certificate verify failed (Faraday::SSLError)

[threewordphrase]

OSX 10.10.3, Ruby 2.2.1p85, gem version 0.9.pre1

Full error:

/Users/username/.rvm/rubies/ruby-2.2.1/lib/ruby/2.2.0/net/http.rb:923:in connect': SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (Faraday::SSLError) from /Users/asmith/.rvm/rubies/ruby-2.2.1/lib/ruby/2.2.0/net/http.rb:923:inblock in connect'
from /Users/asmith/.rvm/rubies/ruby-2.2.1/lib/ruby/2.2.0/timeout.rb:74:in timeout' from /Users/asmith/.rvm/rubies/ruby-2.2.1/lib/ruby/2.2.0/net/http.rb:923:inconnect'
from /Users/asmith/.rvm/rubies/ruby-2.2.1/lib/ruby/2.2.0/net/http.rb:863:in do_start' from /Users/asmith/.rvm/rubies/ruby-2.2.1/lib/ruby/2.2.0/net/http.rb:852:instart'
from /Users/asmith/.rvm/rubies/ruby-2.2.1/lib/ruby/2.2.0/net/http.rb:1375:in request' from /Users/asmith/.rvm/gems/ruby-2.2.1/gems/faraday-0.9.1/lib/faraday/adapter/net_http.rb:82:inperform_request'
from /Users/asmith/.rvm/gems/ruby-2.2.1/gems/faraday-0.9.1/lib/faraday/adapter/net_http.rb:40:in block in call' from /Users/asmith/.rvm/gems/ruby-2.2.1/gems/faraday-0.9.1/lib/faraday/adapter/net_http.rb:87:inwith_net_http_connection'
from /Users/asmith/.rvm/gems/ruby-2.2.1/gems/faraday-0.9.1/lib/faraday/adapter/net_http.rb:32:in call' from /Users/asmith/.rvm/gems/ruby-2.2.1/gems/faraday-0.9.1/lib/faraday/request/url_encoded.rb:15:incall'
from /Users/asmith/.rvm/gems/ruby-2.2.1/gems/signet-0.6.1/lib/signet/oauth_2/client.rb:957:in fetch_access_token' from /Users/asmith/.rvm/gems/ruby-2.2.1/gems/signet-0.6.1/lib/signet/oauth_2/client.rb:983:infetch_access_token!'
from run.rb:17:in `

'

I am able to hotwire with this at the top:

require 'openssl'
OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE

...but that kinda sucks.

[sqrrrl]

See #235 for a workaround. The cert bundle in this library has the correct roots. Setting an env variable will have signet pick it up.

I'll take a look at cleaning up signet so it picks up the correct roots by default next week.

[radar]

I was getting this issue on my Mac too. brew update and then brew upgrade openssl fixed it.

[radar]

@sqrrrl I think this issue can be closed now as it can be fixed by updating openssl.

[asamasoma]

@sqrrrl Updating openssl didn't solve this problem for me. I have to set SSL_CERT_FILE to the bundled cacerts.pem file.

[threewordphrase]

FWIW, this is what worked for me:

cert_path = Gem.loaded_specs['google-api-client'].full_gem_path+'/lib/cacerts.pem'
ENV['SSL_CERT_FILE'] = cert_path

[Vanuan]

Worth linking: rvm/rvm#3330

[stevestofiel]

FWIW, this is what worked for me:

cert_path = Gem.loaded_specs['google-api-client'].full_gem_path+'/lib/cacerts.pem'
ENV['SSL_CERT_FILE'] = cert_path

Thanks crypticsymbols! That worked for me as well on:

ruby 2.2.1p85 (2015-02-26 revision 49769) [x86_64-darwin14] on OS X 10.10.5)
google-api-client (0.8.6)
googleauth (0.4.2)
signet (0.6.1)
jwt (1.5.1)

[sirkosi]

@crypticsymbols thanks a lot, that works for me too!

[Vanuan]

It's far better not to touch any code and fix the damn OS X's ruby 2.2.1 binary.

[threewordphrase]

I agree with @Vanuan, code was just a stopgap measure and the other approach is better.

[psk11]

@Vanuan it does not worked for me

[Yenwod]

Here is what worked for me:

I'm running OS X 10.11.1, Ruby 2.2.1, openssl 1.0.2d_1

Upgrading to Ruby 2.2.3 fixed the problem.

[dblommesteijn]

A system wide solution would be this (for Yosemite and Ruby 2.2.1):

Downloading this http://curl.haxx.se/ca/cacert.pem, and saving it replacing /usr/local/etc/openssl/cert.pem. Add export SSL_CERT_FILE=/usr/local/etc/openssl/cert.pem to your .bash_profile. All net::http will pickup on ENV['SSL_CERT_FILE'].

RVM and ruby seems to have an outdated CA cert.

[jb41]

@dblommesteijn thank, works for me

[bgerd]

@stevestofiel went with your fix thanks!

i'm running stock: ruby 2.2.1p85.

[katrusso]

@dblommesteijn Thanks, this solution worked for me. :)

[flyfy1]

Just in case anyone still facing issue.. upgrading to Ruby 2.3.0 helped me. (was in 2.2.3)

[schanami]

Same issues here that everyone else went through.

