OpenSSL and OS X 10.3: certificate verify failed

[lloeki]

Some certificate validations fail with ruby, but it seems to be more far reaching. This affects both homebrew's ruby (bottled) and custom-built ruby, and possibly anything using homebrew's OpenSSL.

There seems to be a problem either with the certificate dump process or the keychain certificate store has some issues to begin with. Diagnosing the issue is quite muddled due to various moving parts and order things were done (installing openssl/building ruby/generating cert.pem/upgrading to 10.10.3).

Hard to tell if homebrew is or is not – partially or totally – in cause or can take mitigation steps, but please see investigations late in the aforementioned issue.

[lloeki]

I confirmed that as soon as an install or upgrade of openssl is done post 10.3 via homebrew, cert.pem will be (re)generated and things blow up from there.

[lloeki]

Possible ties with #38226.

[lloeki]

Steps to reproduce:

# upgrade to OS X 10.3, then
brew remove openssl
brew install openssl ruby
/usr/local/bin/ruby -e 'require "net/http"; require "uri"; Net::HTTP.get(URI("https://google.com"))'

[MikeMcQuaid]

Duplicate of #38491.

[lloeki]

Well, sorry for the noise. Missed it in a search, plus it's already cross-referenced, how could I miss that 😭.

[MikeMcQuaid]

No worries!