response.body)
list = result['files'].sort.reverse
return list[0]
end
after adding
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
I still have the same error. However, for some reason, this only happens on Chef's 11.8.2, I tried my script with Chef's 12.6.0 and I did not encounter this SSL certificate issue, does anyone have a bypass for 11.8.2 as I do not have access to 12.6.0
Ruby version: 1.8.7
OpenSSL version: OpenSSL 1.0.1e-fips 11 Feb 2013
In ruby, I try to do a ssl connection to a nginx server I setup locally, with an auto-signed certificate. My code is :
require "net/http"
require "net/https"
require "openssl"
require "uri"
require "pp"
request = Net::HTTP::Get.new("/")
response = Net::HTTP.start(
"localhost",
443,
{
:use_ssl => true,
:key => OpenSSL::PKey::RSA.new(File.read("/home/gg/crt/client.key")),
:cert => OpenSSL::X509::Certificate.new(File.read("/home/gg/crt/client.crt")),
:ca_file => "/home/gg/crt/ca.pem",
:verify_mode => OpenSSL::SSL::VERIFY_PEER,
:verify_depth => 5,
}
) do |http|
http.request(request)
end
puts response.inspect
puts response.body
When I run it it return
/home/gg/.rvm/rubies/ruby-2.2.1/lib/ruby/2.2.0/net/http.rb:923:in `connect': SSL_connect returned=1 errno=0 state=error: certificate verify failed (OpenSSL::SSL::SSLError)
from /home/gg/.rvm/rubies/ruby-2.2.1/lib/ruby/2.2.0/net/http.rb:923:in `block in connect'
from /home/gg/.rvm/rubies/ruby-2.2.1/lib/ruby/2.2.0/timeout.rb:74:in `timeout'
from /home/gg/.rvm/rubies/ruby-2.2.1/lib/ruby/2.2.0/net/http.rb:923:in `connect'
from /home/gg/.rvm/rubies/ruby-2.2.1/lib/ruby/2.2.0/net/http.rb:863:in `do_start'
from /home/gg/.rvm/rubies/ruby-2.2.1/lib/ruby/2.2.0/net/http.rb:852:in `start'
from /home/gg/.rvm/rubies/ruby-2.2.1/lib/ruby/2.2.0/net/http.rb:583:in `start'
from testso.rb:8:in `<main>'
But I have the correct result if I run it with curl:
curl https://localhost --key crt/client.key --cert crt/client.crt --cacert crt/ca.pem
What am i doing wrong?
To possibly help others, here is a working solution with Ruby 2.0, for an HTTP GET.
require "net/http"
uri = URI.parse('https://your_url.com')
http = Net::HTTP.new(uri.host, uri.port)
OpenSSL::SSL::SSLContext::DEFAULT_PARAMS[:ssl_version]=nil
http.use_ssl = true
http.ca_path='/etc/pki/tls/certs/'
http.ca_file='/etc/pki/tls/certs/YOUR_CERT_CHAIN_FILE'
http.cert = OpenSSL::X509::Certificate.new(File.read("YOUR_CERT)_FILE"))
http.key = OpenSSL::PKey::RSA.new(File.read("YOUR_KEY_FILE"))
#SSLv3 is cracked, and often not allowed
http.ssl_version = :TLSv1_2
#### This is IMPORTANT
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
#Crete the GET request
request = Net::HTTP::Get.new(uri.request_uri)
#Add Headers, if needed
request.add_field 'X_REMOTE_USER', 'USER_NAME'
request.add_field 'Accept', '*'
#Get Response
response = http.request(request)
#Review Response
puts response.body
I feel dumb but figured out the problem.
When generating the different certificates I left some fields blank.
It seems that openssl detected this certificate as "looking" autosigned.
Thus if we use OpenSSL::SSL::VERIFY_PEER the connection fails
So to be sure that the certificate is well generated using the CA you can do :
openssl verify -CAfile ca.crt server.crt
(and same command with client.crt)
if we get
error 18 at 0 depth lookup:self signed certificate
OK
The certificate is detected as autosigned and it fails
if we get
Signature ok
It should work
What does the OpenSSL::SSL::SSLErrorWaitReadable "read would block" mean?
I am getting the error OpenSSL::SSL::SSLErrorWaitReadable with the message read would block. I think this is because of timeouts, but I can't find any documentation on the subject.
Can anyone help me figure out what is causing this? Also what I can do to prevent the issue?
The code that is producing this error every now and then:
data = {hello: "world"}
path = "https://example.com/api"
uri = URI.parse(path)
http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = (uri.scheme == "https")
http.verify_mode = OpenSSL::SSL::VERIFY_PEER
request = Net::HTTP::Post.new(uri.request_uri)
request.body = Oj.dump(data)
request["Content-Type"] = "application/json"
begin
response = http.request(request) #this line produces the error.
rescue
return nil
end
I am using ruby version 2.1.5p273 and openssl version 1.0.1i on osx 10.10.3.
Versions are found using the command ruby -v -ropenssl -rfiddle -e 'puts Fiddle::Function.new(Fiddle.dlopen(nil)["SSLeay_version"], [Fiddle::TYPE_INT], Fiddle::TYPE_VOIDP).call(0)'
Thanks to #bayendor
Couldn't reproduce in my local machine. It works. Here is my version, so could you confirm with your system? Or if your machine is Mac and you installed ruby with system openssl and readline, it may cause because it's old. Try to install new openssl and readline and build ruby, then execute the script again.
