Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Linux is packaged with different SSL certificate #24

Closed
bbaugher opened this issue Dec 22, 2014 · 1 comment
Closed

Linux is packaged with different SSL certificate #24

bbaugher opened this issue Dec 22, 2014 · 1 comment

Comments

@bbaugher
Copy link

@bbaugher bbaugher commented Dec 22, 2014

I was recently running into some ssl errors using traveling ruby. Using this script helped diagnosis the problem,

/opt/traveling-ruby/bin/ruby (2.1.5-p273)
OpenSSL 1.0.1j 15 Oct 2014: /usr/local/override/openssl
SSL_CERT_DIR=""
SSL_CERT_FILE="/opt/traveling-ruby/lib/cert.pem"

HEAD https://[HOST]:443
OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed

The server presented a certificate that could not be verified:
  subject: /C=US/O=Entrust, Inc./OU=www.entrust.net/CPS is incorporated by reference/OU=(c) 2006 Entrust, Inc./CN=Entrust Root Certification Authority
  issuer: /C=US/O=Entrust, Inc./OU=www.entrust.net/CPS is incorporated by reference/OU=(c) 2006 Entrust, Inc./CN=Entrust Root Certification Authority
  error code 19: self signed certificate in certificate chain

I don't see these errors using my local ruby. Trying traveling ruby for mac also does not give me this error. I think I tracked it down to the cert.pem file that is packaged in linux lib/cert.pem is not the same as the one list here. Although they have different names/extensions replacing the cert.pem file with the ca-bundle.crt fixes the issue for me.

I believe I was originally using the first version of traveling ruby but tried the latest as well and had the same problem.

@FooBarWidget
Copy link
Member

@FooBarWidget FooBarWidget commented Dec 24, 2014

Yes, correct. The Linux version copies /etc/pki/tls/cert.pem from CentOS 5. I'll have this changed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
2 participants
You can’t perform that action at this time.