StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

POWhy is Ruby unable to verify an SSL certificate?
primarykey
Id
9199660
data
AcceptedAnswerId
9238221
AnswerCount
2
ClosedDate
CommentCount
0
CommunityOwnedDate
CreationDate
2012-02-08T18:56:06.237
FavoriteCount
29
LastActivityDate
2015-11-07T12:26:51.517
LastEditDate
2014-02-23T07:54:47.840
LastEditorUserId
321731
OwnerUserId
95114
ParentId
0
PostTypeId
1
Score
52
ViewCount
26309
LastEditorDisplayName
text
Body
This is my first time trying to use the XMLRPC::Client library to interact with a remote API and I keep receiving this error: <pre><code>warning: peer certificate won't be verified in this SSL session </code></pre> Searching around I've found loads of people that have gotten that error. Usually it's with self-signed certificates and they just want it to go away, so they do something dirty like monkey patch the way XMLRPC::Client is opening it's http session. I first assumed this was simply the client not caring whether the certificate was valid or not, so I continued my search and came across <a href="https://github.com/jamesgolick/always_verify_ssl_certificates" rel="noreferrer">this gem</a>. It simply forces verification of all SSL certificates and throws a hard error if it's not able too. This was exactly what I wanted. I included it, ran the code again and now I'm getting this: <pre><code>OpenSSL:SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed </code></pre> Of course! The certificate is bad! But I double check just to make sure with openssl's builtin s_client like so: <pre><code>openssl s_client -connect sub.example.com:443 </code></pre> and what do I get: <pre><code>CONNECTED(00000003) --- Certificate chain <snip> Verify return code: 0 (ok) </code></pre> So now we get to my question. OpenSSL (the command line version) says the certificate is good. OpenSSL (the Ruby library) disagrees. All of my web browsers say the certificate is good. A few additional details that might be of use. The certificate is a wildcard but is valid for the domain. The openssl s_client was run on the same machine seconds apart from the Ruby code. This is Ruby 1.8.7 p357 which is installed with RVM. Does Ruby use something other than the CA bundle provided by the host OS? Is there a way to tell Ruby to use a specific CA bundle or the system one?
Tags
<ruby><api><openssl><certificate>
Title
Why is Ruby unable to verify an SSL certificate?
singulars
PostAcceptedAnswerId
1. PO
 singulars
 PostTypePostTypeId
 PTAnswer
PostParentId
1. This table or related slice is empty.
PostTypePostTypeId
1. PTQuestion
UserLastEditorUserId
1. USTshepang
UserOwnerUserId
1. USSam Stelfox
plurals
PostLinksPostIdRelatedPostId
1. PL
 singulars
 LinkTypeLinkTypeId
 LTLinked
PostLinksRelatedPostIdPostId
1. PL
 singulars
 LinkTypeLinkTypeId
 LTLinked
2. PL
 singulars
 LinkTypeLinkTypeId
 LTLinked
PostsAcceptedAnswerId
1. This table or related slice is empty.
PostsParentIdCreationDate
1. PO
 singulars
 PostTypePostTypeId
 PTAnswer
VotesPostIdCreationDate
1. VO
 singulars
 PostPostId
 POWhy is Ruby unable to verify an SSL certificate?
 UserUserId
 USSam Stelfox
 VoteTypeVoteTypeId
 VTBountyStart
2. VO
 singulars
 PostPostId
 POWhy is Ruby unable to verify an SSL certificate?
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
3. VO
 singulars
 PostPostId
 POWhy is Ruby unable to verify an SSL certificate?
 UserUserId
 USlkahtz
 VoteTypeVoteTypeId
 VTFavorite
CommentsPostId
1. This table or related slice is empty.

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.