Linux is packaged with different SSL certificate #24

Closed
bbaugher opened this Issue Dec 22, 2014 · 1 comment

Projects

None yet

2 participants

@bbaugher

I was recently running into some ssl errors using traveling ruby. Using this script helped diagnosis the problem,

/opt/traveling-ruby/bin/ruby (2.1.5-p273)
OpenSSL 1.0.1j 15 Oct 2014: /usr/local/override/openssl
SSL_CERT_DIR=""
SSL_CERT_FILE="/opt/traveling-ruby/lib/cert.pem"

HEAD https://[HOST]:443
OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed

The server presented a certificate that could not be verified:
  subject: /C=US/O=Entrust, Inc./OU=www.entrust.net/CPS is incorporated by reference/OU=(c) 2006 Entrust, Inc./CN=Entrust Root Certification Authority
  issuer: /C=US/O=Entrust, Inc./OU=www.entrust.net/CPS is incorporated by reference/OU=(c) 2006 Entrust, Inc./CN=Entrust Root Certification Authority
  error code 19: self signed certificate in certificate chain

I don't see these errors using my local ruby. Trying traveling ruby for mac also does not give me this error. I think I tracked it down to the cert.pem file that is packaged in linux lib/cert.pem is not the same as the one list here. Although they have different names/extensions replacing the cert.pem file with the ca-bundle.crt fixes the issue for me.

I believe I was originally using the first version of traveling ruby but tried the latest as well and had the same problem.

@FooBarWidget
Member

Yes, correct. The Linux version copies /etc/pki/tls/cert.pem from CentOS 5. I'll have this changed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment