New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SSL_connect failure when running "rails new" #319

Closed
DanielKehoe opened this Issue Apr 22, 2012 · 106 comments

Comments

Projects
None yet
@DanielKehoe

I'm using Mac OS 10.6.8. I'm using RubyGems 1.8.23. I've installed Ruby 1.9.3p194 using rvm version 1.12.3. I have rake 0.9.2.2 and bundler version 1.1.3. When I run rails new testapp I get an error:

Gem::RemoteFetcher::FetchError: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B (https://rubygems.org/gems/rake-0.9.2.2.gem) An error occured while installing rake (0.9.2.2), and Bundler cannot continue.

I found a Stack Overflow discussion "bundle install fails with SSL certificate verification error"[1] which suggests to create or modify a file called .gemrc in your home path, including the line :ssl_verify_mode: 0. That works but the RubyGems 1.8.23 release notes say this is not recommended.

Instead, the RubyGems 1.8.23 release notes recommend:

configure SSL certificate usage in RubyGems through the :ssl_ca_cert and :ssl_verify_mode options in ~/.gemrc and /etc/gemrc. The recommended way is to set :ssl_ca_cert to the CA certificate for your server or a certificate bundle containing your CA certification

All I'm doing is connecting to https://rubygems.org/. It's not a "custom RubyGems server."

I didn't have this problem before installing RubyGems 1.8.23 and Ruby 1.9.3p194.

Why do I get the failure?

What's the recommended way to fix this?

[1] http://stackoverflow.com/questions/10246023/bundle-install-fails-with-ssl-certificate-verification-error

@zenspider

This comment has been minimized.

Show comment
Hide comment
@zenspider

zenspider Apr 22, 2012

Contributor

You can use the gem source command to fix your source to use plain http (or edit gemrc directly)

Contributor

zenspider commented Apr 22, 2012

You can use the gem source command to fix your source to use plain http (or edit gemrc directly)

@DanielKehoe

This comment has been minimized.

Show comment
Hide comment
@DanielKehoe

DanielKehoe Apr 22, 2012

Could the error be due to an outdated SSL certificate on my local computer? Any other likely reason?

Could the error be due to an outdated SSL certificate on my local computer? Any other likely reason?

@zenspider

This comment has been minimized.

Show comment
Hide comment
@zenspider

zenspider Apr 22, 2012

Contributor

I don't think so, but I've been out of the loop on this one. AFAIK, it's because the HTTPS source is redirecting to an HTTP url and that's bad so we're not allowing it to happen anymore. Downgrading your source to HTTP should be sufficient since it is just rubygems.org.

Contributor

zenspider commented Apr 22, 2012

I don't think so, but I've been out of the loop on this one. AFAIK, it's because the HTTPS source is redirecting to an HTTP url and that's bad so we're not allowing it to happen anymore. Downgrading your source to HTTP should be sufficient since it is just rubygems.org.

@DanielKehoe

This comment has been minimized.

Show comment
Hide comment
@DanielKehoe

DanielKehoe Apr 22, 2012

I've used the command sudo gem sources -a http://rubygems.org and my .gemrc file looks like this:

:backtrace: false
:benchmark: false
:bulk_threshold: 1000
:sources:
- http://gems.rubyforge.org/
- http://gemcutter.org/
- http://gems.github.com
- http://rubygems.org
:update_sources: true
:verbose: true
install: --no-rdoc --no-ri
update: --no-rdoc --no-ri

I'm still getting the same error.

The error should be easy to reproduce. Just use rvm to create a new gemset, then gem install rails and rails new testapp to see the error.

As you know, when we use the rails new testapp command, Rails generates a Gemfile that contains source 'https://rubygems.org'. I presume that overrides any source I add to the .gemrc file.

So what's going on? It doesn't make sense that https://rubygems.org would be redirected to an http server.

Besides, the source lib/rubygems/remote_fetcher.rb looks like it would raise a FetchError with the message "redirecting to non-https resource" if the problem was a redirect from https to http.

I've used the command sudo gem sources -a http://rubygems.org and my .gemrc file looks like this:

:backtrace: false
:benchmark: false
:bulk_threshold: 1000
:sources:
- http://gems.rubyforge.org/
- http://gemcutter.org/
- http://gems.github.com
- http://rubygems.org
:update_sources: true
:verbose: true
install: --no-rdoc --no-ri
update: --no-rdoc --no-ri

I'm still getting the same error.

The error should be easy to reproduce. Just use rvm to create a new gemset, then gem install rails and rails new testapp to see the error.

As you know, when we use the rails new testapp command, Rails generates a Gemfile that contains source 'https://rubygems.org'. I presume that overrides any source I add to the .gemrc file.

So what's going on? It doesn't make sense that https://rubygems.org would be redirected to an http server.

Besides, the source lib/rubygems/remote_fetcher.rb looks like it would raise a FetchError with the message "redirecting to non-https resource" if the problem was a redirect from https to http.

@luislavena

This comment has been minimized.

Show comment
Hide comment
@luislavena

luislavena Apr 23, 2012

Member

I would suggest you remove the following sources:

  • gems.rubyforge.org
  • gemcutter.org

Those two are dead. Gemcutter become rubygems and the domain might be redirecting to an HTTPS connection. The RubyForge one is no longer the source for gems.

You can remove the sources:

gem sources -r http://gems.rubyforge.org
gem sources -r http://gemcutter.org
Member

luislavena commented Apr 23, 2012

I would suggest you remove the following sources:

  • gems.rubyforge.org
  • gemcutter.org

Those two are dead. Gemcutter become rubygems and the domain might be redirecting to an HTTPS connection. The RubyForge one is no longer the source for gems.

You can remove the sources:

gem sources -r http://gems.rubyforge.org
gem sources -r http://gemcutter.org
@DanielKehoe

This comment has been minimized.

Show comment
Hide comment
@DanielKehoe

DanielKehoe Apr 23, 2012

@luislavena thank you for the tip. However the error persists after I've removed the two superfluous gem sources.

@luislavena thank you for the tip. However the error persists after I've removed the two superfluous gem sources.

@luislavena

This comment has been minimized.

Show comment
Hide comment
@luislavena

luislavena Apr 23, 2012

Member

@DanielKehoe can you run gem install rake --verbose ?

I can't reproduce with latest RubyGems.

Member

luislavena commented Apr 23, 2012

@DanielKehoe can you run gem install rake --verbose ?

I can't reproduce with latest RubyGems.

@luislavena

This comment has been minimized.

Show comment
Hide comment
@luislavena

luislavena Apr 23, 2012

Member

@DanielKehoe better yet, can you check your Gemfile (since you mentioned Bundler) do not contain `source "https://rubygems.org" in it?

Member

luislavena commented Apr 23, 2012

@DanielKehoe better yet, can you check your Gemfile (since you mentioned Bundler) do not contain `source "https://rubygems.org" in it?

@DanielKehoe

This comment has been minimized.

Show comment
Hide comment
@DanielKehoe

DanielKehoe Apr 23, 2012

@luislavena the problem is exactly this: When the rails new command is used, the Gemfile installed by Rails specifies https://rubygems.org/ as the source for gems. As far as I know, it overrides any other gem source set in .gemrc. There's no way to change the gem source in the Gemfile when you run rails new because it comes from a template file in the Rails gem itself. So when I try to create a new Rails application it fails with the SSL_connect error.

@luislavena the problem is exactly this: When the rails new command is used, the Gemfile installed by Rails specifies https://rubygems.org/ as the source for gems. As far as I know, it overrides any other gem source set in .gemrc. There's no way to change the gem source in the Gemfile when you run rails new because it comes from a template file in the Rails gem itself. So when I try to create a new Rails application it fails with the SSL_connect error.

@luislavena

This comment has been minimized.

Show comment
Hide comment
@luislavena

luislavena Apr 23, 2012

Member

@DanielKehoe can't you rails new foo --skip-bundle ?

Your problem is that your installation is having issues to validate the certs, RubyGems and Ruby 1.9.3-p194 bundles with it a .pem file with the certs, and that is what RubyGems should be using to validate.

If is failing for you then the issue is something else.

Member

luislavena commented Apr 23, 2012

@DanielKehoe can't you rails new foo --skip-bundle ?

Your problem is that your installation is having issues to validate the certs, RubyGems and Ruby 1.9.3-p194 bundles with it a .pem file with the certs, and that is what RubyGems should be using to validate.

If is failing for you then the issue is something else.

@DanielKehoe

This comment has been minimized.

Show comment
Hide comment
@DanielKehoe

DanielKehoe Apr 24, 2012

Here is the detailed guide I am using to install Rails:
http://railsapps.github.com/installing-rails.html

Here are the specific steps to reproduce the error:

  • install rvm (https://rvm.io/rvm/install/)
  • $ rvm install ruby-1.9.3-p194
  • $ rvm --default use ruby-1.9.3-p194
  • $ rvm ruby-1.9.3-p194@rails32 --create --default
  • $ gem install rails
  • $ rails new testapp

My .gemrc looks like this:

---
:backtrace: false
:benchmark: false
:bulk_threshold: 1000
:sources:
- https://gems.github.com
- http://rubygems.org
:update_sources: true
:verbose: true
install: --no-rdoc --no-ri
update: --no-rdoc --no-ri
# :ssl_verify_mode: 0

Here is the detailed guide I am using to install Rails:
http://railsapps.github.com/installing-rails.html

Here are the specific steps to reproduce the error:

  • install rvm (https://rvm.io/rvm/install/)
  • $ rvm install ruby-1.9.3-p194
  • $ rvm --default use ruby-1.9.3-p194
  • $ rvm ruby-1.9.3-p194@rails32 --create --default
  • $ gem install rails
  • $ rails new testapp

My .gemrc looks like this:

---
:backtrace: false
:benchmark: false
:bulk_threshold: 1000
:sources:
- https://gems.github.com
- http://rubygems.org
:update_sources: true
:verbose: true
install: --no-rdoc --no-ri
update: --no-rdoc --no-ri
# :ssl_verify_mode: 0
@luislavena

This comment has been minimized.

Show comment
Hide comment
@luislavena

luislavena Apr 24, 2012

Member

Remove https from github.

Sorry for top posting. Sent from mobile.
On Apr 23, 2012 9:06 PM, "Daniel Kehoe" <
reply@reply.github.com>
wrote:

Here is the detailed guide I am using to install Rails:
http://railsapps.github.com/installing-rails.html

Here are the specific steps to reproduce the error:

  • install rvm (https://rvm.io/rvm/install/)
  • $ rvm install ruby-1.9.3-p194
  • $ rvm --default use ruby-1.9.3-p194
  • $ rvm ruby-1.9.3-p194 @rails32 --create --default
  • $ gem install rails
  • $ rails new testapp

My .gemrc looks like this:

---
:backtrace: false
:benchmark: false
:bulk_threshold: 1000
:sources:
- https://gems.github.com
- http://rubygems.org
:update_sources: true
:verbose: true
install: --no-rdoc --no-ri
update: --no-rdoc --no-ri
# :ssl_verify_mode: 0

Reply to this email directly or view it on GitHub:
#319 (comment)

Member

luislavena commented Apr 24, 2012

Remove https from github.

Sorry for top posting. Sent from mobile.
On Apr 23, 2012 9:06 PM, "Daniel Kehoe" <
reply@reply.github.com>
wrote:

Here is the detailed guide I am using to install Rails:
http://railsapps.github.com/installing-rails.html

Here are the specific steps to reproduce the error:

  • install rvm (https://rvm.io/rvm/install/)
  • $ rvm install ruby-1.9.3-p194
  • $ rvm --default use ruby-1.9.3-p194
  • $ rvm ruby-1.9.3-p194 @rails32 --create --default
  • $ gem install rails
  • $ rails new testapp

My .gemrc looks like this:

---
:backtrace: false
:benchmark: false
:bulk_threshold: 1000
:sources:
- https://gems.github.com
- http://rubygems.org
:update_sources: true
:verbose: true
install: --no-rdoc --no-ri
update: --no-rdoc --no-ri
# :ssl_verify_mode: 0

Reply to this email directly or view it on GitHub:
#319 (comment)

@DanielKehoe

This comment has been minimized.

Show comment
Hide comment
@DanielKehoe

DanielKehoe Apr 24, 2012

@luislavena yes, I can use rails new foo --skip-bundle and then edit the Gemfile if I'm going to build a Rails app from scratch. I still have a problem if I try to use an app template to generate a new app, for example:

rails new myapp -m https://raw.github.com/RailsApps/rails3-application-templates/master/rails3-haml-html5-template.rb --skip-bundle

I've got a number of app templates on GitHub and quite a few people using them. I haven't had a lot of reports of this error, but I've had a few, and I'm seeing it myself. I'd like to get to the bottom of what's at issue so I can advise others who report the problem. I don't want to just suggest :ssl_verify_mode: 0 if there's a more appropriate fix.

@luislavena yes, I can use rails new foo --skip-bundle and then edit the Gemfile if I'm going to build a Rails app from scratch. I still have a problem if I try to use an app template to generate a new app, for example:

rails new myapp -m https://raw.github.com/RailsApps/rails3-application-templates/master/rails3-haml-html5-template.rb --skip-bundle

I've got a number of app templates on GitHub and quite a few people using them. I haven't had a lot of reports of this error, but I've had a few, and I'm seeing it myself. I'd like to get to the bottom of what's at issue so I can advise others who report the problem. I don't want to just suggest :ssl_verify_mode: 0 if there's a more appropriate fix.

@nahi

This comment has been minimized.

Show comment
Hide comment
@nahi

nahi Apr 24, 2012

Contributor

The root problem is at server side that tries to redirect 'https://rubygems.org/' to 'https://bb-m.rubygems.org/'. https://bb-m.rubygems.org is wrongly configured for SSL connection so that we're getting SSL certification failure. In addition to it, even we configure rubygems to ignore certification failure, https://bb-m.rubygems.org/ redirects clients to http://rubygems.org/* (redirecting to non https resource) anyway we can't make it run by client configuration.

I sent a mail about this investigation to @evanphx and @drbrain 16.5 hours ago but RubyGems team could not fix the server until the conference ends because they are attending RailsConf now... Please use the workaround @luislavena suggested.

Contributor

nahi commented Apr 24, 2012

The root problem is at server side that tries to redirect 'https://rubygems.org/' to 'https://bb-m.rubygems.org/'. https://bb-m.rubygems.org is wrongly configured for SSL connection so that we're getting SSL certification failure. In addition to it, even we configure rubygems to ignore certification failure, https://bb-m.rubygems.org/ redirects clients to http://rubygems.org/* (redirecting to non https resource) anyway we can't make it run by client configuration.

I sent a mail about this investigation to @evanphx and @drbrain 16.5 hours ago but RubyGems team could not fix the server until the conference ends because they are attending RailsConf now... Please use the workaround @luislavena suggested.

@DanielKehoe

This comment has been minimized.

Show comment
Hide comment
@DanielKehoe

DanielKehoe Apr 24, 2012

Thank you, @nahi. I am happy to know the source of the error. Ironic to hear the problem can't be fixed immediately because everyone is at RailsConf. But I'm glad the problem is identified and a fix forthcoming. I appreciate everyone's efforts to build a better Ruby!

Thank you, @nahi. I am happy to know the source of the error. Ironic to hear the problem can't be fixed immediately because everyone is at RailsConf. But I'm glad the problem is identified and a fix forthcoming. I appreciate everyone's efforts to build a better Ruby!

@pbiggar

This comment has been minimized.

Show comment
Hide comment
@pbiggar

pbiggar Apr 24, 2012

@DanielKehoe - is the bug fixed? Or should I follow to bug somewhere else?

pbiggar commented Apr 24, 2012

@DanielKehoe - is the bug fixed? Or should I follow to bug somewhere else?

@DanielKehoe DanielKehoe reopened this Apr 24, 2012

@DanielKehoe

This comment has been minimized.

Show comment
Hide comment
@DanielKehoe

DanielKehoe Apr 24, 2012

@pbiggar I believe @nahi says it will be unresolved until the RubyGems team fixes the server.

@pbiggar I believe @nahi says it will be unresolved until the RubyGems team fixes the server.

@nahi

This comment has been minimized.

Show comment
Hide comment
@nahi

nahi Apr 24, 2012

Contributor

@DanielKehoe @pbiggar Right. Hope this issue fixed soon...

Contributor

nahi commented Apr 24, 2012

@DanielKehoe @pbiggar Right. Hope this issue fixed soon...

@DanielKehoe

This comment has been minimized.

Show comment
Hide comment
@DanielKehoe

DanielKehoe Apr 24, 2012

Here's my summary for anyone following a link here. Correct me if I'm wrong.

If you try rails new foo to build a new Rails application with RubyGems 1.8.23 and Ruby 1.9.3-p194 you'll get an error because RubyGems now verifies SSL certificates and Bundler tries to connect with https://rubygems.org/ when you build a new Rails app and https://rubygems.org/ is wrongly configured for SSL connections. The RubyGems team will soon fix the server but until then, use rails new foo --skip-bundle to build a new Rails app and then edit the Gemfile to use http://rubygems.org/.

If you are using an application template from the RailsApps project on GitHub, --skip-bundle won't work but you can edit your ~/.gemrc file and set :ssl_verify_mode: 0 to skip SSL certificate verification. Consider that a temporary workaround and remove it when the https://rubygems.org/ server gets fixed.

Thank you @nahi and @luislavena.

Here's my summary for anyone following a link here. Correct me if I'm wrong.

If you try rails new foo to build a new Rails application with RubyGems 1.8.23 and Ruby 1.9.3-p194 you'll get an error because RubyGems now verifies SSL certificates and Bundler tries to connect with https://rubygems.org/ when you build a new Rails app and https://rubygems.org/ is wrongly configured for SSL connections. The RubyGems team will soon fix the server but until then, use rails new foo --skip-bundle to build a new Rails app and then edit the Gemfile to use http://rubygems.org/.

If you are using an application template from the RailsApps project on GitHub, --skip-bundle won't work but you can edit your ~/.gemrc file and set :ssl_verify_mode: 0 to skip SSL certificate verification. Consider that a temporary workaround and remove it when the https://rubygems.org/ server gets fixed.

Thank you @nahi and @luislavena.

@nahi

This comment has been minimized.

Show comment
Hide comment
@nahi

nahi Apr 24, 2012

Contributor

@DanielKehoe Thanks for the summary. I'm not sure if :ssl_verify_mode: 0 works. https://bb-m.rubygems.org/ redirects the access to http://rubygems.org/ so the latest RubyGems stops there because of "https -> http" insecure redirection. You should update ":sources" in .gemrc to not include https://rubygems.org/ for a workaround. Does it work for you?

Anyways, as you said, it's a temporary workaround and changes should be reverted once rubygems.org is properly configured (hopefully) soon.

Contributor

nahi commented Apr 24, 2012

@DanielKehoe Thanks for the summary. I'm not sure if :ssl_verify_mode: 0 works. https://bb-m.rubygems.org/ redirects the access to http://rubygems.org/ so the latest RubyGems stops there because of "https -> http" insecure redirection. You should update ":sources" in .gemrc to not include https://rubygems.org/ for a workaround. Does it work for you?

Anyways, as you said, it's a temporary workaround and changes should be reverted once rubygems.org is properly configured (hopefully) soon.

@krbullock

This comment has been minimized.

Show comment
Hide comment
@krbullock

krbullock Apr 24, 2012

AFAICT, rubygems.org has fixed this now:

❧  curl -I https://rubygems.org/gems/rake-0.9.2.2.gem
HTTP/1.1 302 Moved Temporarily
...
Location: https://d2chzxaqi4y7f8.cloudfront.net/gems/rake-0.9.2.2.gem

❧  curl -I https://d2chzxaqi4y7f8.cloudfront.net/gems/rake-0.9.2.2.gem
HTTP/1.0 200 OK
...

and the bundle install step of rails new foo works for me.

AFAICT, rubygems.org has fixed this now:

❧  curl -I https://rubygems.org/gems/rake-0.9.2.2.gem
HTTP/1.1 302 Moved Temporarily
...
Location: https://d2chzxaqi4y7f8.cloudfront.net/gems/rake-0.9.2.2.gem

❧  curl -I https://d2chzxaqi4y7f8.cloudfront.net/gems/rake-0.9.2.2.gem
HTTP/1.0 200 OK
...

and the bundle install step of rails new foo works for me.

@evanphx

This comment has been minimized.

Show comment
Hide comment
@evanphx

evanphx Apr 24, 2012

Member

I've updated the cert on bb-m so the problem should be fixed. Please reopen if not.

Member

evanphx commented Apr 24, 2012

I've updated the cert on bb-m so the problem should be fixed. Please reopen if not.

@evanphx evanphx closed this Apr 24, 2012

@DanielKehoe

This comment has been minimized.

Show comment
Hide comment
@DanielKehoe

DanielKehoe Apr 24, 2012

Excellent! I appreciate your efforts to build a better Ruby. And congratulations to @drbrain on the Ruby Heroes award!

Excellent! I appreciate your efforts to build a better Ruby. And congratulations to @drbrain on the Ruby Heroes award!

@DanielKehoe

This comment has been minimized.

Show comment
Hide comment
@DanielKehoe

DanielKehoe Apr 24, 2012

With rails new foo I'm still getting the error:

Gem::RemoteFetcher::FetchError: SSL_connect returned=1 errno=0 state=SSLv3 
read server certificate B (https://rubygems.org/gems/rake-0.9.2.2.gem)

I saw

curl -I https://rubygems.org/gems/rake-0.9.2.2.gem
HTTP/1.1 302 Moved Temporarily
...
Location: http://production.cf.rubygems.org/gems/rake-0.9.2.2.gem

curl -I http://production.cf.rubygems.org/gems/rake-0.9.2.2.gem
HTTP/1.0 200 OK
...

I also saw

curl -I https://rubygems.org/gems/rake-0.9.2.2.gem
HTTP/1.1 302 Moved Temporarily
...
Location: https://rubygems.cachefly.net/gems/rake-0.9.2.2.gem

curl -I https://rubygems.cachefly.net/gems/rake-0.9.2.2.gem
HTTP/1.1 200 OK
...

With rails new foo I'm still getting the error:

Gem::RemoteFetcher::FetchError: SSL_connect returned=1 errno=0 state=SSLv3 
read server certificate B (https://rubygems.org/gems/rake-0.9.2.2.gem)

I saw

curl -I https://rubygems.org/gems/rake-0.9.2.2.gem
HTTP/1.1 302 Moved Temporarily
...
Location: http://production.cf.rubygems.org/gems/rake-0.9.2.2.gem

curl -I http://production.cf.rubygems.org/gems/rake-0.9.2.2.gem
HTTP/1.0 200 OK
...

I also saw

curl -I https://rubygems.org/gems/rake-0.9.2.2.gem
HTTP/1.1 302 Moved Temporarily
...
Location: https://rubygems.cachefly.net/gems/rake-0.9.2.2.gem

curl -I https://rubygems.cachefly.net/gems/rake-0.9.2.2.gem
HTTP/1.1 200 OK
...
@evanphx

This comment has been minimized.

Show comment
Hide comment
@evanphx

evanphx Apr 24, 2012

Member

I've removed the mirrors from the SSL redirections for now. The only one you should see is https://rubygems.org => https://d2chzxaqi4y7f8.cloudfront.net.

Member

evanphx commented Apr 24, 2012

I've removed the mirrors from the SSL redirections for now. The only one you should see is https://rubygems.org => https://d2chzxaqi4y7f8.cloudfront.net.

@DanielKehoe

This comment has been minimized.

Show comment
Hide comment
@DanielKehoe

DanielKehoe Apr 24, 2012

@evanphx I'm still getting the error. Anything further I can do to diagnose?

@evanphx I'm still getting the error. Anything further I can do to diagnose?

@evanphx

This comment has been minimized.

Show comment
Hide comment
@evanphx

evanphx Apr 24, 2012

Member

Hm... very odd. Did you hand compile openssl? Any chance you set the :ssl_ca_cert option? That overrides the builtin bundles entirely and might cause this depending on what you set it to.

Member

evanphx commented Apr 24, 2012

Hm... very odd. Did you hand compile openssl? Any chance you set the :ssl_ca_cert option? That overrides the builtin bundles entirely and might cause this depending on what you set it to.

@evanphx evanphx reopened this Apr 24, 2012

@DanielKehoe

This comment has been minimized.

Show comment
Hide comment
@DanielKehoe

DanielKehoe Apr 25, 2012

I tracked down the source of the (continuing) failure to an outdated version of OpenSSL on my machine:

$ openssl version
OpenSSL 0.9.8m 25 Feb 2010

I updated OpenSSL using MacPorts:

$ sudo port sync; sudo port selfupdate; sudo port install openssl
...
$ openssl version
OpenSSL 1.0.1a 19 Apr 2012

And successfully ran rails new foo.

I'm using Mac OS 10.6.8 and many Mac users who have not upgraded to Lion will have old versions of OpenSSL on their systems. I wonder if it would be helpful in the error message to suggest updating OpenSSL? Anything else that would minimize the issue for other users?

@evanphx I appreciate your time and perseverance in helping me identify the source of the problem (especially while busy at RailsConf!). Blessings!

I tracked down the source of the (continuing) failure to an outdated version of OpenSSL on my machine:

$ openssl version
OpenSSL 0.9.8m 25 Feb 2010

I updated OpenSSL using MacPorts:

$ sudo port sync; sudo port selfupdate; sudo port install openssl
...
$ openssl version
OpenSSL 1.0.1a 19 Apr 2012

And successfully ran rails new foo.

I'm using Mac OS 10.6.8 and many Mac users who have not upgraded to Lion will have old versions of OpenSSL on their systems. I wonder if it would be helpful in the error message to suggest updating OpenSSL? Anything else that would minimize the issue for other users?

@evanphx I appreciate your time and perseverance in helping me identify the source of the problem (especially while busy at RailsConf!). Blessings!

@joliss

This comment has been minimized.

Show comment
Hide comment
@joliss

joliss Apr 28, 2012

I'm having a similar (presumably the same) issue:

Gem::RemoteFetcher::FetchError: SSL_connect returned=1 errno=0 state=unknown state: sslv3 alert handshake failure (https://d2chzxaqi4y7f8.cloudfront.net/gems/activesupport-3.2.3.gem)
An error occured while installing activesupport (3.2.3), and Bundler cannot continue.
Make sure that `gem install activesupport -v '3.2.3'` succeeds before bundling.
  • Rubygems 1.8.24
  • Ruby 1.9.3-p125 or 1.9.3-p194
  • bundler 1.1.3
  • Ubuntu 12.04
  • OpenSSL 1.0.1

If there's anything I can do to debug the issue, let me know. So far my only solution has been to use a non-https source in my Gemfile.

I'm thinking it might be related to my recent upgrade to Ubuntu 12.04 / OpenSSL 1.0.1.

joliss commented Apr 28, 2012

I'm having a similar (presumably the same) issue:

Gem::RemoteFetcher::FetchError: SSL_connect returned=1 errno=0 state=unknown state: sslv3 alert handshake failure (https://d2chzxaqi4y7f8.cloudfront.net/gems/activesupport-3.2.3.gem)
An error occured while installing activesupport (3.2.3), and Bundler cannot continue.
Make sure that `gem install activesupport -v '3.2.3'` succeeds before bundling.
  • Rubygems 1.8.24
  • Ruby 1.9.3-p125 or 1.9.3-p194
  • bundler 1.1.3
  • Ubuntu 12.04
  • OpenSSL 1.0.1

If there's anything I can do to debug the issue, let me know. So far my only solution has been to use a non-https source in my Gemfile.

I'm thinking it might be related to my recent upgrade to Ubuntu 12.04 / OpenSSL 1.0.1.

@nahi

This comment has been minimized.

Show comment
Hide comment
@nahi

nahi Apr 28, 2012

Contributor

Can you try this? It works for me on 12.04 + 1.0.1 + 2.0.0dev.

% ruby -rrubygems/remote_fetcher -e 'p Gem::RemoteFetcher.new.fetch_http(URI.parse("https://d2chzxaqi4y7f8.cloudfront.net/gems/activesupport-3.2.3.gem")).bytesize'
Fetching: activesupport-3.2.3.gem (100%)
312832
Contributor

nahi commented Apr 28, 2012

Can you try this? It works for me on 12.04 + 1.0.1 + 2.0.0dev.

% ruby -rrubygems/remote_fetcher -e 'p Gem::RemoteFetcher.new.fetch_http(URI.parse("https://d2chzxaqi4y7f8.cloudfront.net/gems/activesupport-3.2.3.gem")).bytesize'
Fetching: activesupport-3.2.3.gem (100%)
312832
@gaurish

This comment has been minimized.

Show comment
Hide comment
@gaurish

gaurish Apr 28, 2012

I too have the same issue on Ubuntu 12.04 LTS with OpenSSL 1.0.1. Tried with ruby 1.9.3(both p125 & p194).

get the following message:
Gem::RemoteFetcher::FetchError: SSL_connect returned=1 errno=0 state=unknown state: sslv3 alert handshake failure

@joliss
making source as http worked, Thanks for the workaround

gaurish commented Apr 28, 2012

I too have the same issue on Ubuntu 12.04 LTS with OpenSSL 1.0.1. Tried with ruby 1.9.3(both p125 & p194).

get the following message:
Gem::RemoteFetcher::FetchError: SSL_connect returned=1 errno=0 state=unknown state: sslv3 alert handshake failure

@joliss
making source as http worked, Thanks for the workaround

@yesmar

This comment has been minimized.

Show comment
Hide comment
@yesmar

yesmar Apr 28, 2012

I've got a similar issue with Ubuntu 12.04:

$ uname -srv
Linux 3.2.0-24-generic #37-Ubuntu SMP Wed Apr 25 08:43:22 UTC 2012
$ ruby --version
ruby 1.9.3p194 (2012-04-20 revision 35410) [x86_64-linux]
$ gem --version
1.8.24
$ openssl version
OpenSSL 1.0.1 14 Mar 2012
$ ruby -rrubygems/remote_fetcher -e 'p Gem::RemoteFetcher.new.fetch_http(URI.parse("https://d2chzxaqi4y7f8.cloudfront.net/gems/activesupport-3.2.3.gem")).bytesize'
/usr/local/lib/ruby/site_ruby/1.9.1/rubygems/remote_fetcher.rb:331:in `rescue in connection_for': SSL_connect returned=1 errno=0 state=unknown state: sslv3 alert handshake failure (https://d2chzxaqi4y7f8.cloudfront.net/gems/activesupport-3.2.3.gem) (Gem::RemoteFetcher::FetchError)
    from /usr/local/lib/ruby/site_ruby/1.9.1/rubygems/remote_fetcher.rb:328:in `connection_for'
    from /usr/local/lib/ruby/site_ruby/1.9.1/rubygems/remote_fetcher.rb:413:in `request'
    from /usr/local/lib/ruby/site_ruby/1.9.1/rubygems/remote_fetcher.rb:205:in `fetch_http'
    from -e:1:in `<main>'

yesmar commented Apr 28, 2012

I've got a similar issue with Ubuntu 12.04:

$ uname -srv
Linux 3.2.0-24-generic #37-Ubuntu SMP Wed Apr 25 08:43:22 UTC 2012
$ ruby --version
ruby 1.9.3p194 (2012-04-20 revision 35410) [x86_64-linux]
$ gem --version
1.8.24
$ openssl version
OpenSSL 1.0.1 14 Mar 2012
$ ruby -rrubygems/remote_fetcher -e 'p Gem::RemoteFetcher.new.fetch_http(URI.parse("https://d2chzxaqi4y7f8.cloudfront.net/gems/activesupport-3.2.3.gem")).bytesize'
/usr/local/lib/ruby/site_ruby/1.9.1/rubygems/remote_fetcher.rb:331:in `rescue in connection_for': SSL_connect returned=1 errno=0 state=unknown state: sslv3 alert handshake failure (https://d2chzxaqi4y7f8.cloudfront.net/gems/activesupport-3.2.3.gem) (Gem::RemoteFetcher::FetchError)
    from /usr/local/lib/ruby/site_ruby/1.9.1/rubygems/remote_fetcher.rb:328:in `connection_for'
    from /usr/local/lib/ruby/site_ruby/1.9.1/rubygems/remote_fetcher.rb:413:in `request'
    from /usr/local/lib/ruby/site_ruby/1.9.1/rubygems/remote_fetcher.rb:205:in `fetch_http'
    from -e:1:in `<main>'
@nahi

This comment has been minimized.

Show comment
Hide comment
@nahi

nahi Apr 29, 2012

Contributor

Thanks @yesmar, can you please try that again with -d?; ruby -d -r...

Contributor

nahi commented Apr 29, 2012

Thanks @yesmar, can you please try that again with -d?; ruby -d -r...

@DanielKehoe

This comment has been minimized.

Show comment
Hide comment
@DanielKehoe

DanielKehoe Apr 29, 2012

I've summarized this issue with steps for diagnosis, plus several workarounds in an article:
http://railsapps.github.com/openssl-certificate-verify-failed.html

I've summarized this issue with steps for diagnosis, plus several workarounds in an article:
http://railsapps.github.com/openssl-certificate-verify-failed.html

@nahi

This comment has been minimized.

Show comment
Hide comment
@nahi

nahi Apr 29, 2012

Contributor

Please try this and show me the result; ruby -rrbconfig -e 'p Dir.glob(File.join(RbConfig::CONFIG["sitelibdir"], "rubygems/ssl_certs/*"))'

Contributor

nahi commented Apr 29, 2012

Please try this and show me the result; ruby -rrbconfig -e 'p Dir.glob(File.join(RbConfig::CONFIG["sitelibdir"], "rubygems/ssl_certs/*"))'

@nahi

This comment has been minimized.

Show comment
Hide comment
@nahi

nahi Apr 29, 2012

Contributor

And this, too, please; ruby -rhttpclient -e 'h = HTTPClient.new; h.ssl_config.verify_callback = proc { |ok, ctx|; p ctx.current_cert; ok }; h.get("https://d2chzxaqi4y7f8.cloudfront.net/gems/activesupport-3.2.3.gem")'

Contributor

nahi commented Apr 29, 2012

And this, too, please; ruby -rhttpclient -e 'h = HTTPClient.new; h.ssl_config.verify_callback = proc { |ok, ctx|; p ctx.current_cert; ok }; h.get("https://d2chzxaqi4y7f8.cloudfront.net/gems/activesupport-3.2.3.gem")'

@jrochkind

This comment has been minimized.

Show comment
Hide comment
@jrochkind

jrochkind May 3, 2012

If you’re still getting the error “SSL_connect returned=1 errno=0 state=unknown state: sslv3 alert handshake failure”, run the diagnostic below and add your report to the issue SSL_connect failure when running ‘rails new’. Please supply details: OS version, Ruby version, RubyGems version, OpenSSL version, error message.

OSX 10.5.8

$ uname -srv
Darwin 9.8.0 Darwin Kernel Version 9.8.0: Wed Jul 15 16:55:01 PDT 2009; root:xnu-1228.15.4~1/RELEASE_I386
$ ruby -v
ruby 1.9.3p194 (2012-04-20 revision 35410) [i386-darwin9.8.0]
$ gem -v
1.8.24
$ openssl version
OpenSSL 0.9.7l 28 Sep 2006
$ ruby -rrubygems/remote_fetcher -e 'p Gem::RemoteFetcher.new.fetch_http(URI.parse("https://s3.amazonaws.com/production.s3.rubygems.org/gems/builder-3.0.0.gem")).bytesize'
/Users/jrochkind/.rvm/rubies/ruby-1.9.3-p194/lib/ruby/site_ruby/1.9.1/rubygems/remote_fetcher.rb:331:in `rescue in connection_for': SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (https://s3.amazonaws.com/production.s3.rubygems.org/gems/builder-3.0.0.gem) (Gem::RemoteFetcher::FetchError)
    from /Users/jrochkind/.rvm/rubies/ruby-1.9.3-p194/lib/ruby/site_ruby/1.9.1/rubygems/remote_fetcher.rb:328:in `connection_for'
    from /Users/jrochkind/.rvm/rubies/ruby-1.9.3-p194/lib/ruby/site_ruby/1.9.1/rubygems/remote_fetcher.rb:413:in `request'
    from /Users/jrochkind/.rvm/rubies/ruby-1.9.3-p194/lib/ruby/site_ruby/1.9.1/rubygems/remote_fetcher.rb:205:in `fetch_http'
    from -e:1:in `<main>'

If you’re still getting the error “SSL_connect returned=1 errno=0 state=unknown state: sslv3 alert handshake failure”, run the diagnostic below and add your report to the issue SSL_connect failure when running ‘rails new’. Please supply details: OS version, Ruby version, RubyGems version, OpenSSL version, error message.

