Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Hockey upload fails with a SSL_connect error #258

Closed
orschaef opened this issue May 5, 2015 · 18 comments
Closed

Hockey upload fails with a SSL_connect error #258

orschaef opened this issue May 5, 2015 · 18 comments

Comments

@orschaef
Copy link

orschaef commented May 5, 2015

When reaching the upload to HockeyApp step I get the following output (fastlane version 0.13.0).

INFO [2015-05-05 22:47:05.23]: Starting with ipa upload to HockeyApp... this could take some time.
INFO [2015-05-05 22:47:05.84]: Variable Dump:
INFO [2015-05-05 22:47:05.84]: {:ENVIRONMENT=>nil, :PLATFORM_NAME=>nil, :LANE_NAME=>"nightly", :BUILD_NUMBER=>20150505220557, :IPA_OUTPUT_PATH=>"/Users/orschaef/workspace/leonardo.ios/haufe-leong-nightly.ipa", :DSYM_OUTPUT_PATH=>"/Users/orschaef/workspace/leonardo.ios/leong-ios-nightly.app.dSYM.zip"}
FATAL [2015-05-05 22:47:05.84]: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
FATAL [2015-05-05 22:47:06.77]: fastlane finished with errors

The full stack trace:

/usr/local/Cellar/ruby/2.2.2/lib/ruby/2.2.0/net/http.rb:923:in `connect': SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (Faraday::Error::ConnectionFailed)
    from /usr/local/Cellar/ruby/2.2.2/lib/ruby/2.2.0/net/http.rb:923:in `block in connect'
    from /usr/local/Cellar/ruby/2.2.2/lib/ruby/2.2.0/timeout.rb:74:in `timeout'
    from /usr/local/Cellar/ruby/2.2.2/lib/ruby/2.2.0/net/http.rb:923:in `connect'
    from /usr/local/Cellar/ruby/2.2.2/lib/ruby/2.2.0/net/http.rb:863:in `do_start'
    from /usr/local/Cellar/ruby/2.2.2/lib/ruby/2.2.0/net/http.rb:852:in `start'
    from /usr/local/Cellar/ruby/2.2.2/lib/ruby/2.2.0/net/http.rb:1375:in `request'
    from /usr/local/lib/ruby/gems/2.2.0/gems/faraday-0.8.9/lib/faraday/adapter/net_http.rb:75:in `perform_request'
    from /usr/local/lib/ruby/gems/2.2.0/gems/faraday-0.8.9/lib/faraday/adapter/net_http.rb:38:in `call'
    from /usr/local/lib/ruby/gems/2.2.0/gems/faraday_middleware-0.9.1/lib/faraday_middleware/response/follow_redirects.rb:79:in `perform_with_redirection'
    from /usr/local/lib/ruby/gems/2.2.0/gems/faraday_middleware-0.9.1/lib/faraday_middleware/response/follow_redirects.rb:65:in `call'
    from /usr/local/lib/ruby/gems/2.2.0/gems/faraday_middleware-0.9.1/lib/faraday_middleware/response_middleware.rb:30:in `call'
    from /usr/local/lib/ruby/gems/2.2.0/gems/faraday-0.8.9/lib/faraday/request/url_encoded.rb:14:in `call'
    from /usr/local/lib/ruby/gems/2.2.0/gems/faraday-0.8.9/lib/faraday/request/multipart.rb:13:in `call'
    from /usr/local/lib/ruby/gems/2.2.0/gems/faraday-0.8.9/lib/faraday/connection.rb:253:in `run_request'
    from /usr/local/lib/ruby/gems/2.2.0/gems/faraday-0.8.9/lib/faraday/connection.rb:118:in `post'
    from /usr/local/lib/ruby/gems/2.2.0/gems/shenzhen-0.13.2/lib/shenzhen/plugins/hockeyapp.rb:29:in `upload_build'
    from /usr/local/lib/ruby/gems/2.2.0/gems/fastlane-0.13.0/lib/fastlane/actions/hockey.rb:42:in `run'
    from /usr/local/lib/ruby/gems/2.2.0/gems/fastlane-0.13.0/lib/fastlane/fast_file.rb:112:in `block (2 levels) in method_missing'
    from /usr/local/lib/ruby/gems/2.2.0/gems/fastlane-0.13.0/lib/fastlane/actions/actions_helper.rb:35:in `execute_action'
    from /usr/local/lib/ruby/gems/2.2.0/gems/fastlane-0.13.0/lib/fastlane/fast_file.rb:94:in `block in method_missing'
    from /usr/local/lib/ruby/gems/2.2.0/gems/fastlane-0.13.0/lib/fastlane/fast_file.rb:93:in `chdir'
    from /usr/local/lib/ruby/gems/2.2.0/gems/fastlane-0.13.0/lib/fastlane/fast_file.rb:93:in `method_missing'
    from (eval):50:in `block (2 levels) in parse'
    from /usr/local/lib/ruby/gems/2.2.0/gems/fastlane-0.13.0/lib/fastlane/runner.rb:34:in `call'
    from /usr/local/lib/ruby/gems/2.2.0/gems/fastlane-0.13.0/lib/fastlane/runner.rb:34:in `block in execute'
    from /usr/local/lib/ruby/gems/2.2.0/gems/fastlane-0.13.0/lib/fastlane/runner.rb:24:in `chdir'
    from /usr/local/lib/ruby/gems/2.2.0/gems/fastlane-0.13.0/lib/fastlane/runner.rb:24:in `execute'
    from /usr/local/lib/ruby/gems/2.2.0/gems/fastlane-0.13.0/lib/fastlane/lane_manager.rb:33:in `cruise_lane'
    from /usr/local/lib/ruby/gems/2.2.0/gems/fastlane-0.13.0/bin/fastlane:39:in `block (2 levels) in run'
    from /usr/local/lib/ruby/gems/2.2.0/gems/commander-4.3.2/lib/commander/command.rb:178:in `call'
    from /usr/local/lib/ruby/gems/2.2.0/gems/commander-4.3.2/lib/commander/command.rb:178:in `call'
    from /usr/local/lib/ruby/gems/2.2.0/gems/commander-4.3.2/lib/commander/command.rb:153:in `run'
    from /usr/local/lib/ruby/gems/2.2.0/gems/commander-4.3.2/lib/commander/runner.rb:428:in `run_active_command'
    from /usr/local/lib/ruby/gems/2.2.0/gems/commander-4.3.2/lib/commander/runner.rb:68:in `run!'
    from /usr/local/lib/ruby/gems/2.2.0/gems/commander-4.3.2/lib/commander/delegates.rb:15:in `run!'
    from /usr/local/lib/ruby/gems/2.2.0/gems/fastlane-0.13.0/bin/fastlane:118:in `run'
    from /usr/local/lib/ruby/gems/2.2.0/gems/fastlane-0.13.0/bin/fastlane:124:in `<top (required)>'
    from /usr/local/bin/fastlane:23:in `load'
    from /usr/local/bin/fastlane:23:in `<main>'

