Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Option to use aws-sdk's bundled cert CA on Windows #95

Open
cormacrelf opened this issue Dec 13, 2016 · 0 comments
Open

Option to use aws-sdk's bundled cert CA on Windows #95

cormacrelf opened this issue Dec 13, 2016 · 0 comments

Comments

@cormacrelf
Copy link

Ruby doesn't include a cert CA, for which the recommended solution is to apply Aws.use_bundled_cert! after requiring 'aws-sdk-core'. Obviously this is not desirable on platforms whose OpenSSL does the CA job for you, but could easily be a pass-through option in the .yml to avoid having to configure environment variables.

More info: amazon-archives/aws-sdk-core-ruby#166, includes the env variables solution which I guess I'll use for the time being.

Here's what you get by default on Windows 10, using Ruby 2.3.1 installed with >choco install ruby, and then rubygems updated (to 2.6.7) to use its own SSL CA using the method described at http://guides.rubygems.org/ssl-certificate-update/#installing-using-update-packages. (Could just use 2.3.3 which isn't in chocolatey yet, but it's nicer to automate installation.)

Found configuration at config\eb_deployer.yml.
C:/tools/ruby23/lib/ruby/2.3.0/net/http.rb:933:in `connect_nonblock': SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (Seahorse::Client::NetworkingError)
        from C:/tools/ruby23/lib/ruby/2.3.0/net/http.rb:933:in `connect'
        from C:/tools/ruby23/lib/ruby/2.3.0/net/http.rb:863:in `do_start'
        from C:/tools/ruby23/lib/ruby/2.3.0/net/http.rb:858:in `start'
        from C:/tools/ruby23/lib/ruby/2.3.0/delegate.rb:83:in `method_missing'
        from C:/tools/ruby23/lib/ruby/gems/2.3.0/gems/aws-sdk-core-2.6.35/lib/seahorse/client/net_http/connection_pool.rb:285:in `start_session'
        from C:/tools/ruby23/lib/ruby/gems/2.3.0/gems/aws-sdk-core-2.6.35/lib/seahorse/client/net_http/connection_pool.rb:92:in `session_for'
        from C:/tools/ruby23/lib/ruby/gems/2.3.0/gems/aws-sdk-core-2.6.35/lib/seahorse/client/net_http/handler.rb:116:in `session'
        from C:/tools/ruby23/lib/ruby/gems/2.3.0/gems/aws-sdk-core-2.6.35/lib/seahorse/client/net_http/handler.rb:68:in `transmit'
        from C:/tools/ruby23/lib/ruby/gems/2.3.0/gems/aws-sdk-core-2.6.35/lib/seahorse/client/net_http/handler.rb:42:in `call'
        from C:/tools/ruby23/lib/ruby/gems/2.3.0/gems/aws-sdk-core-2.6.35/lib/seahorse/client/plugins/content_length.rb:12:in `call'
        from C:/tools/ruby23/lib/ruby/gems/2.3.0/gems/aws-sdk-core-2.6.35/lib/aws-sdk-core/xml/error_handler.rb:8:in `call'
        from C:/tools/ruby23/lib/ruby/gems/2.3.0/gems/aws-sdk-core-2.6.35/lib/aws-sdk-core/plugins/request_signer.rb:88:in `call'
        from C:/tools/ruby23/lib/ruby/gems/2.3.0/gems/aws-sdk-core-2.6.35/lib/aws-sdk-core/plugins/helpful_socket_errors.rb:10:in `call'
        from C:/tools/ruby23/lib/ruby/gems/2.3.0/gems/aws-sdk-core-2.6.35/lib/aws-sdk-core/plugins/retry_errors.rb:87:in `call'
        from C:/tools/ruby23/lib/ruby/gems/2.3.0/gems/aws-sdk-core-2.6.35/lib/aws-sdk-core/plugins/retry_errors.rb:118:in `retry_request'
        from C:/tools/ruby23/lib/ruby/gems/2.3.0/gems/aws-sdk-core-2.6.35/lib/aws-sdk-core/plugins/retry_errors.rb:101:in `retry_if_possible'
        from C:/tools/ruby23/lib/ruby/gems/2.3.0/gems/aws-sdk-core-2.6.35/lib/aws-sdk-core/plugins/retry_errors.rb:89:in `call'
        from C:/tools/ruby23/lib/ruby/gems/2.3.0/gems/aws-sdk-core-2.6.35/lib/aws-sdk-core/plugins/retry_errors.rb:118:in `retry_request'
        from C:/tools/ruby23/lib/ruby/gems/2.3.0/gems/aws-sdk-core-2.6.35/lib/aws-sdk-core/plugins/retry_errors.rb:101:in `retry_if_possible'
