OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=error: certificate verify failed - McMap

About

OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=error: certificate verify failed

Asked 12/11, 2015 at 10:43 Answered 12/11, 2015 at 10:57

ruby-on-rails ssl faraday

S

1

22

I have Rails API server hosted on Heroku, which makes an asynchronous POST request to a callback url specified in an initial API request by the client.

I have a problem when I try to POST to one of my clients' webapp over SSL.

connection = Faraday::Connection.new('https://subdomain.some_client.com', ssl: { ca_file: '/usr/lib/ssl/certs/ca-certificates.crt' })
connection.get '/test'

The following throws an error:

Faraday::Error::ConnectionFailed: SSL_connect returned=1 errno=0 state=error: certificate verify failed

However, if I post to another server over HTTPS, for example google, it works fine

connection = Faraday::Connection.new('https://www.google.com', ssl: { ca_file: '/usr/lib/ssl/certs/ca-certificates.crt' })
connection.get '/'

Does this mean the fault is on the client's SSL configuration? and if so, how can I assist them in debugging the problem?

UPDATE:

I can cURL POST to the client's webapp without problems, it's only when I do it through ruby's HTTP libraries it fails

Much appreciated Thanks

Spreader answered 12/11, 2015 at 10:43 Comment(0)

D

19

My guess is that there is a problem with the SSL cert for your client's web app. Perhaps there is a certificate that is out of date or invalid. You could try this answer.

If you need to get around this (but probably not a good permanent solution, because of the potential security hole) you should be able to turn off the certificate verification by putting this before Bundler.require in your application.rb:

require 'openssl'
OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE

Delciedelcina answered 12/11, 2015 at 10:57 Comment(7)

I tried that and it works, but it is obviously not suitable for a production environment – Spreader 12/11, 2015 at 10:59

This test shows you are missing an intermediate or root cert in your ca-certificates.crt file. Are you still needing an answer? – Fallacious 19/5, 2016 at 16:29

If the cert is out of date or invalid, curl would have reported similar error. – Omaomaha 15/11, 2019 at 13:1

Variant if you get the "already initialized constant" warning: use OpenSSL::SSL.send(:remove_const, :VERIFY_PEER) before (example code). – Gunnysack 30/3, 2020 at 20:19

@RodrigoM did you mean to ask the Tarlen? Since he wasn't tagged he may not have sen your comment – Phosgene 31/5, 2020 at 18:28

If you're using the Net::HTTP library, you have to do this instead: http.verify_mode = OpenSSL::SSL::VERIFY_NONE reference – Aaberg 22/3, 2021 at 23:51

You can put OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE in your config/environments/development.rb instead of in config/application.rb. That keeps it out of your production environment. – Accommodation 22/6, 2021 at 18:10

Recommended topics

#Godot #Unity #Godot 4.X #Mongodb

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

© 2022 - 2025 — McMap. All rights reserved.