New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Linux is packaged with different SSL certificate #24

Closed
bbaugher opened this Issue Dec 22, 2014 · 1 comment

Comments

Projects
None yet
2 participants
@bbaugher

bbaugher commented Dec 22, 2014

I was recently running into some ssl errors using traveling ruby. Using this script helped diagnosis the problem,

/opt/traveling-ruby/bin/ruby (2.1.5-p273)
OpenSSL 1.0.1j 15 Oct 2014: /usr/local/override/openssl
SSL_CERT_DIR=""
SSL_CERT_FILE="/opt/traveling-ruby/lib/cert.pem"

HEAD https://[HOST]:443
OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed

The server presented a certificate that could not be verified:
  subject: /C=US/O=Entrust, Inc./OU=www.entrust.net/CPS is incorporated by reference/OU=(c) 2006 Entrust, Inc./CN=Entrust Root Certification Authority
  issuer: /C=US/O=Entrust, Inc./OU=www.entrust.net/CPS is incorporated by reference/OU=(c) 2006 Entrust, Inc./CN=Entrust Root Certification Authority
  error code 19: self signed certificate in certificate chain

I don't see these errors using my local ruby. Trying traveling ruby for mac also does not give me this error. I think I tracked it down to the cert.pem file that is packaged in linux lib/cert.pem is not the same as the one list here. Although they have different names/extensions replacing the cert.pem file with the ca-bundle.crt fixes the issue for me.

I believe I was originally using the first version of traveling ruby but tried the latest as well and had the same problem.

@FooBarWidget

This comment has been minimized.

Show comment
Hide comment
@FooBarWidget

FooBarWidget Dec 24, 2014

Member

Yes, correct. The Linux version copies /etc/pki/tls/cert.pem from CentOS 5. I'll have this changed.

Member

FooBarWidget commented Dec 24, 2014

Yes, correct. The Linux version copies /etc/pki/tls/cert.pem from CentOS 5. I'll have this changed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment