HttpClienbt SSL Errors - OS Specific (RHEL 4 versus CentOS 5.4)

M

Mike Papper

Hi, Im looking for help using HttpClient with Ruby on Rails. Heres our
environment:

Red Hat Enterprise Linux ES release 4 (Nahant Update 4) OR Cent OS 5.4
openssl version: OpenSSL 0.9.8e 23 Feb 2007 or OpenSSL 0.9.8e-fips-rhel5
01 Jul 2008 or OpenSSL 0.9.7a Feb 19 2003
ruby: 1.8.6 or 1.8.7
httpclient ruby gem: httpclient 2.1.5.2

On the RHEL4 based machines (with openssl of 0.9.7 OR 0.9.8) I get one
of these 2 errors 9whereas the same code on CentOS works):

1) cacerts loading failed
at depth 1 - 20: unable to get local issuer certificate
OpenSSL::SSL::SSLError: certificate verify failed
from
/usr/local/lib/ruby/gems/1.8/gems/httpclient-2.1.5.2/lib/httpclient/session.rb:247:in
`connect'

OR

2) cacerts loading failed
OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3 read
server certificate B: certificate verify failed
from
/usr/local/lib/ruby/gems/1.8/gems/httpclient-2.1.5.2/lib/httpclient/session.rb:247:in
`connect'

I thought that upgrading SSL would fix the RHEL4 servers but thats not
the case.


Anyone have an idea of what other packages or libraries I need to
upgrade on RHEL4 to make these errors go away?

Any input is appreciated, thanks,

Mike
 
B

Brian Candler

Mike Papper wrote in post #989708:
On the RHEL4 based machines (with openssl of 0.9.7 OR 0.9.8) I get one
of these 2 errors 9whereas the same code on CentOS works):

1) cacerts loading failed
at depth 1 - 20: unable to get local issuer certificate
Click to expand...

This means it can't find a root certificate with which to verify the
site certificate.

To start with, forget about ruby. Make it verify using the openssl
command line tool:

openssl s_client -connect my.server.name:443 # should not verify

openssl s_client -connect my.server.name:443 -CApath /path/to/certs

where /path/to/certs is whatever directory contains your collection of
root certificates; I don't know what it is for RHEL4, but googling
suggests this:

http://www.linux-archive.org/centos/63476-ca-files-ssl-where.html

When you get "verify return code 0" then you know everything is working.

Then you just need to pass the correct option to ruby so it can find the
CA directory. For example, with Net::HTTP it would be
:ca_path=>"/path/to/certs"
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

HTTPClient Suddenly Fails - Cannot Verify Certificate File 3
HTTPClient problem with SSL and ruby 1.8.7 3
ssl httpclient savon httpi 6
HTTPClient::ReceiveTimeoutError: execution expired 0
wsdl2ruby.rb and "certificate verify failed" 0
SSL communication with Mechanize 2
Compiling Python 3.3.2 on CentOS 6.4 - unable to find compiled OpenSSL? 1
Building 1.8.6-p36 with Sun Studio 12 compiler 1

Members online

No members online now.
Total: 35 (members: 0, guests: 35)
Robots: 207

Forum statistics

Threads
473,766
Messages
2,569,569
Members
45,043
Latest member
CannalabsCBDReview

Latest Threads

Top