SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
|
10:06 PM |
No comments |
SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
I am using Authlogic-Connect for third party logins. After running appropriate migrations, Twitter/Google/yahoo logins seem to work fine but the facebook login throws exception:
SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed The dev log shows
OpenSSL::SSL::SSLError (SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed): app/controllers/users_controller.rb:37:in `update' Please suggest..
Answer by martoche for SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
Ruby can't find any root certificates to trust.
Take a look at this blog post for a solution: "Ruby 1.9 and the SSL error".
The solution is to install the
curl-ca-bundleport which contains the same root certificates used by Firefox:sudo port install curl-ca-bundleand tell your
httpsobject to use it:https.ca_file = '/opt/local/share/curl/curl-ca-bundle.crt'Note that if you want your code to run on Ubuntu, you need to set the
ca_pathattribute instead, with the default certificates location/etc/ssl/certs.
Answer by martoche for SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
Then, as this blog post suggests,
"How to Cure Net::HTTP?s Risky Default HTTPS Behavior"
you might want to install the always_verify_ssl_certificates gem that allow you to set a default value for ca_file.
Answer by Erik G. for SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
I ran into a similar problem when trying to use the JQuery generator for Rails 3
I solved it like this:
Get the CURL Certificate Authority (CA) bundle. You can do this with:
sudo port install curl-ca-bundle[if you are using MacPorts]- or just pull it down directly
wget http://curl.haxx.se/ca/cacert.pem
Execute the ruby code that is trying to verify the SSL certification:
SSL_CERT_FILE=/opt/local/etc/certs/cacert.pem rails generate jquery:install. In your case, you want to either set this as an environment variable somewhere the server picks it up or add something likeENV['SSL_CERT_FILE'] = /path/to/your/new/cacert.pemin your environment.rb file.
You can also just install the CA files (I haven't tried this) to the OS -- there are lengthy instructions here -- this should work in a similar fashion, but I have not tried this personally.
Basically, the issue you are hitting is that some web service is responding with a certificate signed against a CA that OpenSSL cannot verify.
Answer by Scott for SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
Here's another option for debugging purposes.
Be sure never to use this in any production environment, as it will negate benefits of using SSL in the first place. It is only ever valid to do this in your local development environment.
require 'openssl' OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE Answer by Musicalmindz for SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
Here's what I did that helped if you are specifically having a problem on Leopard.
My cert was old and needed to be updated. I downloaded this:
http://curl.haxx.se/ca/cacert.pem
Then replaced my cert which was found here on Leopard:
/usr/share/curl/curl-ca-bundle.crt Reload whatever you have that's accessing it and you should be good to go!
Answer by ryanjones for SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
Here's how you can fix it on Windows: https://gist.github.com/867550 (created by Fletcher Nichol)
Answer by Mike for SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
On Mac OS X Lion with the latest macport:
sudo port install curl-ca-bundle export SSL_CERT_FILE=/opt/local/share/curl/curl-ca-bundle.crt Then, rerun the failed job.
Note, the cert file location seems to have changed since Eric G answered on May 12.
Answer by Hortitude for SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
Just because instructions were a slight bit different for what worked for me, I thought I add my 2 cents:
I'm on OS X Lion and using macports and rvm
I installed curl-ca-bundle:
sudo port install curl-ca-bundle Then I adjusted my omniauth config to be this:
Rails.application.config.middleware.use OmniAuth::Builder do provider :google_oauth2, APP_CONFIG['CONSUMER_KEY'], APP_CONFIG['CONSUMER_SECRET'], :scope => 'https://www.google.com/m8/feeds https://www.googleapis.com/auth/userinfo.profile', :ssl => {:ca_path => "/share/curl/curl-ca-bundle.crt"} end Answer by ramasamy for SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
Well this worked for me
rvm pkg install openssl rvm reinstall 1.9.2 --with-openssl-dir=$rvm_path/usr Something is wrong with openssl implementation of my ubuntu 12.04
Answer by Stewart for SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
The issue is that ruby can not find a root certificate to trust. As of 1.9 ruby checks this. You will need to make sure that you have the curl certificate on your system in the form of a pem file. You will also need to make sure that the certificate is in the location that ruby expects it to be. You can get this certificate at...