% brew install openssl readline
% RUBY_CONFIGURE_OPTS="--enable-shared --with-readline-dir=$(brew --prefix readline) --with-openssl-dir=$(brew --prefix openssl)" rbenv install 2.0.0-p598
OS: MaxOSX 10.10.2
ruby: 2.1.2p95 (2014-05-08 revision 45877) [x86_64-darwin12.0]
oj (2.12.9)
% ruby test.rb
OK
% cat test.rb
require 'uri'
require 'net/http'
require 'openssl'
require 'oj'
data = {hello: "world"}
path = "https://example.com/api"
uri = URI.parse(path)
http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = (uri.scheme == "https")
http.verify_mode = OpenSSL::SSL::VERIFY_PEER
request = Net::HTTP::Post.new(uri.request_uri)
request.body = Oj.dump(data)
request["Content-Type"] = "application/json"
begin
response = http.request(request) #this line produces the error.
puts('OK')
rescue
return nil
end
Please note I have reviewed as many of the articles on here about this issue and the sample/example code I am showing is one of a dozen variations I have tried based on my reading. So please don't RTFM or the like.
I am writing a simple ruby script to log in/logout of a web app. Unfortunately it is https, and in my attempts it seems like ssl is a much harder "easy programming" scenario than I thought.
I am running this script on a stock Kali installation. I am justing Ruby 1.9.1. The error I am getting is:
/usr/lib/ruby/1.9.1/net/http.rb:799:in `connect': SSL_connect returned=1 errno=0 state=SSLv3 read finished A: sslv3 alert handshake failure (OpenSSL::SSL::SSLError)
from /usr/lib/ruby/1.9.1/net/http.rb:799:in `block in connect'
from /usr/lib/ruby/1.9.1/timeout.rb:54:in `timeout'
from /usr/lib/ruby/1.9.1/timeout.rb:99:in `timeout'
from /usr/lib/ruby/1.9.1/net/http.rb:799:in `connect'
from /usr/lib/ruby/1.9.1/net/http.rb:755:in `do_start'
from /usr/lib/ruby/1.9.1/net/http.rb:744:in `start'
from ./capture_ids.rb:27:in `block in <main>'
from ./capture_ids.rb:18:in `each'
from ./capture_ids.rb:18:in `<main>'
Here is my ruby script:
#!/usr/bin/env ruby
require 'net/http'
require 'net/https'
require 'openssl'
puts OpenSSL::OPENSSL_VERSION
puts "SSL_CERT_FILE: %s" % OpenSSL::X509::DEFAULT_CERT_FILE
puts "SSL_CERT_DIR: %s" % OpenSSL::X509::DEFAULT_CERT_DIR
login_str = "https://192.168.0.251/~login_handler?UserName=foo&Password=bar"
logout_str = "https://192.168.0.251/~logout_handler?session_id="
seqids = Array.new
puts "Starting capture..."
puts "Staring loop..."
for num in 0..2 do
puts "doing iteration #{num}"
uri = URI.parse(login_str)
https = Net::HTTP.new(uri.host, uri.port)
https.use_ssl = true
# https.cert_store = OpenSSL::X509::Store.new
# https.cert_store.set_default_paths
https.verify_mode = OpenSSL::SSL::VERIFY_NONE
req = Net::HTTP::Post.new(uri.path)
https.start {
res = https.request(req)
}
# puts "*********** Here is the response ***************"
# puts res
# puts "*********** End of response ********************"
start_pt = res.index("name=")
end_pt = res.index(" src=")
seq_id = res.slice(start_pt, end_pt)
puts "Sequence id is " + seq_id
seqids << seq_id
uri = URI.parse(logout_str)
https = Net::HTTP::new(uri.host, uri.port)
https.use_ssl = true
# https.cert_store = OpenSSL::X509::Store.new
# https.cert_store.set_default_paths
https.verify_mode = OpenSSL::SSL::VERIFY_NONE
req = Net::HTTP::Get.new(uri.path)
https.start {
https.request(req)
}
end
My SSL dir/certs are:
SSL_CERT_FILE: /usr/lib/ssl/cert.pem
SSL_CERT_DIR: /usr/lib/ssl/certs
And yes I have confirmed things are there. I also have tried to download new cert files and ca files and use them and put them in there.
What magic ju ju beads do I have to shake?
Trying to connect to Imgur API via SSL gives me an error. Here's the code and the error:
API_URI = URI.parse('https://api.imgur.com')
API_PUBLIC_KEY = 'Client-ID --'
ENDPOINTS = {
:image => '/3/image',
:gallery => '/3/gallery'
}
# Public: Upload an image
#
# args - The image path for the image to upload
#
def upload(image_path)
http = Net::HTTP.new(API_URI.host)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
params = {'image' => File.open(image_path)}
request = Net::HTTP::Post.new(API_URI.request_uri)
request.set_form_data(params)
request.add_field('Authorization', API_PUBLIC_KEY)
response = http.request(request)
puts response.body
end
And the error:
`connect': SSL_connect returned=1 errno=0 state=SSLv2/v3 read server hello A: unknown protocol (OpenSSL::SSL::SSLError)
I know VERIFY_NODE is not good practice but I just want to test the connection for now.
Ruby version: 1.9.2
Specifying the port when creating the HTTP client fixed this problem.
http = Net::HTTP.new(API_URI.host, API_URI.port)
or
http = Net::HTTP.new(API_URI.host, 443)
For me it was because I had started the server as a http (tcp://) servers instead of https (ssl://).
i.e.
bundle exec puma config.ru -b 'tcp://0.0.0.0:3456?key=/path/to/key.key&cert=/path/to/cert.crt'
instead of:
bundle exec puma config.ru -b 'ssl://0.0.0.0:3456?key=/path/to/key.key&cert=/path/to/cert.crt'