I'm on El Capitan 10.11 and using version ruby 2.2.0

Tried the cert.pem replacement
Tried switching to 2.1.0 and 2.3.0
Tried: rvm osx-ssl-certs update all

What worked for me:
rvm reinstall 2.2.0 --disable-binary
gem pristine nokogiri --version 1.6.7.2

[mike0416]

like @flyfy1 upgrading to Ruby 2.3.0 fixed the issue for me as well

[p55]

upgrading ruby to 2.3.0 solved it for me as well

[aral]

With rvm (with Ruby 2.2.3 installed), on OS X, what fixed it for me was:

rvm requirements

[arek-rst]

@schanami helped me rvm reinstall 2.2.2 --disable-binary thx

[danebez]

The solution for me on OS X 10.11.4, Ruby 2.1.2 was running rvm reinstall ruby-2.1.2 --disable-binary or switching to 2.3.0. This is perplexing as colleagues who had the app already set up on their dev machines and have the same OS and Ruby versions had this problem in 2015 but could solve it by simply downloading http://curl.haxx.se/ca/cacert.pem and ensuring that Ruby 2.1.2 was installed with the --with-openssl-dir=$rvm_path/usr flag. Can anyone can explain why installing Ruby from sources solves the problem?

To clarify, none of the following solved the issue:

• downloading http://curl.haxx.se/ca/cacert.pem, renaming it to cert.pem & pointing to it inside Rails (ENV['SSL_CERT_FILE'] = '/usr/local/etc/openssl/cert.pem') or with a system environment variable
• running rvm requirements
• re-installing Ruby 2.1.2: rvm remove 2.1.2 && rvm pkg install openssl && rvm install 2.1.2 --with-openssl-dir=$rvm_path/usr

[Vanuan]

Can anyone can explain why installing Ruby from sources solves the problem?

Because pre-build version doesn't distinguish between different OS X versions (has wrong paths hardcoded). Newer OS X has a different SSL subsystem.

[sony-mathew-fd]

Nice explanation given here : https://toadle.me/2015/04/16/fixing-failing-ssl-verification-with-rvm.html

[nataliachodelski]

What worked for me with the error was:

rvm reinstall 2.2.0 --disable-binary
then
rvm requirements

none of the commands higher up this thread worked for some reason.

[kschutt]

@nchodelski thanks! this also worked for me on 2.2.3

[fenec]

RVM > 1.9.1 comes with the method for updating certificates:
rvm osx-ssl-certs update all

credits: http://railsapps.github.io/openssl-certificate-verify-failed.html

[dblommesteijn]

@fenec this does not always solve the issue. I've given up fixing rvm and have switched to rbenv.

[nataliachodelski]

I had some issues with this too. When i re installed a different version of
rvm I was able to build and deploy using fastlane (the reason I was trying
to fix my SSL errors in the first place). But it broke another feature for
me. and when i had managed to fix the second error I then had the SSL
authentication issue again. So seems like i can only choose one thing to
work.

I wish i knew what version to install to fix both errors at the same time.

On 22 June 2016 at 08:07, Dennis Blommesteijn notifications@github.com
wrote:

@fenec https://github.com/fenec this does not always solve the issue.
I've given up fixing rvm and have switched to rbenv.

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
#253 (comment),
or mute the thread
https://github.com/notifications/unsubscribe/AKGbMnqRYVXdm5eaDPxGHhyILwdzwyzvks5qOU_GgaJpZM4FWHjO
.

[zegomesjf]

I fix the error with
rvm reinstall ruby-2.1.5 --with-openssl-dir=/usr/local

[yossi-eynav]

Thanks @zegomesjf!

[george-carlin]

I'm not using google-api-ruby-client but I just had this same Faraday error while trying to setup FB login with OAuth on my app, and found this issue. If any future Googlers see this, just writing this to confirm that brew upgrade and brew upgrade openssl worked me for too ;)

[sandeep-patle1508]

I have used in this way and it worked for me.
connection = Faraday.new("http://example.com")
connection.ssl.verify_mode = OpenSSL::SSL::VERIFY_NONE

[bryszard]

Thank you @sony-mathew-fd. The solution pointed by you (https://toadle.me/2015/04/16/fixing-failing-ssl-verification-with-rvm.html) helped a lot. What I had to do:

1. Recompile ruby - rvm reinstall 2.2.0 --disable-binary
2. Download new certs from http://curl.haxx.se/ca/cacert.pem and put it to /usr/local/etc/openssl/cert.pem
3. Add export SSL_CERT_FILE=/usr/local/etc/openssl/cert.pem to .bash_profile

I encountered this problem while I was using google-cloud-ruby gem and Ruby 2.4.0.

[brauliobo]

Confirmed this problem with jruby 9.1.13.0

[vmardian]

Using OS X 10.10.5 and Ruby 2.3.1 via RBENV, the issue was fixed by performing steps #2 and #3 from @bryszard's response.

[geordgez]

FWIW switching to a different (open) wifi network may help.

I'm no expert in networking/certificates but I recently ran into the same issue when I was trying to hit a Ruby backend with an OAuth callback. My environment was fine (macOS Sierra 10.12.6 + Docker Ruby 2.3.1 base image) and my local certificates were alright but the secured network I was on was modifying certificates to make it unfriendly for the Ruby app.

Just wanted to mention in case someone exhausted all the local options like me and was still getting:
Faraday::SSLError (SSL_connect returned=1 errno=0 state=error: certificate verify failed)