Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Improve error message when adding file to X509Store fails #2249

phrinx opened this issue Nov 26, 2014 · 1 comment

Improve error message when adding file to X509Store fails #2249

phrinx opened this issue Nov 26, 2014 · 1 comment


Copy link

phrinx commented Nov 26, 2014

I'm currently trying to investigate an multi-threading issue with JRuby 1.7.16 environment where faraday/httpclient fails to load the CA file under some condition which is difficult to reproduce in development. Unfortunately it's not exactly clear to me what happens here since the error message does not tell anything about the root cause but the configured ca_file definitely exists in my case. It just says:

OpenSSL::X509::StoreError: loading file failed: null

Looking at the code it seems any exception is caught and only the message is extracted which leads to the 'null' message above.

To reproduce the 'poor' error messsage here a little snippet where I'm passing in a file which does not exist:

[79] pry(main)> conn =, :ssl => {:ca_file => '/does/not/exist.crt'}) do |conn|
[79] pry(main)*   conn.adapter :httpclient
[79] pry(main)* end
=> #<Faraday::Connection:0x63cb34b1
 @builder=#<Faraday::RackBuilder:0x31f083a6 @handlers=[Faraday::Adapter::HTTPClient]>,
 @headers={"User-Agent"=>"Faraday v0.9.0"},
 @options=#<struct Faraday::RequestOptions params_encoder=nil, proxy=nil, bind=nil, timeout=nil, open_timeout=nil, boundary=nil, oauth=nil>,
 @ssl=#<struct Faraday::SSLOptions verify=nil, ca_file="/does/not/exist.crt", ca_path=nil, verify_mode=nil, cert_store=nil, client_cert=nil, client_key=nil, certificate=nil, private_key=nil, verify_depth=nil, version=nil>,
 @url_prefix=#<URI::HTTP:0x255320e7 URL:http:/>>
[80] pry(main)> conn.get ''
OpenSSL::X509::StoreError: loading file failed: null
from org/jruby/ext/openssl/ `add_file'

It would be helpful to either create a nested exception (to not loose the root cause) or add at least the exception class to the output in case the exception message is null (so I can investigate this problem further).

Copy link

to get the stacktrace you can add OpenSSL.debug=true before using ssl. something like

$ jruby -e 'require "openssl";OpenSSL.debug=true;require "faraday";, :ssl => {:ca_file => "/does/not/exist.crt"})  { |c| c.adapter :httpclient }.get ""'
    at org.jruby.util.RegularFileResource.openDescriptor(
. . . .

with ( this particular error looks different:

$ jruby -e 'gem "jruby-openssl", "";require "faraday";, :ssl => {:ca_file => "/does/not/exist.crt"})  { |c| c.adapter :httpclient }.get ""'
OpenSSL::X509::StoreError: loading file failed: /does/not/exist.crt (No such file or directory)
               add_file at org/jruby/ext/openssl/
  add_trust_ca_to_store at /home/christian/install/jruby-1.7.15/lib/ruby/gems/shared/gems/httpclient-
           add_trust_ca at /home/christian/install/jruby-1.7.15/lib/ruby/gems/shared/gems/httpclient-
          configure_ssl at /home/christian/install/jruby-1.7.15/lib/ruby/gems/shared/gems/faraday-0.9.0/lib/faraday/adapter/httpclient.rb:73
                   call at /home/christian/install/jruby-1.7.15/lib/ruby/gems/shared/gems/faraday-0.9.0/lib/faraday/adapter/httpclient.rb:26
         build_response at /home/christian/install/jruby-1.7.15/lib/ruby/gems/shared/gems/faraday-0.9.0/lib/faraday/rack_builder.rb:139
            run_request at /home/christian/install/jruby-1.7.15/lib/ruby/gems/shared/gems/faraday-0.9.0/lib/faraday/connection.rb:377
                    get at /home/christian/install/jruby-1.7.15/lib/ruby/gems/shared/gems/faraday-0.9.0/lib/faraday/connection.rb:147
                 (root) at -e:1

it is related to jruby/jruby-openssl#11

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet

No branches or pull requests

3 participants