OSX 10.5.8

$ uname -srv
Darwin 9.8.0 Darwin Kernel Version 9.8.0: Wed Jul 15 16:55:01 PDT 2009; root:xnu-1228.15.4~1/RELEASE_I386
$ ruby -v
ruby 1.9.3p194 (2012-04-20 revision 35410) [i386-darwin9.8.0]
$ gem -v
1.8.24
$ openssl version
OpenSSL 0.9.7l 28 Sep 2006
$ ruby -rrubygems/remote_fetcher -e 'p Gem::RemoteFetcher.new.fetch_http(URI.parse("https://s3.amazonaws.com/production.s3.rubygems.org/gems/builder-3.0.0.gem")).bytesize'
/Users/jrochkind/.rvm/rubies/ruby-1.9.3-p194/lib/ruby/site_ruby/1.9.1/rubygems/remote_fetcher.rb:331:in `rescue in connection_for': SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (https://s3.amazonaws.com/production.s3.rubygems.org/gems/builder-3.0.0.gem) (Gem::RemoteFetcher::FetchError)
    from /Users/jrochkind/.rvm/rubies/ruby-1.9.3-p194/lib/ruby/site_ruby/1.9.1/rubygems/remote_fetcher.rb:328:in `connection_for'
    from /Users/jrochkind/.rvm/rubies/ruby-1.9.3-p194/lib/ruby/site_ruby/1.9.1/rubygems/remote_fetcher.rb:413:in `request'
    from /Users/jrochkind/.rvm/rubies/ruby-1.9.3-p194/lib/ruby/site_ruby/1.9.1/rubygems/remote_fetcher.rb:205:in `fetch_http'
    from -e:1:in `<main>'
@DanielKehoe

This comment has been minimized.

Show comment
Hide comment
@DanielKehoe

DanielKehoe May 3, 2012

@jrochkind, The article suggests, "You should see OpenSSL 1.0.1 or newer. If not, try updating OpenSSL."

@jrochkind, The article suggests, "You should see OpenSSL 1.0.1 or newer. If not, try updating OpenSSL."

@jrochkind

This comment has been minimized.

Show comment
Hide comment
@jrochkind

jrochkind May 3, 2012

okay, you wrote it so you must know! Just trying to go through it and do what it says. I thought it was saying that with rubygems 1.9.4 and after april 20, you ought not need to need updated certs or a specific openssl version, and if you did you guys wanted to know because it ought not to be neccesary. But I guess i misunderstood.

It also suggests using trying rvm pkg install openssl, however doing that, rvm says it's package is "openssl-0.9.8t" , which is not openssl 1.0.1 or newer like you say, so I think I won't bother pursuing that?

So on to figuring out how to get openssl updated on this machine. I don't use macports, it's not installed on this machine. homebrew is, i'll see if i can manage to get a newer openssl with that, and report back on the comments on that article. (It's not clear to me if I need to recompile ruby after upgrading openssl or not, I'll try it first without I guess).

If someone wanted to write a technical summary/overview of what's wrong with versions of openssl prior to 1.0.1 that keep it from working with rubygems, I'd definitely be interested in reading it.

okay, you wrote it so you must know! Just trying to go through it and do what it says. I thought it was saying that with rubygems 1.9.4 and after april 20, you ought not need to need updated certs or a specific openssl version, and if you did you guys wanted to know because it ought not to be neccesary. But I guess i misunderstood.

It also suggests using trying rvm pkg install openssl, however doing that, rvm says it's package is "openssl-0.9.8t" , which is not openssl 1.0.1 or newer like you say, so I think I won't bother pursuing that?

So on to figuring out how to get openssl updated on this machine. I don't use macports, it's not installed on this machine. homebrew is, i'll see if i can manage to get a newer openssl with that, and report back on the comments on that article. (It's not clear to me if I need to recompile ruby after upgrading openssl or not, I'll try it first without I guess).

If someone wanted to write a technical summary/overview of what's wrong with versions of openssl prior to 1.0.1 that keep it from working with rubygems, I'd definitely be interested in reading it.

@yesmar

This comment has been minimized.

Show comment
Hide comment
@yesmar

yesmar May 3, 2012

@jrochkind You can get some technical details on why you want to upgrade OpenSSL from NIST's National Vulnerability DatabaseCVE-2012-2110.

TL;DR Versions of OpenSSL prior to version 1.0.1a suffer from an integer overflow in the asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c. Exploitation of this vulnerability leads to code execution. If your program exposes the asn1_d2i_read_bio function to untrusted user input in any way then I can feed it a specially crafted file (such as a certificate or key) and cause it to execute machine instructions which I specify. Bottom line: you really want to upgrade your OpenSSL.

For what it's worth, Mark Dowd published details on this piece of buggy code in The Art of Software Security Assessment back in 2006. Here's a scan of the page in question. Funny that no one noticed until now, eh?

Here's how I upgrade my OpenSSL on OS X 10.7:

curl -L -O http://www.openssl.org/source/openssl-1.0.1b.tar.gz.asc
curl -L -O http://www.openssl.org/source/openssl-1.0.1b.tar.gz
gpg --verify openssl-1.0.1b.tar.gz.asc
tar xvzf openssl-1.0.1b.tar.gz
cd openssl-1.0.1b
perl ./Configure shared zlib --prefix=/opt/local darwin64-x86_64-cc
make
make test
sudo make install

Why be at the mercy of package managers when you can do it yourself? <smirk/>

yesmar commented May 3, 2012

@jrochkind You can get some technical details on why you want to upgrade OpenSSL from NIST's National Vulnerability DatabaseCVE-2012-2110.

TL;DR Versions of OpenSSL prior to version 1.0.1a suffer from an integer overflow in the asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c. Exploitation of this vulnerability leads to code execution. If your program exposes the asn1_d2i_read_bio function to untrusted user input in any way then I can feed it a specially crafted file (such as a certificate or key) and cause it to execute machine instructions which I specify. Bottom line: you really want to upgrade your OpenSSL.

For what it's worth, Mark Dowd published details on this piece of buggy code in The Art of Software Security Assessment back in 2006. Here's a scan of the page in question. Funny that no one noticed until now, eh?

Here's how I upgrade my OpenSSL on OS X 10.7:

curl -L -O http://www.openssl.org/source/openssl-1.0.1b.tar.gz.asc
curl -L -O http://www.openssl.org/source/openssl-1.0.1b.tar.gz
gpg --verify openssl-1.0.1b.tar.gz.asc
tar xvzf openssl-1.0.1b.tar.gz
cd openssl-1.0.1b
perl ./Configure shared zlib --prefix=/opt/local darwin64-x86_64-cc
make
make test
sudo make install

Why be at the mercy of package managers when you can do it yourself? <smirk/>

@jrochkind

This comment has been minimized.

Show comment
Hide comment
@jrochkind

jrochkind May 3, 2012

@yesmar thanks a lot for those compile from source instructions.

@yesmar thanks a lot for those compile from source instructions.

@gaurish

This comment has been minimized.

Show comment
Hide comment
@gaurish

gaurish May 3, 2012

Hey everyone,
after a recent security update on Ubuntu 12.04, this bug has been fix for me. connections from Ubuntu 12.04 to CF servers work just fine now.

$ curl -I https://d2chzxaqi4y7f8.cloudfront.net/gems/activesupport-3.2.3.gem
HTTP/1.0 200 OK
x-amz-id-2: M0xyIenIhNNVWooZSbUpAYdiy+sNKUdkGo92BbYS1Tnb+D8Yx4mt7CXL+9+IBeTj
x-amz-request-id: A96C87E2CE2A8017
Date: Fri, 30 Mar 2012 23:00:25 GMT
Last-Modified: Fri, 30 Mar 2012 22:26:19 GMT
ETag: "2ad46d1695282863d06f44f47b85ce9b"
Accept-Ranges: bytes
Content-Type: binary/octet-stream
Content-Length: 312832
Server: AmazonS3
Age: 57633
X-Cache: Hit from cloudfront
X-Amz-Cf-Id: TYdBH8Igv_wu2NMb6fRxKPG8R5iWd_dp37eTNvJlwpfHwBT8tstYFQ==
Via: 1.0 0062b28cc051d8135de139b1951e546f.cloudfront.net (CloudFront)
Connection: close

So it seems Ubuntu people has sorted out this issue & that workaround won't be needed. Hence, Cloudfront can be enabled again.

gaurish commented May 3, 2012

Hey everyone,
after a recent security update on Ubuntu 12.04, this bug has been fix for me. connections from Ubuntu 12.04 to CF servers work just fine now.

$ curl -I https://d2chzxaqi4y7f8.cloudfront.net/gems/activesupport-3.2.3.gem
HTTP/1.0 200 OK
x-amz-id-2: M0xyIenIhNNVWooZSbUpAYdiy+sNKUdkGo92BbYS1Tnb+D8Yx4mt7CXL+9+IBeTj
x-amz-request-id: A96C87E2CE2A8017
Date: Fri, 30 Mar 2012 23:00:25 GMT
Last-Modified: Fri, 30 Mar 2012 22:26:19 GMT
ETag: "2ad46d1695282863d06f44f47b85ce9b"
Accept-Ranges: bytes
Content-Type: binary/octet-stream
Content-Length: 312832
Server: AmazonS3
Age: 57633
X-Cache: Hit from cloudfront
X-Amz-Cf-Id: TYdBH8Igv_wu2NMb6fRxKPG8R5iWd_dp37eTNvJlwpfHwBT8tstYFQ==
Via: 1.0 0062b28cc051d8135de139b1951e546f.cloudfront.net (CloudFront)
Connection: close

So it seems Ubuntu people has sorted out this issue & that workaround won't be needed. Hence, Cloudfront can be enabled again.

@yesmar

This comment has been minimized.

Show comment
Hide comment
@yesmar

yesmar May 3, 2012

Yup, I just verified that things are working for me now without using any of the documented workarounds.

yesmar commented May 3, 2012

Yup, I just verified that things are working for me now without using any of the documented workarounds.

@evanphx

This comment has been minimized.

Show comment
Hide comment
@evanphx

evanphx May 3, 2012

Member

@yesmar Did you have to install a new version of openssl? I was going to try to get a 10.5.8 machine today to do some experiments on.

Member

evanphx commented May 3, 2012

@yesmar Did you have to install a new version of openssl? I was going to try to get a 10.5.8 machine today to do some experiments on.

@yesmar

This comment has been minimized.

Show comment
Hide comment
@yesmar

yesmar May 3, 2012

@evanphx I'm probably not the best guy to ask that question of. I maintain a fairly large toolchain in /opt/local that always includes the latest versions of OpenSSL, Ruby, and RubyGems. So I don't know if I had to install a new OpenSSL because I always install a new OpenSSL. <grin/>

yesmar commented May 3, 2012

@evanphx I'm probably not the best guy to ask that question of. I maintain a fairly large toolchain in /opt/local that always includes the latest versions of OpenSSL, Ruby, and RubyGems. So I don't know if I had to install a new OpenSSL because I always install a new OpenSSL. <grin/>

@evanphx

This comment has been minimized.

Show comment
Hide comment
@evanphx

evanphx May 3, 2012

Member

@yesmar Ah ok. @jrochkind did you get it working?

Member

evanphx commented May 3, 2012

@yesmar Ah ok. @jrochkind did you get it working?

@jrochkind

This comment has been minimized.

Show comment
Hide comment
@jrochkind

jrochkind May 3, 2012

@evanphx I did not get it working on Mac OSX 10.5.8 without updating openssl. Currently in the middle of trying to update openssl, I seem to have messed up my system by trying to use the 'rvm pack install' method, which did not work.

@evanphx I did not get it working on Mac OSX 10.5.8 without updating openssl. Currently in the middle of trying to update openssl, I seem to have messed up my system by trying to use the 'rvm pack install' method, which did not work.

@jrochkind

This comment has been minimized.

Show comment
Hide comment
@jrochkind

jrochkind May 13, 2012

@evanphx I seem to have gotten it working without an openssl update on Mac OSX 10.5.8. My openssl is still the stock OSX 10.5.8, openssl 0.9.7

I can't explain exactly what I did to do so, it involved lots of hacking with lots of dead ends. It did involve updating rvm to head and reinstalling mri 1.9.3.

The unexplainable thing is that the situation after all my hacking as far as versions of various software is identical to the situation before my hacking. ruby, rubygems, and openssl are all the same versions as they were before. But now it works, before it didn't. I have no idea.


bash-4.2$ uname -srv
Darwin 9.8.0 Darwin Kernel Version 9.8.0: Wed Jul 15 16:55:01 PDT 2009; root:xnu-1228.15.4~1/RELEASE_I386
bash-4.2$ ruby -v
ruby 1.9.3p194 (2012-04-20 revision 35410) [i386-darwin9.8.0]
bash-4.2$ gem -v
1.8.24
bash-4.2$ openssl version
OpenSSL 0.9.7l 28 Sep 2006

@evanphx I seem to have gotten it working without an openssl update on Mac OSX 10.5.8. My openssl is still the stock OSX 10.5.8, openssl 0.9.7

I can't explain exactly what I did to do so, it involved lots of hacking with lots of dead ends. It did involve updating rvm to head and reinstalling mri 1.9.3.

The unexplainable thing is that the situation after all my hacking as far as versions of various software is identical to the situation before my hacking. ruby, rubygems, and openssl are all the same versions as they were before. But now it works, before it didn't. I have no idea.


bash-4.2$ uname -srv
Darwin 9.8.0 Darwin Kernel Version 9.8.0: Wed Jul 15 16:55:01 PDT 2009; root:xnu-1228.15.4~1/RELEASE_I386
bash-4.2$ ruby -v
ruby 1.9.3p194 (2012-04-20 revision 35410) [i386-darwin9.8.0]
bash-4.2$ gem -v
1.8.24
bash-4.2$ openssl version
OpenSSL 0.9.7l 28 Sep 2006
@joanbarros

This comment has been minimized.

Show comment
Hide comment
@joanbarros

joanbarros May 24, 2012

Just an FYI.

I was getting this error due to network issues at work. I only changed the source in the Gemfile and this solved the problem. Maybe it's not a bug just a case of configuration.

Maybe if rails uses 2 sources, 1 primary and 1 to fall back on (first go to HTTPS and then to HTTP). This will no longer occur.

Just an FYI.

I was getting this error due to network issues at work. I only changed the source in the Gemfile and this solved the problem. Maybe it's not a bug just a case of configuration.

Maybe if rails uses 2 sources, 1 primary and 1 to fall back on (first go to HTTPS and then to HTTP). This will no longer occur.

@ghost

This comment has been minimized.

Show comment
Hide comment
@ghost

ghost May 30, 2012

For users on Windows, using RailsInstaller, https://gist.github.com/867550

ghost commented May 30, 2012

For users on Windows, using RailsInstaller, https://gist.github.com/867550

@shawnwall

This comment has been minimized.

Show comment
Hide comment
@shawnwall

shawnwall Jul 8, 2012

I've updated openssl through macports and am using the latest 1.9.3. using the latest rvm. I'm still getting the error (on osx lion)

I've updated openssl through macports and am using the latest 1.9.3. using the latest rvm. I'm still getting the error (on osx lion)

@shawnwall

This comment has been minimized.

Show comment
Hide comment
@shawnwall

shawnwall Jul 9, 2012

In case anyone else still can't fix this, and you are using rvm and macports, here was my solution:

sudo port install curl-ca-bundle
export SSL_CERT_FILE=/opt/local/share/curl/curl-ca-bundle.crt

I added the export to my .bash_profile for future use

In case anyone else still can't fix this, and you are using rvm and macports, here was my solution:

sudo port install curl-ca-bundle
export SSL_CERT_FILE=/opt/local/share/curl/curl-ca-bundle.crt

I added the export to my .bash_profile for future use

@sbwoodside

This comment has been minimized.

Show comment
Hide comment
@sbwoodside

sbwoodside Aug 23, 2012

On Mac OS X 10.7.4. I have just tried the "homebrew" workaround from http://railsapps.github.com/openssl-certificate-verify-failed.html and initially it worked, but now it's stopped working again.

Diagnotics are in https://gist.github.com/3432113

UPDATE:
Installing the fake cert worked:

cd /usr/local/etc/openssl/
curl -O http://curl.haxx.se/ca/cacert.pem
mv cacert.pem cert.em

On Mac OS X 10.7.4. I have just tried the "homebrew" workaround from http://railsapps.github.com/openssl-certificate-verify-failed.html and initially it worked, but now it's stopped working again.

Diagnotics are in https://gist.github.com/3432113

UPDATE:
Installing the fake cert worked:

cd /usr/local/etc/openssl/
curl -O http://curl.haxx.se/ca/cacert.pem
mv cacert.pem cert.em
@benamir

This comment has been minimized.

Show comment
Hide comment
@benamir

benamir Nov 7, 2012

Hi Guys, I updated openssl to 1.0.1 a month ago and creating a new rails app from the app composer worked, but now when I try

rails new app -m http://raw.github.com/RailsApps/rails-composer/master/composer.rb -T -O

I get the issue again:

/Users/macuser/.rvm/rubies/ruby-1.9.3-p125/lib/ruby/1.9.1/net/http.rb:799:in `connect': SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (OpenSSL::SSL::SSLError)

ruby 1.9.3p125
gem -v 1.8.24
OpenSSL 1.0.1b 26 Apr 2012
curl -I https://d2chzxaqi4y7f8.cloudfront.net/gems/rake-0.9.2.2.gem
HTTP/1.0 200 OK

running:
ruby -d -rrubygems/remote_fetcher -e 'p Gem::RemoteFetcher.new.fetch_http(URI.parse("https://d2chzxaqi4y7f8.cloudfront.net/gems/rake-0.9.2.2.gem")).bytesize'

gets:
Exception LoadError' at /Users/macuser/.rvm/rubies/ruby-1.9.3-p125/lib/ruby/site_ruby/1.9.1/rubygems.rb:1264 - cannot load such file -- rubygems/defaults/operating_system ExceptionLoadError' at /Users/macuser/.rvm/rubies/ruby-1.9.3-p125/lib/ruby/site_ruby/1.9.1/rubygems.rb:1273 - cannot load such file -- rubygems/defaults/ruby
Exception Gem::LoadError' at /Users/macuser/.rvm/rubies/ruby-1.9.3-p125/lib/ruby/site_ruby/1.9.1/rubygems/dependency.rb:247 - Could not find psych (>= 1.2.1, ~> 1.2) amongst [actionmailer-3.2.3, actionpack-3.2.8, actionpack-3.2.3, activemodel-3.2.8, activemodel-3.2.3, activerecord-3.2.3, activeresource-3.2.3, activesupport-3.2.8, activesupport-3.2.3, addressable-2.3.2, arel-3.0.2, bcrypt-ruby-3.0.1, bootstrap-sass-2.1.0.0, bootstrap-timepicker-rails-0.1.2, builder-3.0.4, builder-3.0.3, builder-3.0.0, bundler-1.2.1, bundler-1.1.3, cancan-1.6.8, capistrano-2.13.4, capybara-1.1.2, carrierwave-0.6.2, childprocess-0.3.5, coffee-rails-3.2.2, coffee-script-2.2.0, coffee-script-source-1.4.0, coffee-script-source-1.3.3, commonjs-0.2.6, cucumber-1.2.1, cucumber-rails-1.3.0, database_cleaner-0.9.1, devise-2.1.2, devise_invitable-1.1.0, diff-lcs-1.1.3, email_spec-1.2.1, erubis-2.7.0, execjs-1.4.0, factory_girl-4.1.0, factory_girl_rails-4.1.0, ffi-1.1.5, gherkin-2.11.4, highline-1.6.15, hike-1.2.1, i18n-0.6.1, i18n-0.6.ExceptionNameError' at /Users/macuser/.rvm/rubies/ruby-1.9.3-p125/lib/ruby/1.9.1/psych/core_ext.rb:16 - method `to_yaml' not defined in Object

Running:
ruby -rrbconfig -e 'p Dir.glob(File.join(RbConfig::CONFIG["sitelibdir"], "rubygems/ssl_certs/*"))
result:
["/Users/macuser/.rvm/rubies/ruby-1.9.3-p125/lib/ruby/site_ruby/1.9.1/rubygems/ssl_certs/ca-bundle.pem"]

running:
ruby -rrbconfig -e 'p Dir.glob(File.join(RbConfig::CONFIG["sitelibdir"], "rubygems/ssl_certs/*"))'

result:
/Users/macuser/.rvm/rubies/ruby-1.9.3-p125/lib/ruby/site_ruby/1.9.1/rubygems/custom_require.rb:36:in require': cannot load such file -- httpclient (LoadError) from /Users/macuser/.rvm/rubies/ruby-1.9.3-p125/lib/ruby/site_ruby/1.9.1/rubygems/custom_require.rb:36:inrequire'

benamir commented Nov 7, 2012

Hi Guys, I updated openssl to 1.0.1 a month ago and creating a new rails app from the app composer worked, but now when I try

rails new app -m http://raw.github.com/RailsApps/rails-composer/master/composer.rb -T -O

I get the issue again:

/Users/macuser/.rvm/rubies/ruby-1.9.3-p125/lib/ruby/1.9.1/net/http.rb:799:in `connect': SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (OpenSSL::SSL::SSLError)

ruby 1.9.3p125
gem -v 1.8.24
OpenSSL 1.0.1b 26 Apr 2012
curl -I https://d2chzxaqi4y7f8.cloudfront.net/gems/rake-0.9.2.2.gem
HTTP/1.0 200 OK

running:
ruby -d -rrubygems/remote_fetcher -e 'p Gem::RemoteFetcher.new.fetch_http(URI.parse("https://d2chzxaqi4y7f8.cloudfront.net/gems/rake-0.9.2.2.gem")).bytesize'

gets:
Exception LoadError' at /Users/macuser/.rvm/rubies/ruby-1.9.3-p125/lib/ruby/site_ruby/1.9.1/rubygems.rb:1264 - cannot load such file -- rubygems/defaults/operating_system ExceptionLoadError' at /Users/macuser/.rvm/rubies/ruby-1.9.3-p125/lib/ruby/site_ruby/1.9.1/rubygems.rb:1273 - cannot load such file -- rubygems/defaults/ruby
Exception Gem::LoadError' at /Users/macuser/.rvm/rubies/ruby-1.9.3-p125/lib/ruby/site_ruby/1.9.1/rubygems/dependency.rb:247 - Could not find psych (>= 1.2.1, ~> 1.2) amongst [actionmailer-3.2.3, actionpack-3.2.8, actionpack-3.2.3, activemodel-3.2.8, activemodel-3.2.3, activerecord-3.2.3, activeresource-3.2.3, activesupport-3.2.8, activesupport-3.2.3, addressable-2.3.2, arel-3.0.2, bcrypt-ruby-3.0.1, bootstrap-sass-2.1.0.0, bootstrap-timepicker-rails-0.1.2, builder-3.0.4, builder-3.0.3, builder-3.0.0, bundler-1.2.1, bundler-1.1.3, cancan-1.6.8, capistrano-2.13.4, capybara-1.1.2, carrierwave-0.6.2, childprocess-0.3.5, coffee-rails-3.2.2, coffee-script-2.2.0, coffee-script-source-1.4.0, coffee-script-source-1.3.3, commonjs-0.2.6, cucumber-1.2.1, cucumber-rails-1.3.0, database_cleaner-0.9.1, devise-2.1.2, devise_invitable-1.1.0, diff-lcs-1.1.3, email_spec-1.2.1, erubis-2.7.0, execjs-1.4.0, factory_girl-4.1.0, factory_girl_rails-4.1.0, ffi-1.1.5, gherkin-2.11.4, highline-1.6.15, hike-1.2.1, i18n-0.6.1, i18n-0.6.ExceptionNameError' at /Users/macuser/.rvm/rubies/ruby-1.9.3-p125/lib/ruby/1.9.1/psych/core_ext.rb:16 - method `to_yaml' not defined in Object

Running:
ruby -rrbconfig -e 'p Dir.glob(File.join(RbConfig::CONFIG["sitelibdir"], "rubygems/ssl_certs/*"))
result:
["/Users/macuser/.rvm/rubies/ruby-1.9.3-p125/lib/ruby/site_ruby/1.9.1/rubygems/ssl_certs/ca-bundle.pem"]

running:
ruby -rrbconfig -e 'p Dir.glob(File.join(RbConfig::CONFIG["sitelibdir"], "rubygems/ssl_certs/*"))'

result:
/Users/macuser/.rvm/rubies/ruby-1.9.3-p125/lib/ruby/site_ruby/1.9.1/rubygems/custom_require.rb:36:in require': cannot load such file -- httpclient (LoadError) from /Users/macuser/.rvm/rubies/ruby-1.9.3-p125/lib/ruby/site_ruby/1.9.1/rubygems/custom_require.rb:36:inrequire'

@gregorycarter

This comment has been minimized.