I already tried to update my certificates via

rvm osx-ssl-certs update

and also tried the equivalent steps described here
https://rvm.io/support/fixing-broken-ssl-certificates

but I still get the same error.
This issue first appeared after updating fastlane.

@orschaef orschaef changed the title Hockey upload creates an SSL_connect error Hockey upload fails with a SSL_connect error May 5, 2015
@KrauseFx
Copy link
Member

KrauseFx commented May 5, 2015

As seen on the stack trace:

    from /usr/local/lib/ruby/gems/2.2.0/gems/faraday-0.8.9/lib/faraday/connection.rb:118:in `post'
    from /usr/local/lib/ruby/gems/2.2.0/gems/shenzhen-0.13.2/lib/shenzhen/plugins/hockeyapp.rb:29:in `upload_build'

it seems to be an issue from shenzhen.

@orschaef
Copy link
Author

orschaef commented May 5, 2015

Gave it another try after updating to fastlane 1.0.0.
Still the same error with shenzhen 0.14.1.

from /usr/local/lib/ruby/gems/2.2.0/gems/faraday-0.8.9/lib/faraday/connection.rb:118:in `post'
from /usr/local/lib/ruby/gems/2.2.0/gems/shenzhen-0.14.1/lib/shenzhen/plugins/hockeyapp.rb:29:in `upload_build'

Can someone confirm that this is an issue related to shenzhen? Or faraday? This error seems to be widespread in the ruby world but there are too many different solutions.

@milch
Copy link
Collaborator

milch commented May 6, 2015

Okay, well I think I know where the problem is. The problem doesn't originate in a specific gem, but is tied to the ruby installation itself (since homebrew and rvm installed rubies don't use the system-supplied CA-certificates).

Can you please post the output of ruby -ropenssl -e 'puts OpenSSL::X509::DEFAULT_CERT_FILE'? Also, if you do a quicklook on the file that this outputs, the certificate there will probably be invalid.

