SOAP - issue with openssl verification failure

Discussion in 'Ruby' started by Venkat Alla, May 1, 2009.

  1. Venkat Alla

    Venkat Alla Guest

    I have the following code in a script that I am trying to use at work -

    #!/usr/local/bin/ruby

    require 'rubygems'
    require 'soap/wsdlDriver'

    wsdl = 'myURL'
    driver = SOAP::WSDLDriverFactory.new(wsdl).create_rpc_driver

    I have a working perl snippet given, which uses SOAP::Lite. I want to
    use ruby to code my script, but unable to go past the above lines.

    Here is the error I am receiving -


    at depth 0 - 20: unable to get local issuer certificate
    OpenSSL::SSL::SSLError: certificate verify failed

    I am stuck for hours trying to figure a way out. Please help.

    Thanks in advance.
     
    Venkat Alla, May 1, 2009
    #1
    1. Advertisements

  2. [Note: parts of this message were removed to make it a legal post.]

    This isn't a ruby problem looks like your connecting to a server using ssl
    which has self signed certificate. Hence it can't be verifid. If you get
    hold of the cert you can add it to your trusted certs list. But brware this
    means your trusting the certificate implicitly.

    Fine for testing though.


    I have the following code in a script that I am trying to use at work -

    #!/usr/local/bin/ruby

    require 'rubygems'
    require 'soap/wsdlDriver'

    wsdl = 'myURL'
    driver = SOAP::WSDLDriverFactory.new(wsdl).create_rpc_driver

    I have a working perl snippet given, which uses SOAP::Lite. I want to
    use ruby to code my script, but unable to go past the above lines.

    Here is the error I am receiving -


    at depth 0 - 20: unable to get local issuer certificate
    OpenSSL::SSL::SSLError: certificate verify failed

    I am stuck for hours trying to figure a way out. Please help.

    Thanks in advance.
     
    Steven Williamson, May 1, 2009
    #2
    1. Advertisements

  3. I am having the same problem. Is adding the cert to your trusted certs
    list a Ruby thing or a system related task? It seems that it's not
    possible to specify options to SOAP::WSDLDriverFactory.new, such as an
    SSL cert :).

    Joseph Gutierrez
    Web Developer - Inc21
     
    Joe Gutierrez, May 2, 2009
    #3
  4. How do you add a cert to your list of trusted certs? Is it possible to
    specify a cert a some point when creating a new SOAP::WSDLDriverFactory?

    Joseph Gutierrez
    Web Developer - Inc21




     
    Joe Gutierrez, May 2, 2009
    #4
  5. Venkat Alla

    Venkat Alla Guest

    I am using ruby 1.8.6 on Mac OS X box. Forgot to mention that in my
    first post. Please let me know if you have any thoughts on this. I am
    still stuck on this :(
     
    Venkat Alla, May 2, 2009
    #5
  6. [Note: parts of this message were removed to make it a legal post.]

    Hi guys,

    To add the certs to your trusted list using openssl at least you can google
    for the procedure. Basicaly you add the cert to /etc/openssl/certs and
    create a symlink to it. The symlinks name should be the fingerprint of the
    certificate. Openssl will then trust the cert.

    As for macosx I have no idea I don't run it :)

    You could also search the ruby api docs there should be an option to disable
    the verification of certificates. Though this may not be an option.

    Cheers

    Steve.


    I am using ruby 1.8.6 on Mac OS X box. Forgot to mention that in my
    first post. Please let me know if you have any thoughts on this. I am
    still stuck on this :(

    -- Posted via http://www.ruby-forum.com/.
     
    Steven Williamson, May 2, 2009
    #6
  7. Venkat Alla

    Venkat Alla Guest

    This is for my tool at the place of work and there is no harm in
    trusting this cert as it belongs to one of our internal groups. I have
    saved the certificate using firefox. But not sure how to make the
    openssl to trust it. Any clues will be greatly appreciated.

    Thanks
    Venkat
     
    Venkat Alla, May 2, 2009
    #7
  8. Steven Williamson, May 2, 2009
    #8
  9. Venkat Alla

    Venkat Alla Guest

    Thanks Steve for the link. I thought I did pretty much everything
    mentioned in that page but still getting this error -

    "error 20 at 0 depth lookup:unable to get local issuer certificate"
     
    Venkat Alla, May 2, 2009
    #9
  10. Venkat Alla

    Yesh Sriram Guest

    If you want to ignore SSL verification simply set the following property
    on the driver object

    obj.options["protocol.http.ssl_config.verify_mode"] =
    OpenSSL::SSL::VERIFY_NONE

    I got the answer from soap4r discussion in google groups.
    http://groups.google.com/group/soap4r

    - Yesh
     
    Yesh Sriram, May 3, 2009
    #10
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.