Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Improve error message when adding file to X509Store fails #2249

Closed
phrinx opened this Issue Nov 26, 2014 · 1 comment

Comments

Projects
None yet
3 participants
@phrinx
Copy link

phrinx commented Nov 26, 2014

I'm currently trying to investigate an multi-threading issue with JRuby 1.7.16 environment where faraday/httpclient fails to load the CA file under some condition which is difficult to reproduce in development. Unfortunately it's not exactly clear to me what happens here since the error message does not tell anything about the root cause but the configured ca_file definitely exists in my case. It just says:

OpenSSL::X509::StoreError: loading file failed: null

Looking at the code it seems any exception is caught and only the message is extracted which leads to the 'null' message above.

To reproduce the 'poor' error messsage here a little snippet where I'm passing in a file which does not exist:

[79] pry(main)> conn = Faraday.new(nil, :ssl => {:ca_file => '/does/not/exist.crt'}) do |conn|
[79] pry(main)*   conn.adapter :httpclient
[79] pry(main)* end
=> #<Faraday::Connection:0x63cb34b1
 @builder=#<Faraday::RackBuilder:0x31f083a6 @handlers=[Faraday::Adapter::HTTPClient]>,
 @default_parallel_manager=nil,
 @headers={"User-Agent"=>"Faraday v0.9.0"},
 @options=#<struct Faraday::RequestOptions params_encoder=nil, proxy=nil, bind=nil, timeout=nil, open_timeout=nil, boundary=nil, oauth=nil>,
 @parallel_manager=nil,
 @params={},
 @proxy=nil,
 @ssl=#<struct Faraday::SSLOptions verify=nil, ca_file="/does/not/exist.crt", ca_path=nil, verify_mode=nil, cert_store=nil, client_cert=nil, client_key=nil, certificate=nil, private_key=nil, verify_depth=nil, version=nil>,
 @url_prefix=#<URI::HTTP:0x255320e7 URL:http:/>>
[80] pry(main)> conn.get 'https://www.google.com'
OpenSSL::X509::StoreError: loading file failed: null
from org/jruby/ext/openssl/X509Store.java:153:in `add_file'

It would be helpful to either create a nested exception (to not loose the root cause) or add at least the exception class to the output in case the exception message is null (so I can investigate this problem further).

@mkristian

This comment has been minimized.

Copy link
Member

mkristian commented Nov 27, 2014

to get the stacktrace you can add OpenSSL.debug=true before using ssl. something like

$ jruby -e 'require "openssl";OpenSSL.debug=true;require "faraday";Faraday.new(nil, :ssl => {:ca_file => "/does/not/exist.crt"})  { |c| c.adapter :httpclient }.get "https://www.google.com"'
org.jruby.util.ResourceException$NotFound
    at org.jruby.util.RegularFileResource.openDescriptor(RegularFileResource.java:188)
    at org.jruby.util.io.ChannelDescriptor.open(ChannelDescriptor.java:783)
    at org.jruby.util.io.ChannelDescriptor.open(ChannelDescriptor.java:719)
. . . .

with jruby-openssl-0.9.6.dev (https://oss.sonatype.org/content/repositories/snapshots/rubygems/jruby-openssl/0.9.6.dev-SNAPSHOT/jruby-openssl-0.9.6.dev-20141003.172537-3.gem) this particular error looks different:

$ jruby -e 'gem "jruby-openssl", "0.9.6.dev";require "faraday";Faraday.new(nil, :ssl => {:ca_file => "/does/not/exist.crt"})  { |c| c.adapter :httpclient }.get "https://www.google.com"'
OpenSSL::X509::StoreError: loading file failed: /does/not/exist.crt (No such file or directory)
               add_file at org/jruby/ext/openssl/X509Store.java:153
  add_trust_ca_to_store at /home/christian/install/jruby-1.7.15/lib/ruby/gems/shared/gems/httpclient-2.5.3.3/lib/httpclient/ssl_config.rb:199
           add_trust_ca at /home/christian/install/jruby-1.7.15/lib/ruby/gems/shared/gems/httpclient-2.5.3.3/lib/httpclient/ssl_config.rb:190
          configure_ssl at /home/christian/install/jruby-1.7.15/lib/ruby/gems/shared/gems/faraday-0.9.0/lib/faraday/adapter/httpclient.rb:73
                   call at /home/christian/install/jruby-1.7.15/lib/ruby/gems/shared/gems/faraday-0.9.0/lib/faraday/adapter/httpclient.rb:26
         build_response at /home/christian/install/jruby-1.7.15/lib/ruby/gems/shared/gems/faraday-0.9.0/lib/faraday/rack_builder.rb:139
            run_request at /home/christian/install/jruby-1.7.15/lib/ruby/gems/shared/gems/faraday-0.9.0/lib/faraday/connection.rb:377
                    get at /home/christian/install/jruby-1.7.15/lib/ruby/gems/shared/gems/faraday-0.9.0/lib/faraday/connection.rb:147
                 (root) at -e:1

it is related to jruby/jruby-openssl#11

@mkristian mkristian added the openssl label Nov 27, 2014

@mkristian mkristian self-assigned this Nov 27, 2014

@mkristian mkristian removed the in progress label Nov 28, 2014

@enebo enebo added this to the JRuby 1.7.17 milestone Dec 8, 2014

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.