From what I've gathered so far, the above command should yield:

  • /usr/local/etc/openssl/cert.pem for both rbenv- and homebrew-installed rubies
  • /System/Library/OpenSSL/cert.pem for rvm installed rubies

rvm does supply the osx-ssl-certs update command which fixes these SSL errors in the latter directory. For the other directories, they have to be fixed manually.

So in conclusion, if the above assumptions are correct, the solution described in this link should be able to fix this:

rm $(ruby -ropenssl -e 'puts OpenSSL::X509::DEFAULT_CERT_FILE') && \
brew install curl-ca-bundle && ln -s /usr/local/opt/curl-ca-bundle/share/ca-bundle.crt \
$(ruby -ropenssl -e 'puts OpenSSL::X509::DEFAULT_CERT_FILE') \
echo 'export SSL_CERT_FILE=/usr/local/opt/curl-ca-bundle/share/ca-bundle.crt' >> ~/.bash_profile

@milch
Copy link
Collaborator

milch commented May 6, 2015

@KrauseFx If this works, maybe we should include this in the README or some other part of the documentation, since quite some people have turned up with this error already.

@orschaef
Copy link
Author

orschaef commented May 6, 2015

The command ruby -ropenssl -e 'puts OpenSSL::X509::DEFAULT_CERT_FILE' did output the expected line

/usr/local/etc/openssl/cert.pem

So I went on and tried the described solution. But brew install curl-ca-bundle returns with Error: No available formula for curl-ca-bundle.
It seems that curl-ca-bundle was removed on 25 April 2014 (devopsgroup-io/vagrant-digitalocean#123).

@milch
Copy link
Collaborator

milch commented May 6, 2015

What if you just specify the SSL file? export SSL_CERT_FILE=/usr/local/etc/openssl/cert.pem

@orschaef
Copy link
Author

orschaef commented May 6, 2015

I had the same thought. But it didn't change anything

@orschaef
Copy link
Author

orschaef commented May 6, 2015

Finally I found a solution that works for me. It was mentioned by alloy in a cocoapods issue (CocoaPods/CocoaPods#554). You see that this issue is widespread...

I just downloaded a new bunch of CA Certificates via
$ curl http://curl.haxx.se/ca/cacert.pem -o /usr/local/etc/openssl/ca-cert.pem
and exported them
$ export SSL_CERT_FILE=/usr/local/etc/openssl/ca-cert.pem
$ echo 'export SSL_CERT_FILE=/usr/local/etc/openssl/ca-cert.pem' >> ~/.bash_profile

Now everything is fine. Nevertheless it sounds weird because the old certificates were valid and fine.
I think you can close the issue. Don't know if it makes sense to include this solution in the README. This error affects many people but the solution is always a bit different.

@orschaef orschaef closed this as completed May 6, 2015
@pvegh
Copy link

pvegh commented May 6, 2015

Thanks for this hint, exporting the certificate fixed it for me as well.

@lipka
Copy link
Contributor

lipka commented Jun 2, 2015

I was able to fix this using the suggestion from: Homebrew/legacy-homebrew#32251 (comment)

Also seems much safer than downloading CA certs over unsecured http.

@postmechanical
Copy link

Still running into this issue trying to get fastlane with hockeyapp action working in Travis CI rvm based environment. None of the above solutions are working. Any new ideas?

@a1cooke
Copy link

a1cooke commented Jul 26, 2015

I'm the same as @postmechanical no real joy, I opened this to see if anyone else could make any progress: nomad-cli/shenzhen#288

@KrauseFx KrauseFx reopened this Jul 30, 2015
@KrauseFx
Copy link
Member

I ran into the same problem today. I'm using rvm and tried fixing it by

rvm remove 2.2.0
rvm install 2.2.0 --disable-binary

taken from http://toadle.me/2015/04/16/fixing-failing-ssl-verification-with-rvm.html, which will also help you analyse the issue.

But didn't get it running yet.

@KrauseFx
Copy link
Member

Finally found the root of this problem: It's HockeyApp using an expired SSL profile:

HEAD https://upload.hockeyapp.net:443
OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=error: certificate verify failed

The server presented a certificate that could not be verified:
  subject: /C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA
  issuer: /C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA
  error code 10: certificate has expired

At least according to the Ruby script.

@KrauseFx
Copy link
Member

HEAD https://upload.hockeyapp.net:443
OK

I got it working just by running

brew update && brew upgrade openssl

As mentioned before, I'm using rvm.

@KrauseFx
Copy link
Member

I added this to the new FAQ document in the docs folder 👍

@pvegh
Copy link

pvegh commented Aug 18, 2015

Thanks!

@orschaef
Copy link
Author

Perfect!

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

7 participants