Show comment
Hide comment
@gregorycarter

gregorycarter Nov 10, 2012

Hi everyone, I'm also unable to get app composer working due to the "SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (OpenSSL::SSL::SSLError)" fail.

os = 10.6.8
ruby 1.9.3p286 (2012-10-12 revision 37165) [x86_64-darwin10.8.0]
OpenSSL 1.0.1b 26 Apr 2012
curl -I https://d2chzxaqi4y7f8.cloudfront.net/gems/rake-0.9.2.2.gem
HTTP/1.0 200 OK

Running: ruby -d -rrubygems/remote_fetcher -e 'p Gem::RemoteFetcher.new.fetch_http(URI.parse("https://d2chzxaqi4y7f8.cloudfront.net/gems/rake-0.9.2.2.gem")).bytesize'

Gets:

Exception `LoadError' at /Users/gregcarter/.rvm/rubies/ruby-1.9.3-p286/lib/ruby/site_ruby/1.9.1/rubygems.rb:1264 - cannot load such file -- rubygems/defaults/operating_system
Exception `LoadError' at /Users/gregcarter/.rvm/rubies/ruby-1.9.3-p286/lib/ruby/site_ruby/1.9.1/rubygems.rb:1273 - cannot load such file -- rubygems/defaults/ruby
Exception `Gem::LoadError' at /Users/gregcarter/.rvm/rubies/ruby-1.9.3-p286/lib/ruby/site_ruby/1.9.1/rubygems/dependency.rb:247 - Could not find psych (>= 1.2.1, ~> 1.2) amongst [actionmailer-3.2.8, actionpack-3.2.8, activemodel-3.2.8, activerecord-3.2.8, activeresource-3.2.8, activesupport-3.2.8, arel-3.0.2, builder-3.1.4, builder-3.0.4, bundler-1.2.1, erubis-2.7.0, hike-1.2.1, i18n-0.6.1, journey-1.0.4, json-1.7.5, mail-2.4.4, mime-types-1.19, multi_json-1.3.7, polyglot-0.3.3, rack-1.4.1, rack-cache-1.2, rack-ssl-1.3.2, rack-test-0.6.2, rails-3.2.8, railties-3.2.8, rake-0.9.2.2, rdoc-3.12, rubygems-bundler-1.1.0, rvm-1.11.3.5, sprockets-2.8.1, sprockets-2.1.3, thor-0.16.0, tilt-1.3.3, treetop-1.4.12, tzinfo-0.3.35]

Running: ruby -rrbconfig -e 'p Dir.glob(File.join(RbConfig::CONFIG["sitelibdir"], "rubygems/ssl_certs/*"))'

Gets: ["/Users/gregcarter/.rvm/rubies/ruby-1.9.3-p286/lib/ruby/site_ruby/1.9.1/rubygems/ssl_certs/ca-bundle.pem"]

Running: ruby -rhttpclient -e 'h = HTTPClient.new; h.ssl_config.verify_callback = proc { |ok, ctx|; p ctx.current_cert; ok }; h.get("https://d2chzxaqi4y7f8.cloudfront.net/gems/rake-0.9.2.2.gem")'

Gets:

/Users/gregcarter/.rvm/rubies/ruby-1.9.3-p286/lib/ruby/site_ruby/1.9.1/rubygems/custom_require.rb:36:in `require': cannot load such file -- httpclient (LoadError)
    from /Users/gregcarter/.rvm/rubies/ruby-1.9.3-p286/lib/ruby/site_ruby/1.9.1/rubygems/custom_require.rb:36:in `require'

As well as updating openssl, I've also tried the :ssl_verify_mode: 0 Doesn't work.

Any thoughts on how to resolve this would be great!

Thanks,

Greg

Hi everyone, I'm also unable to get app composer working due to the "SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (OpenSSL::SSL::SSLError)" fail.

os = 10.6.8
ruby 1.9.3p286 (2012-10-12 revision 37165) [x86_64-darwin10.8.0]
OpenSSL 1.0.1b 26 Apr 2012
curl -I https://d2chzxaqi4y7f8.cloudfront.net/gems/rake-0.9.2.2.gem
HTTP/1.0 200 OK

Running: ruby -d -rrubygems/remote_fetcher -e 'p Gem::RemoteFetcher.new.fetch_http(URI.parse("https://d2chzxaqi4y7f8.cloudfront.net/gems/rake-0.9.2.2.gem")).bytesize'

Gets:

Exception `LoadError' at /Users/gregcarter/.rvm/rubies/ruby-1.9.3-p286/lib/ruby/site_ruby/1.9.1/rubygems.rb:1264 - cannot load such file -- rubygems/defaults/operating_system
Exception `LoadError' at /Users/gregcarter/.rvm/rubies/ruby-1.9.3-p286/lib/ruby/site_ruby/1.9.1/rubygems.rb:1273 - cannot load such file -- rubygems/defaults/ruby
Exception `Gem::LoadError' at /Users/gregcarter/.rvm/rubies/ruby-1.9.3-p286/lib/ruby/site_ruby/1.9.1/rubygems/dependency.rb:247 - Could not find psych (>= 1.2.1, ~> 1.2) amongst [actionmailer-3.2.8, actionpack-3.2.8, activemodel-3.2.8, activerecord-3.2.8, activeresource-3.2.8, activesupport-3.2.8, arel-3.0.2, builder-3.1.4, builder-3.0.4, bundler-1.2.1, erubis-2.7.0, hike-1.2.1, i18n-0.6.1, journey-1.0.4, json-1.7.5, mail-2.4.4, mime-types-1.19, multi_json-1.3.7, polyglot-0.3.3, rack-1.4.1, rack-cache-1.2, rack-ssl-1.3.2, rack-test-0.6.2, rails-3.2.8, railties-3.2.8, rake-0.9.2.2, rdoc-3.12, rubygems-bundler-1.1.0, rvm-1.11.3.5, sprockets-2.8.1, sprockets-2.1.3, thor-0.16.0, tilt-1.3.3, treetop-1.4.12, tzinfo-0.3.35]

Running: ruby -rrbconfig -e 'p Dir.glob(File.join(RbConfig::CONFIG["sitelibdir"], "rubygems/ssl_certs/*"))'

Gets: ["/Users/gregcarter/.rvm/rubies/ruby-1.9.3-p286/lib/ruby/site_ruby/1.9.1/rubygems/ssl_certs/ca-bundle.pem"]

Running: ruby -rhttpclient -e 'h = HTTPClient.new; h.ssl_config.verify_callback = proc { |ok, ctx|; p ctx.current_cert; ok }; h.get("https://d2chzxaqi4y7f8.cloudfront.net/gems/rake-0.9.2.2.gem")'

Gets:

/Users/gregcarter/.rvm/rubies/ruby-1.9.3-p286/lib/ruby/site_ruby/1.9.1/rubygems/custom_require.rb:36:in `require': cannot load such file -- httpclient (LoadError)
    from /Users/gregcarter/.rvm/rubies/ruby-1.9.3-p286/lib/ruby/site_ruby/1.9.1/rubygems/custom_require.rb:36:in `require'

As well as updating openssl, I've also tried the :ssl_verify_mode: 0 Doesn't work.

Any thoughts on how to resolve this would be great!

Thanks,

Greg

@abowhill

This comment has been minimized.

Show comment
Hide comment
@abowhill

abowhill Jan 12, 2013

Hi all,

I'm unable to get app composer to work either. Same error,

apply https://raw.github.com/RailsApps/rails-composer/master/composer.rb

/home/kosmos/.rvm/rubies/ruby-1.9.3-p362/lib/ruby/1.9.1/net/http.rb:799:in `connect': SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (OpenSSL::SSL::SSLError)

I'm running FreeBSD stable RELENG_9

$ uname -srv
FreeBSD 9.1-PRERELEASE FreeBSD 9.1-PRERELEASE #3: Thu Dec  6 08:31:23 PST 2012     
root@kosmos:/usr/obj/usr/src/sys/GENERIC

$ ruby -v
ruby 1.9.3p362 (2012-12-25 revision 38607) [i386-freebsd9.1]

$ gem -v
1.8.24

$ openssl version
OpenSSL 1.0.1c 10 May 2012

$ curl -I https://d2chzxaqi4y7f8.cloudfront.net/gems/rake-0.9.2.2.gem
HTTP/1.0 200 OK
Content-Type: binary/octet-stream
Content-Length: 111616
Connection: keep-alive
x-amz-id-2: uDYszZG4X0W0Ioi8Ir8F0tTqTwaQtn/oiM17ayeuWkAw1hKbMQRsPM0oI+NFCuwf
x-amz-request-id: 84B4BE2541F8964D
Date: Mon, 24 Dec 2012 05:25:36 GMT
Last-Modified: Sat, 22 Oct 2011 15:19:16 GMT
ETag: "28e731d5c59dd721d6387f80b25a2ba1"
Accept-Ranges: bytes
Server: AmazonS3
Age: 55054
X-Amz-Cf-Id: hThNIMpFNGGBWfOddJntp9y-4Wrg6ouh62uoVYSyp1WmGWyo4sdhfA==
Via: 1.0 17d8abe7315d00a9aa5a5ff2e9c3ee62.cloudfront.net (CloudFront)
X-Cache: Hit from cloudfront

$ ruby -rrubygems/remote_fetcher -e 'p Gem::RemoteFetcher.new.fetch_http(URI.parse("https://d2chzxaqi4y7f8.cloudfront.net/gems/rake-0.9.2.2.gem")).bytesize'
Fetching: rake-0.9.2.2.gem (100%)
111616


$ ruby -d -rrubygems/remote_fetcher -e 'p Gem::RemoteFetcher.new.fetch_http(URI.parse("https://d2chzxaqi4y7f8.cloudfront.net/gems/rake-0.9.2.2.gem")).bytesize'
Exception `LoadError' at /home/kosmos/.rvm/rubies/ruby-1.9.3-p362/lib/ruby/site_ruby/1.9.1/rubygems.rb:1264 - cannot load such file -- rubygems/defaults/operating_system
Exception `LoadError' at /home/kosmos/.rvm/rubies/ruby-1.9.3-p362/lib/ruby/site_ruby/1.9.1/rubygems.rb:1273 - cannot load such file -- rubygems/defaults/ruby
Exception `Gem::LoadError' at /home/kosmos/.rvm/rubies/ruby-1.9.3-p362/lib/ruby/site_ruby/1.9.1/rubygems/dependency.rb:247 - Could not find psych (>= 1.2.1, ~> 1.2) amongst [abstract-1.0.0, actionmailer-3.2.11, actionmailer-3.2.9, actionmailer-3.0.10, actionpack-3.2.11, actionpack-3.2.9, actionpack-3.0.10, activemodel-3.2.11, activemodel-3.2.9, activemodel-3.0.10, activerecord-3.2.11, activerecord-3.2.9, activerecord-3.0.10, activeresource-3.2.11, activeresource-3.2.9, activeresource-3.0.10, activesupport-3.2.11, activesupport-3.2.9, activesupport-3.0.10, addressable-2.3.2, arel-3.0.2, arel-2.0.10, bcrypt-ruby-3.0.1, builder-3.0.4, builder-2.1.2, bundler-1.2.3, capybara-1.1.2, childprocess-0.3.6, coffee-rails-3.2.2, coffee-script-2.2.0, coffee-script-source-1.4.0, devise-1.4.7, diff-lcs-1.1.3, erubis-2.7.0, erubis-2.6.6, execjs-1.4.0, ffi-1.3.1, hike-1.2.1, i18n-0.6.1, i18n-0.5.0, journey-1.0.4, jquery-rails-2.1.4, jquery-rails-2.0.2, json-1.7.6, json-1.7.5, libwebsocket-0.1.7.1, mail-2.4.4, mail-2.2.19, mimException `NameError' at /home/kosmos/.rvm/rubies/ruby-1.9.3-p362/lib/ruby/1.9.1/psych/core_ext.rb:16 - method `to_yaml' not defined in Object
Exception `NameError' at /home/kosmos/.rvm/rubies/ruby-1.9.3-p362/lib/ruby/1.9.1/psych/core_ext.rb:29 - method `yaml_as' not defined in Module
Exception `NameError' at /home/kosmos/.rvm/rubies/ruby-1.9.3-p362/lib/ruby/1.9.1/psych/deprecated.rb:79 - undefined method `to_yaml_properties' for class `Object'
Exception `NameError' at /home/kosmos/.rvm/rubies/ruby-1.9.3-p362/lib/ruby/site_ruby/1.9.1/rubygems/syck_hack.rb:20 - constant Psych::Syck not defined
Exception `NameError' at /home/kosmos/.rvm/rubies/ruby-1.9.3-p362/lib/ruby/site_ruby/1.9.1/rubygems/syck_hack.rb:42 - method `to_s' not defined in Syck::DefaultKey
Exception `ArgumentError' at /home/kosmos/.rvm/rubies/ruby-1.9.3-p362/lib/ruby/1.9.1/psych/scalar_scanner.rb:91 - invalid value for Integer(): "--no-rdoc --no-ri"
Exception `OpenSSL::SSL::SSLError' at /home/kosmos/.rvm/rubies/ruby-1.9.3-p362/lib/ruby/1.9.1/openssl/buffering.rb:174 - read would block
Exception `OpenSSL::SSL::SSLError' at /home/kosmos/.rvm/rubies/ruby-1.9.3-p362/lib/ruby/1.9.1/openssl/buffering.rb:174 - read would block
Exception `OpenSSL::SSL::SSLError' at /home/kosmos/.rvm/rubies/ruby-1.9.3-p362/lib/ruby/1.9.1/openssl/buffering.rb:174 - read would block
Exception `OpenSSL::SSL::SSLError' at /home/kosmos/.rvm/rubies/ruby-1.9.3-p362/lib/ruby/1.9.1/openssl/buffering.rb:174 - read would block
Exception `OpenSSL::SSL::SSLError' at /home/kosmos/.rvm/rubies/ruby-1.9.3-p362/lib/ruby/1.9.1/openssl/buffering.rb:174 - read would block
Fetching: rake-0.9.2.2.gem ( 15%)Exception `OpenSSL::SSL::SSLError' at /home/kosmos/.rvm/rubies/ruby-1.9.3-p362/lib/ruby/1.9.1/openssl/buffering.rb:174 - read would block
Exception `OpenSSL::SSL::SSLError' at /home/kosmos/.rvm/rubies/ruby-1.9.3-p362/lib/ruby/1.9.1/openssl/buffering.rb:174 - read would block
Fetching: rake-0.9.2.2.gem ( 29%)Exception `OpenSSL::SSL::SSLError' at /home/kosmos/.rvm/rubies/ruby-1.9.3-p362/lib/ruby/1.9.1/openssl/buffering.rb:174 - read would block
Exception `OpenSSL::SSL::SSLError' at /home/kosmos/.rvm/rubies/ruby-1.9.3-p362/lib/ruby/1.9.1/openssl/buffering.rb:174 - read would block
Fetching: rake-0.9.2.2.gem ( 44%)Exception `OpenSSL::SSL::SSLError' at /home/kosmos/.rvm/rubies/ruby-1.9.3-p362/lib/ruby/1.9.1/openssl/buffering.rb:174 - read would block
Exception `OpenSSL::SSL::SSLError' at /home/kosmos/.rvm/rubies/ruby-1.9.3-p362/lib/ruby/1.9.1/openssl/buffering.rb:174 - read would block
Fetching: rake-0.9.2.2.gem ( 59%)Exception `OpenSSL::SSL::SSLError' at /home/kosmos/.rvm/rubies/ruby-1.9.3-p362/lib/ruby/1.9.1/openssl/buffering.rb:174 - read would block
Exception `OpenSSL::SSL::SSLError' at /home/kosmos/.rvm/rubies/ruby-1.9.3-p362/lib/ruby/1.9.1/openssl/buffering.rb:174 - read would block
Fetching: rake-0.9.2.2.gem ( 88%)Exception `OpenSSL::SSL::SSLError' at /home/kosmos/.rvm/rubies/ruby-1.9.3-p362/lib/ruby/1.9.1/openssl/buffering.rb:174 - read would block
Exception `OpenSSL::SSL::SSLError' at /home/kosmos/.rvm/rubies/ruby-1.9.3-p362/lib/ruby/1.9.1/openssl/buffering.rb:174 - read would block
Fetching: rake-0.9.2.2.gem (100%)
111616

