Let's Encrypt certificate verify failed September 30th #69
Comments
|
Until we can get it properly fixed, try setting |
you are a life saver! testing now |
|
would same work for other libraries (node specifically?) - Ill test soon, but let me do go first |
|
You can also give it a custom cert with the normal unix |
|
Anything that uses the pact-ruby-standalone will honour PACT_DISABLE_SSL_VERIFICATION if all the env vars are passed through to the child process. |
|
@bethesque unfortunately seems to be getting same with I also tried setting |
seems to have worked for node, but not pact-go |
|
with still getting: |
|
What version of the standalone are you on? I only introduced the disabling env var in the last 6 months or so. |
1.88.72 |
|
It does seem like not getting picked up by pact-ruby? Maybe pact-foundation/pact-ruby#248 is a better location for the workaround to work there? |
|
Yeah, it's only hacked into the standalone. I'll need to put it in separately to pact-ruby. |
And I suspect that will then need to get packaged into new release of standalone? |
|
Just in case - seems like https://github.com/pact-foundation/pact-ruby-standalone/releases/download/v1.88.73/pact-1.88.73-linux-x86_64.tar.gz still carries 1.59 of pact-ruby rather than 1.60. |
|
Trying 1.88.74 now |
|
Unfortunately 1.88.75 doesn't seem to resolve this issue: Or is the fix to allow disabling of the certificate as per #69 (comment) (i.e. PACT_DISABLE_SSL_VERIFICATION=true, or the SSL_CERT_FILE or SSL_CERT_DIR env vars)
@mkj28 it should work for Pact Go in the same way, but the env vars may need to be explicitly carried through, i'll take a look now. |
|
No, it's not Fixed, the release was to allow the SSL verification to be disabled until we can get a proper fix done. |
|
You should also be able to set the |
|
ya, just to also post here - what @bethesque said - it's working with 1.88.75 + |
|
Hey team, looks like this is due to Pact shipping with an embedded ruby version 2.2. Support for Ruby 2.2 ended 2018: https://www.ruby-lang.org/en/news/2018/06/20/support-of-ruby-2-2-has-ended/ The solution would be to upgrade ruby version Pact ships with, as modern ruby versions have updated bundles. Alternatively as a work around to keep SSL verification on could overwrite the bundle. Something like: Inside the Pact installation directory |
|
@bethesque, looks like embedded ruby overwrites the In an Ubuntu container:
|
|
Yes upgrading is something that will need to happen but I believe we are blocked on an upstream PR to support later versions (via Travelling Ruby). Thanks for documenting the workaround for others, Beth is also looking at patching it in here for now also. |
|
Looks like the environment variable is actually working for us sorry. Running embedded ruby directly seems to ignore it. |
|
For the record the upgrade of Ruby, required to have this issue solved, is being tracked in #63. |
Seeing issues related to https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/
Pre issue-raising checklist
I have already (please mark the applicable with an
x):Software versions
Expected behaviour
pact_verifier able to connect to host behind Let's Encrypt cert
Actual behaviour
Hitting SSL issue starting September 30th
Steps to reproduce
TBD
Relevent log files
Not DEBUG, but could be enough?
The text was updated successfully, but these errors were encountered: