Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

Certificate verify failed when OpenSSL:SSL::VERIFY_PEER #345

Closed
goosmurf opened this Issue · 2 comments

3 participants

@goosmurf

I'm trying to verify the server certificate using the CA certs in /etc/ssl/certs on my machine.

If I use openssl directly I would do that by setting the ca_path on the context instance for a socket, e.g.

context = OpenSSL::SSL::SSLContext.new
context.ca_path = '/etc/ssl/certs'
context.verify_mode = OpenSSL::SSL::VERIFY_PEER

I can't seem to find a way to pass the ca_path through the Mail::SMTP options and I note through much Googling that the majority of people using ActionMailer and Mail are simply setting openssl_verify_mode = none which is not ideal.

Is there a way to set the ca_path or even a ca_file without any code change?

If not, would it make sense to replace the openssl_verify_mode option with a more generic openssl_context option through which one can pass an instance of OpenSSL::SSL::SSLContext, thus allowing any/all of the context options to be set outside of Mail::SMTP?

I'd be happy to have a go at implementing this, just wanted to make sure it's the best approach first.

@ndbroadbent

One of our users is also having difficulties due to this issue (comment on google group).

OpenSSL::SSL::SSLError (hostname was not match with the server certificate):
  app/models/polymorphic/comment.rb:63:in `block in notify_subscribers'
  app/models/polymorphic/comment.rb:59:in `eacch'
  app/models/polymorphic/comment.rb:59:in `notify_subscribers'
  app/controllers/comments_controller.rb:88:in `create'

(excuse translation)

It would be great if the SSL context could be configured via settings.

Thanks

@jeremy
Collaborator

Closed by #399

@jeremy jeremy closed this
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.