$ ruby -rrbconfig -e 'p Dir.glob(File.join(RbConfig::CONFIG["sitelibdir"], "rubygems/ssl_certs/*"))'
["/home/kosmos/.rvm/rubies/ruby-1.9.3-p362/lib/ruby/site_ruby/1.9.1/rubygems/ssl_certs/ca-bundle.pem"]

$ruby -rhttpclient -e 'h = HTTPClient.new; h.ssl_config.verify_callback = proc { |ok, ctx|; p ctx.current_cert; ok }; h.get("https://d2chzxaqi4y7f8.cloudfront.net/gems/rake-0.9.2.2.gem")'
/home/kosmos/.rvm/rubies/ruby-1.9.3-p362/lib/ruby/site_ruby/1.9.1/rubygems/custom_require.rb:36:in `require': cannot load such file -- httpclient (LoadError)
        from /home/kosmos/.rvm/rubies/ruby-1.9.3-p362/lib/ruby/site_ruby/1.9.1/rubygems/custom_require.rb:36:in `require'

I replaced OpenSSL in my OS, so am not sure what to do now.

Any help would be appreciated.

Thanks!

Hi all,

I'm unable to get app composer to work either. Same error,

apply https://raw.github.com/RailsApps/rails-composer/master/composer.rb

/home/kosmos/.rvm/rubies/ruby-1.9.3-p362/lib/ruby/1.9.1/net/http.rb:799:in `connect': SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (OpenSSL::SSL::SSLError)

I'm running FreeBSD stable RELENG_9

$ uname -srv
FreeBSD 9.1-PRERELEASE FreeBSD 9.1-PRERELEASE #3: Thu Dec  6 08:31:23 PST 2012     
root@kosmos:/usr/obj/usr/src/sys/GENERIC

$ ruby -v
ruby 1.9.3p362 (2012-12-25 revision 38607) [i386-freebsd9.1]

$ gem -v
1.8.24

$ openssl version
OpenSSL 1.0.1c 10 May 2012

$ curl -I https://d2chzxaqi4y7f8.cloudfront.net/gems/rake-0.9.2.2.gem
HTTP/1.0 200 OK
Content-Type: binary/octet-stream
Content-Length: 111616
Connection: keep-alive
x-amz-id-2: uDYszZG4X0W0Ioi8Ir8F0tTqTwaQtn/oiM17ayeuWkAw1hKbMQRsPM0oI+NFCuwf
x-amz-request-id: 84B4BE2541F8964D
Date: Mon, 24 Dec 2012 05:25:36 GMT
Last-Modified: Sat, 22 Oct 2011 15:19:16 GMT
ETag: "28e731d5c59dd721d6387f80b25a2ba1"
Accept-Ranges: bytes
Server: AmazonS3
Age: 55054
X-Amz-Cf-Id: hThNIMpFNGGBWfOddJntp9y-4Wrg6ouh62uoVYSyp1WmGWyo4sdhfA==
Via: 1.0 17d8abe7315d00a9aa5a5ff2e9c3ee62.cloudfront.net (CloudFront)
X-Cache: Hit from cloudfront

$ ruby -rrubygems/remote_fetcher -e 'p Gem::RemoteFetcher.new.fetch_http(URI.parse("https://d2chzxaqi4y7f8.cloudfront.net/gems/rake-0.9.2.2.gem")).bytesize'
Fetching: rake-0.9.2.2.gem (100%)
111616


$ ruby -d -rrubygems/remote_fetcher -e 'p Gem::RemoteFetcher.new.fetch_http(URI.parse("https://d2chzxaqi4y7f8.cloudfront.net/gems/rake-0.9.2.2.gem")).bytesize'
Exception `LoadError' at /home/kosmos/.rvm/rubies/ruby-1.9.3-p362/lib/ruby/site_ruby/1.9.1/rubygems.rb:1264 - cannot load such file -- rubygems/defaults/operating_system
Exception `LoadError' at /home/kosmos/.rvm/rubies/ruby-1.9.3-p362/lib/ruby/site_ruby/1.9.1/rubygems.rb:1273 - cannot load such file -- rubygems/defaults/ruby
Exception `Gem::LoadError' at /home/kosmos/.rvm/rubies/ruby-1.9.3-p362/lib/ruby/site_ruby/1.9.1/rubygems/dependency.rb:247 - Could not find psych (>= 1.2.1, ~> 1.2) amongst [abstract-1.0.0, actionmailer-3.2.11, actionmailer-3.2.9, actionmailer-3.0.10, actionpack-3.2.11, actionpack-3.2.9, actionpack-3.0.10, activemodel-3.2.11, activemodel-3.2.9, activemodel-3.0.10, activerecord-3.2.11, activerecord-3.2.9, activerecord-3.0.10, activeresource-3.2.11, activeresource-3.2.9, activeresource-3.0.10, activesupport-3.2.11, activesupport-3.2.9, activesupport-3.0.10, addressable-2.3.2, arel-3.0.2, arel-2.0.10, bcrypt-ruby-3.0.1, builder-3.0.4, builder-2.1.2, bundler-1.2.3, capybara-1.1.2, childprocess-0.3.6, coffee-rails-3.2.2, coffee-script-2.2.0, coffee-script-source-1.4.0, devise-1.4.7, diff-lcs-1.1.3, erubis-2.7.0, erubis-2.6.6, execjs-1.4.0, ffi-1.3.1, hike-1.2.1, i18n-0.6.1, i18n-0.5.0, journey-1.0.4, jquery-rails-2.1.4, jquery-rails-2.0.2, json-1.7.6, json-1.7.5, libwebsocket-0.1.7.1, mail-2.4.4, mail-2.2.19, mimException `NameError' at /home/kosmos/.rvm/rubies/ruby-1.9.3-p362/lib/ruby/1.9.1/psych/core_ext.rb:16 - method `to_yaml' not defined in Object
Exception `NameError' at /home/kosmos/.rvm/rubies/ruby-1.9.3-p362/lib/ruby/1.9.1/psych/core_ext.rb:29 - method `yaml_as' not defined in Module
Exception `NameError' at /home/kosmos/.rvm/rubies/ruby-1.9.3-p362/lib/ruby/1.9.1/psych/deprecated.rb:79 - undefined method `to_yaml_properties' for class `Object'
Exception `NameError' at /home/kosmos/.rvm/rubies/ruby-1.9.3-p362/lib/ruby/site_ruby/1.9.1/rubygems/syck_hack.rb:20 - constant Psych::Syck not defined
Exception `NameError' at /home/kosmos/.rvm/rubies/ruby-1.9.3-p362/lib/ruby/site_ruby/1.9.1/rubygems/syck_hack.rb:42 - method `to_s' not defined in Syck::DefaultKey
Exception `ArgumentError' at /home/kosmos/.rvm/rubies/ruby-1.9.3-p362/lib/ruby/1.9.1/psych/scalar_scanner.rb:91 - invalid value for Integer(): "--no-rdoc --no-ri"
Exception `OpenSSL::SSL::SSLError' at /home/kosmos/.rvm/rubies/ruby-1.9.3-p362/lib/ruby/1.9.1/openssl/buffering.rb:174 - read would block
Exception `OpenSSL::SSL::SSLError' at /home/kosmos/.rvm/rubies/ruby-1.9.3-p362/lib/ruby/1.9.1/openssl/buffering.rb:174 - read would block
Exception `OpenSSL::SSL::SSLError' at /home/kosmos/.rvm/rubies/ruby-1.9.3-p362/lib/ruby/1.9.1/openssl/buffering.rb:174 - read would block
Exception `OpenSSL::SSL::SSLError' at /home/kosmos/.rvm/rubies/ruby-1.9.3-p362/lib/ruby/1.9.1/openssl/buffering.rb:174 - read would block
Exception `OpenSSL::SSL::SSLError' at /home/kosmos/.rvm/rubies/ruby-1.9.3-p362/lib/ruby/1.9.1/openssl/buffering.rb:174 - read would block
Fetching: rake-0.9.2.2.gem ( 15%)Exception `OpenSSL::SSL::SSLError' at /home/kosmos/.rvm/rubies/ruby-1.9.3-p362/lib/ruby/1.9.1/openssl/buffering.rb:174 - read would block
Exception `OpenSSL::SSL::SSLError' at /home/kosmos/.rvm/rubies/ruby-1.9.3-p362/lib/ruby/1.9.1/openssl/buffering.rb:174 - read would block
Fetching: rake-0.9.2.2.gem ( 29%)Exception `OpenSSL::SSL::SSLError' at /home/kosmos/.rvm/rubies/ruby-1.9.3-p362/lib/ruby/1.9.1/openssl/buffering.rb:174 - read would block
Exception `OpenSSL::SSL::SSLError' at /home/kosmos/.rvm/rubies/ruby-1.9.3-p362/lib/ruby/1.9.1/openssl/buffering.rb:174 - read would block
Fetching: rake-0.9.2.2.gem ( 44%)Exception `OpenSSL::SSL::SSLError' at /home/kosmos/.rvm/rubies/ruby-1.9.3-p362/lib/ruby/1.9.1/openssl/buffering.rb:174 - read would block
Exception `OpenSSL::SSL::SSLError' at /home/kosmos/.rvm/rubies/ruby-1.9.3-p362/lib/ruby/1.9.1/openssl/buffering.rb:174 - read would block
Fetching: rake-0.9.2.2.gem ( 59%)Exception `OpenSSL::SSL::SSLError' at /home/kosmos/.rvm/rubies/ruby-1.9.3-p362/lib/ruby/1.9.1/openssl/buffering.rb:174 - read would block
Exception `OpenSSL::SSL::SSLError' at /home/kosmos/.rvm/rubies/ruby-1.9.3-p362/lib/ruby/1.9.1/openssl/buffering.rb:174 - read would block
Fetching: rake-0.9.2.2.gem ( 88%)Exception `OpenSSL::SSL::SSLError' at /home/kosmos/.rvm/rubies/ruby-1.9.3-p362/lib/ruby/1.9.1/openssl/buffering.rb:174 - read would block
Exception `OpenSSL::SSL::SSLError' at /home/kosmos/.rvm/rubies/ruby-1.9.3-p362/lib/ruby/1.9.1/openssl/buffering.rb:174 - read would block
Fetching: rake-0.9.2.2.gem (100%)
111616

$ ruby -rrbconfig -e 'p Dir.glob(File.join(RbConfig::CONFIG["sitelibdir"], "rubygems/ssl_certs/*"))'
["/home/kosmos/.rvm/rubies/ruby-1.9.3-p362/lib/ruby/site_ruby/1.9.1/rubygems/ssl_certs/ca-bundle.pem"]

$ruby -rhttpclient -e 'h = HTTPClient.new; h.ssl_config.verify_callback = proc { |ok, ctx|; p ctx.current_cert; ok }; h.get("https://d2chzxaqi4y7f8.cloudfront.net/gems/rake-0.9.2.2.gem")'
/home/kosmos/.rvm/rubies/ruby-1.9.3-p362/lib/ruby/site_ruby/1.9.1/rubygems/custom_require.rb:36:in `require': cannot load such file -- httpclient (LoadError)
        from /home/kosmos/.rvm/rubies/ruby-1.9.3-p362/lib/ruby/site_ruby/1.9.1/rubygems/custom_require.rb:36:in `require'

I replaced OpenSSL in my OS, so am not sure what to do now.

