Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Change OpenSSL certificates path #249

Closed
mpapis opened this issue Dec 13, 2014 · 18 comments

Comments

Projects
None yet
@mpapis
Copy link

commented Dec 13, 2014

Forwarding http://stackoverflow.com/questions/19150017/ssl-error-when-installing-rubygems-unable-to-pull-data-from-https-rubygems-o/19151697?noredirect=1#comment38117738_19151697

The path to OpenSSL certificates can be configured with: --openssldir= (Example)

I have seen few issues about this in here, but none proposed to change the path to something that would not confuse users, I also know that Windows is not as flexible as Linux/OSX with paths, maybe C:/Users/etc/openssl/? although not all users have C: :(

@luislavena

This comment has been minimized.

Copy link
Member

commented Dec 13, 2014

Hello @mpapis thank you for suggesting this.

Please bear with me for a bit while I explain the deep issues with your suggestion.

But before that, is worth mentioning that the second answer to that SO question:

http://stackoverflow.com/a/27298259/117298

Links to my response on how to quick solve the trust certificate issues:

https://gist.github.com/luislavena/f064211759ee0f806c88


Your suggestion about to use --openssldir= is valid, however it poses a lot of issues:

  • Users folder to not exist in Windows XP, and instead is called Documents and Settings
  • openssldir cannot be set relative, which means is hardcoding the path to something that will not exist on the end-user system.
  • Ruby, on Windows, can be installed anywhere, that means C:, D: or Z:
  • Not even considering that Windows system drive might not be C: 😢

This has been proposed, explored and discarded several times on this issue tracker and the mailing list due several reasons:

  • Patching OpenSSL to use relative paths instead of absolutes (where the issue lies) is beyond the role of RubyInstaller project
  • Patching Ruby to workaround the OpenSSL love for hardcoded paths has been suggested, but such patch should be done at Ruby and not RubyInstaller
  • Make installers set SSL_CERT_FILE environment variable might clash with existing settings from the user
  • Include CA bundles with the installer will be outdated if users decide to use and old version of the installer
  • Include a script to update the CA bundle might conflict with existing SSL_CERT_FILE that user is using (but is one of the best proposals so far).

Here is the recollection of all these conversations:

@dunake

This comment has been minimized.

Copy link

commented Dec 29, 2014

thought i would get a fix to this problem

@luislavena

This comment has been minimized.

Copy link
Member

commented Dec 29, 2014

@DuncanAkello perhaps this will help?

https://gist.github.com/luislavena/f064211759ee0f806c88

@johnrc

This comment has been minimized.

Copy link

commented Jan 8, 2015

@luislavena Thanks for the link and fix. When do you expect the next Ruby installer to be available with the updated RubyGems that fixes the ssl issue?

@gwaldo

This comment has been minimized.

Copy link

commented Jan 21, 2015

This is fantastic.

@schneems

This comment has been minimized.

Copy link

commented Jan 29, 2015

Thanks for all the work here, ran into this while trying to update some documentation on a windows VM. Any idea when a version of RailsInstaller with these fixes will be able to go out?

schneems added a commit to railsgirls/railsgirls.github.io that referenced this issue Jan 29, 2015

Update docs to deal with error when using windows and an older versio…
…n of Rubygems see: https://gist.github.com/luislavena/f064211759ee0f806c88 for full details and instructions.

This can be removed when RailsInstaller ships with a more recent version of Rubygems, see oneclick/rubyinstaller#249 for more info.

schneems added a commit to railsgirls/railsgirls.github.io that referenced this issue Jan 29, 2015

Document Windows Rubygems install error
Update docs to deal with error when using windows and an older version of Rubygems see: https://gist.github.com/luislavena/f064211759ee0f806c88 for full details and instructions.

This can be removed when RailsInstaller ships with a more recent version of Rubygems, see oneclick/rubyinstaller#249 for more info.
@Azolo

This comment has been minimized.

Copy link
Member

commented Feb 1, 2015

The next RubyInstaller package with these fixes should be released with the next official Ruby 2.2.X release.

@Azolo

This comment has been minimized.

Copy link
Member

commented Apr 16, 2015

All current and supported versions of RubyInstaller have new releases that solve this rubygems issue.

Most current releases are 2.0.0-p645, 2.1.6, 2.2.2.

And thus the RubyInstaller saga of the dreaded Rubygems.org Certificate Update begins its closing act.

@Azolo Azolo closed this Apr 16, 2015

@schneems

This comment has been minimized.

Copy link

commented Apr 17, 2015

OMG, thank you so much ❤️ ❤️ ❤️

@pbennett

This comment has been minimized.

Copy link

commented Oct 5, 2016

p.s. I just downloaded 2.2.5 32-bit and it still has this problem. :(
I had to remove the https source, add the http source, and update the rubygems version.

@mwaldz

This comment has been minimized.

Copy link

commented Oct 15, 2016

@pbennett , how did You remove the https source and add the http?
Thank You in advance!

@pbennett

This comment has been minimized.

Copy link

commented Oct 19, 2016

@mwaldz
gem source -r https://rubygems.org/
gem source -a http://rubygems.org/
gem update --system
gem source -r http://rubygems.org/
gem source -a https://rubygems.org/

@ajithsimon

This comment has been minimized.

Copy link

commented Oct 19, 2016

It works well.. Thanks a lot.

@mwaldz

This comment has been minimized.

Copy link

commented Oct 23, 2016

Thank You!

@cj13579

This comment has been minimized.

Copy link

commented Nov 4, 2016

Thanks @pbennett !!

@luzusomuch

This comment has been minimized.

Copy link

commented Nov 11, 2016

Thank you.

@hilaolu

This comment has been minimized.

Copy link

commented Jan 28, 2017

@pbennett It works!!! thx

@jono-frazer

This comment has been minimized.

Copy link

commented Mar 6, 2017

Elegant and simple. Seems to have Has worked perfectly for me behind a company server too. Certificate was out of date / no longer valid and this fixed it. I've spent hours on this before, I now recall.
Much appreciated.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.