Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Improve error message when adding file to X509Store fails #2249

Closed
phrinx opened this issue Nov 26, 2014 · 1 comment
Closed

Improve error message when adding file to X509Store fails #2249

phrinx opened this issue Nov 26, 2014 · 1 comment
Assignees
Labels
Milestone

Comments

@phrinx
Copy link

@phrinx phrinx commented Nov 26, 2014

I'm currently trying to investigate an multi-threading issue with JRuby 1.7.16 environment where faraday/httpclient fails to load the CA file under some condition which is difficult to reproduce in development. Unfortunately it's not exactly clear to me what happens here since the error message does not tell anything about the root cause but the configured ca_file definitely exists in my case. It just says:

OpenSSL::X509::StoreError: loading file failed: null

Looking at the code it seems any exception is caught and only the message is extracted which leads to the 'null' message above.

To reproduce the 'poor' error messsage here a little snippet where I'm passing in a file which does not exist:

[79] pry(main)> conn = Faraday.new(nil, :ssl => {:ca_file => '/does/not/exist.crt'}) do |conn|
[79] pry(main)*   conn.adapter :httpclient
[79] pry(main)* end
=> #<Faraday::Connection:0x63cb34b1
 @builder=#<Faraday::RackBuilder:0x31f083a6 @handlers=[Faraday::Adapter::HTTPClient]>,
 @default_parallel_manager=nil,
 @headers={"User-Agent"=>"Faraday v0.9.0"},
 @options=#<struct Faraday::RequestOptions params_encoder=nil, proxy=nil, bind=nil, timeout=nil, open_timeout=nil, boundary=nil, oauth=nil>,
 @parallel_manager=nil,
 @params={},
 @proxy=nil,
 @ssl=#<struct Faraday::SSLOptions verify=nil, ca_file="/does/not/exist.crt", ca_path=nil, verify_mode=nil, cert_store=nil, client_cert=nil, client_key=nil, certificate=nil, private_key=nil, verify_depth=nil, version=nil>,
 @url_prefix=#<URI::HTTP:0x255320e7 URL:http:/>>
[80] pry(main)> conn.get 'https://www.google.com'
OpenSSL::X509::StoreError: loading file failed: null
from org/jruby/ext/openssl/X509Store.java:153:in `add_file'

It would be helpful to either create a nested exception (to not loose the root cause) or add at least the exception class to the output in case the exception message is null (so I can investigate this problem further).

@mkristian
Copy link
Member

@mkristian mkristian commented Nov 27, 2014

to get the stacktrace you can add OpenSSL.debug=true before using ssl. something like

$ jruby -e 'require "openssl";OpenSSL.debug=true;require "faraday";Faraday.new(nil, :ssl => {:ca_file => "/does/not/exist.crt"})  { |c| c.adapter :httpclient }.get "https://www.google.com"'
org.jruby.util.ResourceException$NotFound
    at org.jruby.util.RegularFileResource.openDescriptor(RegularFileResource.java:188)
    at org.jruby.util.io.ChannelDescriptor.open(ChannelDescriptor.java:783)
    at org.jruby.util.io.ChannelDescriptor.open(ChannelDescriptor.java:719)
. . . .

with jruby-openssl-0.9.6.dev (https://oss.sonatype.org/content/repositories/snapshots/rubygems/jruby-openssl/0.9.6.dev-SNAPSHOT/jruby-openssl-0.9.6.dev-20141003.172537-3.gem) this particular error looks different:

$ jruby -e 'gem "jruby-openssl", "0.9.6.dev";require "faraday";Faraday.new(nil, :ssl => {:ca_file => "/does/not/exist.crt"})  { |c| c.adapter :httpclient }.get "https://www.google.com"'
OpenSSL::X509::StoreError: loading file failed: /does/not/exist.crt (No such file or directory)
               add_file at org/jruby/ext/openssl/X509Store.java:153
  add_trust_ca_to_store at /home/christian/install/jruby-1.7.15/lib/ruby/gems/shared/gems/httpclient-2.5.3.3/lib/httpclient/ssl_config.rb:199
           add_trust_ca at /home/christian/install/jruby-1.7.15/lib/ruby/gems/shared/gems/httpclient-2.5.3.3/lib/httpclient/ssl_config.rb:190
          configure_ssl at /home/christian/install/jruby-1.7.15/lib/ruby/gems/shared/gems/faraday-0.9.0/lib/faraday/adapter/httpclient.rb:73
                   call at /home/christian/install/jruby-1.7.15/lib/ruby/gems/shared/gems/faraday-0.9.0/lib/faraday/adapter/httpclient.rb:26
         build_response at /home/christian/install/jruby-1.7.15/lib/ruby/gems/shared/gems/faraday-0.9.0/lib/faraday/rack_builder.rb:139
            run_request at /home/christian/install/jruby-1.7.15/lib/ruby/gems/shared/gems/faraday-0.9.0/lib/faraday/connection.rb:377
                    get at /home/christian/install/jruby-1.7.15/lib/ruby/gems/shared/gems/faraday-0.9.0/lib/faraday/connection.rb:147
                 (root) at -e:1

it is related to jruby/jruby-openssl#11

@mkristian mkristian self-assigned this Nov 27, 2014
@mkristian mkristian closed this in c6479d0 Nov 28, 2014
@enebo enebo added this to the JRuby 1.7.17 milestone Dec 8, 2014
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
3 participants