GitHub is home to over 20 million developers working together to host and review code, manage projects, and build software together.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
Already on GitHub? Sign in to your account
When trying to retrieve a page from a SSL resource, the exception above is thrown, even though OpenSSL::SSL::VERIFY_NONE is set.
OS X 10.6.6
$ jruby -v
jruby 1.5.5 (ruby 1.8.7 patchlevel 249) (2010-11-10 4bd4200) (Java HotSpot(TM) 64-Bit Server VM 1.6.0_22) [x86_64-java]
$ jirb -v
$ jruby -S gem list jruby-openssl
*** LOCAL GEMS ***
~> Console extensions: wirble hirb ap rails2 rails3
jruby-1.5.5 :001 > require 'openssl'
jruby-1.5.5 :002 > require 'net/https'
jruby-1.5.5 :003 >
jruby-1.5.5 :004 > http = Net::HTTP.new 'msp.ibm.com', 443
jruby-1.5.5 :005 > http.use_ssl = true
jruby-1.5.5 :006 > http.verify_mode = OpenSSL::SSL::VERIFY_NONE
jruby-1.5.5 :007 > req = Net::HTTP::Get.new '/'
jruby-1.5.5 :008 > http.request(req).body
OpenSSL::SSL::SSLError: Received fatal alert: bad_record_mac
from /Users/charl/.rvm/rubies/jruby-1.5.5/lib/ruby/1.8/net/http.rb:586:in `connect'
from /Users/charl/.rvm/rubies/jruby-1.5.5/lib/ruby/1.8/net/http.rb:553:in `do_start'
from /Users/charl/.rvm/rubies/jruby-1.5.5/lib/ruby/1.8/net/http.rb:542:in `start'
from /Users/charl/.rvm/rubies/jruby-1.5.5/lib/ruby/1.8/net/http.rb:1035:in `request'
I have just tried it with jruby-openssl-0.7.3 and the results are the same.
I see the issue I am experiencing is related to the fact that the web server on the end of the request only support SSLv3 connections.
The workaround is to run your script with:
ruby -J-Dhttps.protocols=SSLv3 SCRIPT_NAME
Hmm. Interesting. Java's JSSE cannnot connect to https://msp.ibm.com...
net/https does not have ssl version parameter ATM. The following might work. (ugly monkey patching only works for 1.8)
http.instance_eval("@ssl_context").ssl_version = "SSLv3"
With httpclient gem, this script works for me.
c = HTTPClient.new
c.ssl_config.options = OpenSSL::SSL::OP_NO_TLSv1
It seems that it's from Java's JSSE restriction, your solution is the best I think...
It seems to be related to TLS extension...