http://curl.haxx.se/ca/cacert.pem If your a RVM and OSX user then your certificate file location will vary based on what version of ruby your using. Setting the path explicitly with :ca_path is a BAD idea as your code will not be portable when it gets to production. There for you want to provide ruby with a certificate in the default location(and assume your dev ops guys know what they are doing). You can use dtruss to work out where the system is looking for the certificate file.
In my case the system was looking for the cert file in
/Users/stewart.matheson/.rvm/usr/ssl/cert.pem however MACOSX system would expect a certificate in
/System/Library/OpenSSL/cert.pem I copied the downloaded cert to this path and it worked. HTH
Answer by Kevin for SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
The new certified gem is designed to fix this:
https://github.com/stevegraham/certified
Answer by Rahul for SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
This worked for me. If you using rvm and brew:
rvm remove 1.9.3 brew install openssl rvm install 1.9.3 --with-openssl-dir=`brew --prefix openssl` Answer by ??? for SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
OSX solution:
install latest rvm stable version
rvm get stable use rvm command to solve the certificates automatically
rvm osx-ssl-certs update all Answer by htanata for SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
If you're using RVM on OS X, you probably need to run this:
rvm osx-ssl-certs update all More information here: http://rvm.io/support/fixing-broken-ssl-certificates
And here is the full explanation: https://github.com/wayneeseguin/rvm/blob/master/help/osx-ssl-certs.md
Update
On Ruby 2.2, you may have to reinstall Ruby from source to fix this. Here's how (replace 2.2.3 with your Ruby version):
rvm reinstall 2.2.3 --disable-binary Credit to http://stackoverflow.com/a/32363597/4353 and Ian Connor.
Answer by Pratik Bothra for SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
The most straightforward answer which worked for me was this
sudo apt-get install openssl ca-certificates And voila!!!
Answer by Synthesis for SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
OS X 10.8.x with Homebrew:
brew install curl-ca-bundle brew list curl-ca-bundle cp /usr/local/Cellar/curl-ca-bundle/1.87/share/ca-bundle.crt /usr/local/etc/openssl/cert.pem Answer by PackedUp for SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
I had trouble for a number of days and was hacking around. This link proved out to be extremely helpful for me. It helped me to do a successful upgrade of the SSL on MAC OS X 9.
Answer by Quv for SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
While knowing it's rather a lame solution, I'm still sharing this because it seems like very few people answering here use Windows, and I think some of Windows users (me included) would appreciate a simple and intuitive approach.
require 'openssl' puts OpenSSL::X509::DEFAULT_CERT_FILE That tells where your openssl is looking for the cert file. My name is not Luis, but mine was C:/Users/Luis/Code/luislavena/knap-build/var/knapsack/software/x86-windows/openssl/1.0.0l/ssl/cert.pem. The path may be different depending on each own environments (e.g. openknapsack instead of luislavena).
The path didn't change even after set SSL_CERT_FILE=C:\foo\bar\baz\cert.pem via the console, so... I created the directory C:\Users\Luis\Code\luislavena\knap-build\var\knapsack\software\x86-windows\openssl\1.0.0l\ssl in my local disk and put a cert file into it.
Lame as it is, this will surely work.
Answer by abcd_win for SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
This can be the issue of the broken/invalid SSL certificates. On mac you can use this command to update the SSL certificates:
rvm osx-ssl-certs update all Answer by Jonathan Leaders for SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
A one liner fixes it for Windows in an Admin prompt
choco install wget (first see chocolatey.org)
wget http://curl.haxx.se/ca/cacert.pem -O C:\cacert.pem && setx /M SSL_CERT_FILE "C:\cacert.pem" Or just do this:
gem sources -r https://rubygems.org/ gem sources -a http://rubygems.org/ 
0 comments:
Post a Comment