        from C:/tools/ruby23/lib/ruby/gems/2.3.0/gems/aws-sdk-core-2.6.35/lib/aws-sdk-core/plugins/retry_errors.rb:89:in `call'
        from C:/tools/ruby23/lib/ruby/gems/2.3.0/gems/aws-sdk-core-2.6.35/lib/aws-sdk-core/plugins/retry_errors.rb:118:in `retry_request'
        from C:/tools/ruby23/lib/ruby/gems/2.3.0/gems/aws-sdk-core-2.6.35/lib/aws-sdk-core/plugins/retry_errors.rb:101:in `retry_if_possible'
        from C:/tools/ruby23/lib/ruby/gems/2.3.0/gems/aws-sdk-core-2.6.35/lib/aws-sdk-core/plugins/retry_errors.rb:89:in `call'
        from C:/tools/ruby23/lib/ruby/gems/2.3.0/gems/aws-sdk-core-2.6.35/lib/aws-sdk-core/query/handler.rb:27:in `call'
        from C:/tools/ruby23/lib/ruby/gems/2.3.0/gems/aws-sdk-core-2.6.35/lib/aws-sdk-core/plugins/user_agent.rb:12:in `call'
        from C:/tools/ruby23/lib/ruby/gems/2.3.0/gems/aws-sdk-core-2.6.35/lib/seahorse/client/plugins/endpoint.rb:41:in `call'
        from C:/tools/ruby23/lib/ruby/gems/2.3.0/gems/aws-sdk-core-2.6.35/lib/aws-sdk-core/plugins/param_validator.rb:21:in `call'
        from C:/tools/ruby23/lib/ruby/gems/2.3.0/gems/aws-sdk-core-2.6.35/lib/seahorse/client/plugins/raise_response_errors.rb:14:in `call'
        from C:/tools/ruby23/lib/ruby/gems/2.3.0/gems/aws-sdk-core-2.6.35/lib/aws-sdk-core/plugins/idempotency_token.rb:18:in `call'
        from C:/tools/ruby23/lib/ruby/gems/2.3.0/gems/aws-sdk-core-2.6.35/lib/aws-sdk-core/plugins/param_converter.rb:20:in `call'
        from C:/tools/ruby23/lib/ruby/gems/2.3.0/gems/aws-sdk-core-2.6.35/lib/aws-sdk-core/plugins/response_paging.rb:26:in `call'
        from C:/tools/ruby23/lib/ruby/gems/2.3.0/gems/aws-sdk-core-2.6.35/lib/seahorse/client/plugins/response_target.rb:21:in `call'
        from C:/tools/ruby23/lib/ruby/gems/2.3.0/gems/aws-sdk-core-2.6.35/lib/seahorse/client/request.rb:70:in `send_request'
        from C:/tools/ruby23/lib/ruby/gems/2.3.0/gems/aws-sdk-core-2.6.35/lib/seahorse/client/base.rb:207:in `block (2 levels) in define_operation_methods'
        from C:/tools/ruby23/lib/ruby/gems/2.3.0/gems/eb_deployer-0.6.6/lib/eb_deployer/aws_driver/beanstalk.rb:20:in `application_exists?'
        from C:/tools/ruby23/lib/ruby/gems/2.3.0/gems/eb_deployer-0.6.6/lib/eb_deployer/throttling_handling.rb:13:in `block in method_missing'
        from C:/tools/ruby23/lib/ruby/gems/2.3.0/gems/eb_deployer-0.6.6/lib/eb_deployer/utils.rb:13:in `backoff'
        from C:/tools/ruby23/lib/ruby/gems/2.3.0/gems/eb_deployer-0.6.6/lib/eb_deployer/throttling_handling.rb:12:in `method_missing'
        from C:/tools/ruby23/lib/ruby/gems/2.3.0/gems/eb_deployer-0.6.6/lib/eb_deployer/application.rb:86:in `create_application_if_not_exists'
        from C:/tools/ruby23/lib/ruby/gems/2.3.0/gems/eb_deployer-0.6.6/lib/eb_deployer/application.rb:15:in `create_version'
        from C:/tools/ruby23/lib/ruby/gems/2.3.0/gems/eb_deployer-0.6.6/lib/eb_deployer.rb:232:in `deploy'
        from C:/tools/ruby23/lib/ruby/gems/2.3.0/gems/eb_deployer-0.6.6/lib/eb_deployer.rb:276:in `cli'
        from C:/tools/ruby23/lib/ruby/gems/2.3.0/gems/eb_deployer-0.6.6/bin/eb_deploy:11:in `<top (required)>'
        from C:/tools/ruby23/bin/eb_deploy:22:in `load'
        from C:/tools/ruby23/bin/eb_deploy:22:in `<main>'

I'm really just surprised nobody has used this tool on Windows since 2014 and filed a similar issue. Are there other reasons this gem wouldn't work on WIndows?
@cormacrelf cormacrelf changed the title Need to use aws-sdk's bundled cert CA on Windows Option to use aws-sdk's bundled cert CA on Windows Dec 13, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@cormacrelf