Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cannot make HTTPS connections on Windows (works on OSX and Linux) #324

Closed
duncanmak opened this issue May 24, 2016 · 11 comments
Closed

Cannot make HTTPS connections on Windows (works on OSX and Linux) #324

duncanmak opened this issue May 24, 2016 · 11 comments

Comments

@duncanmak
Copy link

duncanmak commented May 24, 2016

On Mac and Linux, this works out of the box:

ruby -rnet/http -e 'Net::HTTP.get(URI("https://google.com"));'

On Windows, however, this error shows up:

C:\Users\builder>ruby -rnet/http -e 'Net::HTTP.get(URI("https://google.com"));'
C:/Ruby22-x64/lib/ruby/2.2.0/net/http.rb:923:in `connect': SSL_connect returned=
1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (Open
SSL::SSL::SSLError)
        from C:/Ruby22-x64/lib/ruby/2.2.0/net/http.rb:923:in `block in connect'
        from C:/Ruby22-x64/lib/ruby/2.2.0/timeout.rb:73:in `timeout'
        from C:/Ruby22-x64/lib/ruby/2.2.0/net/http.rb:923:in `connect'
        from C:/Ruby22-x64/lib/ruby/2.2.0/net/http.rb:863:in `do_start'
        from C:/Ruby22-x64/lib/ruby/2.2.0/net/http.rb:852:in `start'
        from C:/Ruby22-x64/lib/ruby/2.2.0/net/http.rb:583:in `start'
        from C:/Ruby22-x64/lib/ruby/2.2.0/net/http.rb:478:in `get_response'
        from C:/Ruby22-x64/lib/ruby/2.2.0/net/http.rb:455:in `get'
        from -e:1:in `<main>'

We have tried RubyInstaller 2.2.4-x64 as well as older releases, and we see the same error regardless.

The error is similar to the one in the issue involving RubyGems discussed here a year ago, but that has since been fixed (See #261). I can verify that gem install <gem> works on WIndows for me without problems.

Outside of gem, however, I still see a similar error when I try to open SSL connections, i.e. the snippet above.

Is there a reason why the one-liner for GETan HTTPS resource fails in the default installation on Windows?

cc @MSylvia, @Azolo

@dmajkic
Copy link

dmajkic commented May 24, 2016

Download newset certs (cacert.pem) from here:

https://curl.haxx.se/docs/caextract.html

Set enviroment variable to the full path location of the downloaded file. Eg:

set SSL_CERT_FILE=C:\somewhere\cacert.pem

To make it permanent, set SSL_CERT_FILE in "Advanced System Settings"

@duncanmak
Copy link
Author

@dmajkic I've seen those instructions before. My issue is, why do we need to do that ourselves? Is there a reason why the default installation is faulty?

@dmajkic
Copy link

dmajkic commented May 24, 2016

@duncanmak Ruby is using OpenSSL for securing sockets. It's a third party solution, and Ruby expects that OpenSSL part is working. That is the "download certificates and set enviroment variable" part.

That step is to setup OpenSSL to work on Windows. Not Ruby.

On Linux, where OpenSSL is system managed solution, this maintenance is done by system itself (cert locations, apt updating to newer version of root certs). On Windows - you must maintain it manually.

@Azolo
Copy link
Member

Azolo commented May 30, 2016

@duncanmak Unfortunately @dmajkic is correct.

This has been discussed before on how to handle this automatically, but the decision was basically, A) Don't override Environment Variables that would allow this to work because it might cause conflicts with other versions of OpenSSL, B) Don't patch it because it would change the behavior of the library.

So, the result is to handle it ourselves. =/ That being said many libraries ship with CA certificates, including rubygems.

If there is a particular problem you're trying to solve we would be glad to help but I don't have a built-in solution for the current inconvenience.

@ioandev
Copy link

ioandev commented Oct 19, 2016

Didn't work for me.

@augustosamame
Copy link

Didn't work for me either

@dmajkic
Copy link

dmajkic commented Dec 29, 2017

Consider moving to oneclick/rubyinstaller2 which is in active development and addressees this issue.

@augustosamame
Copy link

@dmajkic unfortunately rubyinstaller2 is too modern for my Windows Server 2008 R2 installation. My setup:
Ruby version: ruby 2.2.6p396 (2016-11-15 revision 56800) [x64-mingw32]
Rails version: Rails 5.0.6
Windows version: Windows Server 2008 R2 Enterprise SP1

@MSP-Greg
Copy link

@augustosamame

Do you know if it's an issue with RubyInstaller2 or Ruby 2.4? Would Ruby 2.3.x work?

@augustosamame
Copy link

will check and report back

@vais
Copy link

vais commented Jan 1, 2018

@augustosamame

unfortunately rubyinstaller2 is too modern for my Windows Server 2008 R2 installation

rubyinstaller2 works just fine on my Windows Server 2008 R2 installations. What problem did you experience?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

7 participants