HttpClienbt SSL Errors - OS Specific (RHEL 4 versus CentOS 5.4)

Discussion in 'Ruby' started by Mike Papper, Mar 29, 2011.

  1. Mike Papper

    Mike Papper Guest

    Hi, Im looking for help using HttpClient with Ruby on Rails. Heres our
    environment:

    Red Hat Enterprise Linux ES release 4 (Nahant Update 4) OR Cent OS 5.4
    openssl version: OpenSSL 0.9.8e 23 Feb 2007 or OpenSSL 0.9.8e-fips-rhel5
    01 Jul 2008 or OpenSSL 0.9.7a Feb 19 2003
    ruby: 1.8.6 or 1.8.7
    httpclient ruby gem: httpclient 2.1.5.2

    On the RHEL4 based machines (with openssl of 0.9.7 OR 0.9.8) I get one
    of these 2 errors 9whereas the same code on CentOS works):

    1) cacerts loading failed
    at depth 1 - 20: unable to get local issuer certificate
    OpenSSL::SSL::SSLError: certificate verify failed
    from
    /usr/local/lib/ruby/gems/1.8/gems/httpclient-2.1.5.2/lib/httpclient/session.rb:247:in
    `connect'

    OR

    2) cacerts loading failed
    OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3 read
    server certificate B: certificate verify failed
    from
    /usr/local/lib/ruby/gems/1.8/gems/httpclient-2.1.5.2/lib/httpclient/session.rb:247:in
    `connect'

    I thought that upgrading SSL would fix the RHEL4 servers but thats not
    the case.


    Anyone have an idea of what other packages or libraries I need to
    upgrade on RHEL4 to make these errors go away?

    Any input is appreciated, thanks,

    Mike

    --
    Posted via http://www.ruby-forum.com/.
     
    Mike Papper, Mar 29, 2011
    #1
    1. Advertising

  2. Mike Papper wrote in post #989708:
    > On the RHEL4 based machines (with openssl of 0.9.7 OR 0.9.8) I get one
    > of these 2 errors 9whereas the same code on CentOS works):
    >
    > 1) cacerts loading failed
    > at depth 1 - 20: unable to get local issuer certificate


    This means it can't find a root certificate with which to verify the
    site certificate.

    To start with, forget about ruby. Make it verify using the openssl
    command line tool:

    openssl s_client -connect my.server.name:443 # should not verify

    openssl s_client -connect my.server.name:443 -CApath /path/to/certs

    where /path/to/certs is whatever directory contains your collection of
    root certificates; I don't know what it is for RHEL4, but googling
    suggests this:

    http://www.linux-archive.org/centos/63476-ca-files-ssl-where.html

    When you get "verify return code 0" then you know everything is working.

    Then you just need to pass the correct option to ruby so it can find the
    CA directory. For example, with Net::HTTP it would be
    :ca_path=>"/path/to/certs"

    --
    Posted via http://www.ruby-forum.com/.
     
    Brian Candler, Mar 29, 2011
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Mark Goldin

    Errors, errors, errors

    Mark Goldin, Jan 17, 2004, in forum: ASP .Net
    Replies:
    2
    Views:
    1,027
    Mark Goldin
    Jan 17, 2004
  2. S P Arif Sahari Wibowo

    Running Eclipse from RHAPS2 on RHEL-4

    S P Arif Sahari Wibowo, Nov 24, 2005, in forum: Java
    Replies:
    8
    Views:
    588
    S P Arif Sahari Wibowo
    Nov 28, 2005
  3. benchline

    Jpype on RHEL v3

    benchline, Apr 7, 2006, in forum: Python
    Replies:
    1
    Views:
    1,934
    benchline
    Apr 7, 2006
  4. Paul Butcher
    Replies:
    12
    Views:
    776
    Gary Wright
    Nov 28, 2007
  5. Xeno Campanoli
    Replies:
    7
    Views:
    259
    Xeno Campanoli
    Dec 29, 2009
Loading...

Share This Page