Any help would be appreciated.

Thanks!

@drbrain

This comment has been minimized.

Show comment
Hide comment
@drbrain

drbrain Jan 14, 2013

Member

@abowhill your problem is not a RubyGems problem, please file a ticket on the app composer project.

Member

drbrain commented Jan 14, 2013

@abowhill your problem is not a RubyGems problem, please file a ticket on the app composer project.

@simont

This comment has been minimized.

Show comment
Hide comment
@simont

simont Jan 17, 2013

In case this is useful for others, I have was having the composer error:

/.rvm/rubies/ruby-1.9.3-p194/lib/ruby/1.9.1/net/http.rb:799:in `connect': SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (OpenSSL::SSL::SSLError)

I updated openssl on the mac, rebuilt ruby 1.9.3 in rvm, etc. and all to no avail until I came across this post

http://andrewdeponte.com/2012/09/07/rvm-installed-ruby-%28ssl-certificate-verify-failed%29.html

which gives you a nice way to recreate the issue using IRB, then the fix is a curl command to put an updated certificate file into RVM's ssl directory and then (at least for me) the problem was solved and then generator worked correctly.

I hope this is useful to others.

simont commented Jan 17, 2013

In case this is useful for others, I have was having the composer error:

/.rvm/rubies/ruby-1.9.3-p194/lib/ruby/1.9.1/net/http.rb:799:in `connect': SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (OpenSSL::SSL::SSLError)

I updated openssl on the mac, rebuilt ruby 1.9.3 in rvm, etc. and all to no avail until I came across this post

http://andrewdeponte.com/2012/09/07/rvm-installed-ruby-%28ssl-certificate-verify-failed%29.html

which gives you a nice way to recreate the issue using IRB, then the fix is a curl command to put an updated certificate file into RVM's ssl directory and then (at least for me) the problem was solved and then generator worked correctly.

I hope this is useful to others.

@abowhill

This comment has been minimized.

Show comment
Hide comment
@abowhill

abowhill Jan 17, 2013

I'd like to add that I was able to fix the OpenSSL problem listed (FreeBSD platform) by doing an 'rvm pkg install openssl' similar to the previous post. The problem is fixed (a workaround) by rvm. The source of the problem is not composer.

I'd like to add that I was able to fix the OpenSSL problem listed (FreeBSD platform) by doing an 'rvm pkg install openssl' similar to the previous post. The problem is fixed (a workaround) by rvm. The source of the problem is not composer.

@ghost ghost referenced this issue Jan 29, 2013

Closed

clean deploy gets Faraday Error #31

@rosenfeld

This comment has been minimized.

Show comment
Hide comment
@rosenfeld

rosenfeld Oct 11, 2013

I'm having intermitent issues with SSL for a long time now in Debian sid which I've been able to work around by replacing the https source with the http version. But I can't finish configuring rbx 2.0.0 because it checks for lots of dependencies (Checking dependencies for ...) and eventually one of them will timeout when using SSL. I tried to run configure with RUBYGEMS_HOST=http://rubygems.org and now, instead of SSL timeout errors now I get another error:

previous error:

net/http.rb:918:inconnect': SSL_connect SYSCALL returned=5 errno=0 state=unknown state (OpenSSL::SSL::SSLError)`

current error (after changing source to http):

/home/rodrigo/.rvm/rubies/ruby-2.0.0-p247/lib/ruby/2.0.0/net/protocol.rb:153:inread_nonblock': end of file reached (EOFError)`

The error doesn't happen for all dependencies and not always for the same one.

I've been experiencing a hard time in the last months with regards to downloading gems from RubyGems. I didn't notice any other SSL/HTTPS related issues with anything else. Actually, Maven also seems to take too much time to download a pom (very tine file) sometimes which I'm assuming would eventually timeout although I don't wait to be sure (just press Ctrl+C and run the command again).

Any help on what this could be related to would be very helpful as this is driving me nuts already... :(

I'm having intermitent issues with SSL for a long time now in Debian sid which I've been able to work around by replacing the https source with the http version. But I can't finish configuring rbx 2.0.0 because it checks for lots of dependencies (Checking dependencies for ...) and eventually one of them will timeout when using SSL. I tried to run configure with RUBYGEMS_HOST=http://rubygems.org and now, instead of SSL timeout errors now I get another error:

previous error:

net/http.rb:918:inconnect': SSL_connect SYSCALL returned=5 errno=0 state=unknown state (OpenSSL::SSL::SSLError)`

current error (after changing source to http):

/home/rodrigo/.rvm/rubies/ruby-2.0.0-p247/lib/ruby/2.0.0/net/protocol.rb:153:inread_nonblock': end of file reached (EOFError)`

The error doesn't happen for all dependencies and not always for the same one.

I've been experiencing a hard time in the last months with regards to downloading gems from RubyGems. I didn't notice any other SSL/HTTPS related issues with anything else. Actually, Maven also seems to take too much time to download a pom (very tine file) sometimes which I'm assuming would eventually timeout although I don't wait to be sure (just press Ctrl+C and run the command again).

Any help on what this could be related to would be very helpful as this is driving me nuts already... :(

@rosenfeld

This comment has been minimized.

Show comment
Hide comment
@rosenfeld

rosenfeld Oct 11, 2013

If it helps, I tried to run this command many times:

curl -I https://d2chzxaqi4y7f8.cloudfront.net/gems/rake-0.9.2.2.gem

It succeeded 6 times but in the 7th I got this:

curl: (35) Unknown SSL protocol error in connection to d2chzxaqi4y7f8.cloudfront.net:443

If it helps, I tried to run this command many times:

curl -I https://d2chzxaqi4y7f8.cloudfront.net/gems/rake-0.9.2.2.gem

It succeeded 6 times but in the 7th I got this:

curl: (35) Unknown SSL protocol error in connection to d2chzxaqi4y7f8.cloudfront.net:443

@rosenfeld

This comment has been minimized.

Show comment
Hide comment
@rosenfeld

rosenfeld Oct 11, 2013

I could finally track down the issue to my router, a Netgear WGR614 v7. Maybe it's misconfigured somehow, but the fact is that if I take it out and connect directly to my Internet provider the problem go away. I'm so happy to find out the cause! :) Now I need to find a good router to replace mine :)

I could finally track down the issue to my router, a Netgear WGR614 v7. Maybe it's misconfigured somehow, but the fact is that if I take it out and connect directly to my Internet provider the problem go away. I'm so happy to find out the cause! :) Now I need to find a good router to replace mine :)

@rosenfeld

This comment has been minimized.

Show comment
Hide comment
@rosenfeld

rosenfeld Oct 13, 2013

The interesting thing is that I replaced my router with another identical model from my parents (they were experiencing other issues with it) and this one doesn't cause any issues :) Go figure it out... But I guess I won't buy another Netgear anytime soon just in case :)

The interesting thing is that I replaced my router with another identical model from my parents (they were experiencing other issues with it) and this one doesn't cause any issues :) Go figure it out... But I guess I won't buy another Netgear anytime soon just in case :)

@rkh

This comment has been minimized.

Show comment
Hide comment
@rkh

rkh Oct 16, 2013

We are seeing this a lot on Travis CI:

OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3 read server hello A: wrong version number

Example: https://travis-ci.org/deiga/new-Roydon/builds/12606737

rkh commented Oct 16, 2013

We are seeing this a lot on Travis CI:

OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3 read server hello A: wrong version number

Example: https://travis-ci.org/deiga/new-Roydon/builds/12606737

@dovadi

This comment has been minimized.

Show comment
Hide comment
@dovadi

dovadi Oct 16, 2013

I get the same message with my builds on Semaphore:

Fetching source index from https://rubygems.org/
Installing rake (10.1.0) 
....
....
Installing net-scp (1.1.2) 
Installing ruby-hmac (0.4.0) 
Installing fog (1.15.0) 
OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3 read server hello A: wrong version number
An error occurred while installing carrierwave_direct (0.0.13), and Bundler
cannot continue.
Make sure that `gem install carrierwave_direct -v '0.0.13'` succeeds before
bundling.

dovadi commented Oct 16, 2013

I get the same message with my builds on Semaphore:

Fetching source index from https://rubygems.org/
Installing rake (10.1.0) 
....
....
Installing net-scp (1.1.2) 
Installing ruby-hmac (0.4.0) 
Installing fog (1.15.0) 
OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3 read server hello A: wrong version number
An error occurred while installing carrierwave_direct (0.0.13), and Bundler
cannot continue.
Make sure that `gem install carrierwave_direct -v '0.0.13'` succeeds before
bundling.
@jonharmon

This comment has been minimized.

Show comment
Hide comment
@jonharmon

jonharmon Oct 16, 2013

Fixed this problem on my macbook air. This problem started when I was running Mac OS X 10.8 and remained after upgrading to 10.9. Below is the error when trying to do > gem install compass:

ERROR: Could not find a valid gem 'compass' (>= 0), here is why:
Unable to download data from https://rubygems.org/ - SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (https://s3.amazonaws.com/production.s3.rubygems.org/latest_specs.4.8.gz)

I'm back up and running again, I must have screwed something up in rvm as when I switched back to the pre-rvm state everything works again.

If this happened after installing rvm do:

rvm system

to revert back to your pre-rvm ruby.

Hopefully this helps others new to ruby like myself.

Fixed this problem on my macbook air. This problem started when I was running Mac OS X 10.8 and remained after upgrading to 10.9. Below is the error when trying to do > gem install compass:

ERROR: Could not find a valid gem 'compass' (>= 0), here is why:
Unable to download data from https://rubygems.org/ - SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (https://s3.amazonaws.com/production.s3.rubygems.org/latest_specs.4.8.gz)

I'm back up and running again, I must have screwed something up in rvm as when I switched back to the pre-rvm state everything works again.

If this happened after installing rvm do:

rvm system

to revert back to your pre-rvm ruby.

Hopefully this helps others new to ruby like myself.

@drbrain

This comment has been minimized.

Show comment
Hide comment
@drbrain

drbrain Oct 16, 2013

Member

@rkh read server hello A: wrong version number typically indicates the connection was closed during the SSL handshake (OpenSSL does not propagate underlying errors upward).

I more frequently get Errno::ETIMEDOUT from Travis when making outbound connections.

It seems that Travis VMs may have occasional connectivity problems.

@jonharmon read server certificate B: certificate verify failedmay be due to connection problems or missing certificates (which can be solved by updating RubyGems)

Member

drbrain commented Oct 16, 2013

@rkh read server hello A: wrong version number typically indicates the connection was closed during the SSL handshake (OpenSSL does not propagate underlying errors upward).

I more frequently get Errno::ETIMEDOUT from Travis when making outbound connections.

It seems that Travis VMs may have occasional connectivity problems.

@jonharmon read server certificate B: certificate verify failedmay be due to connection problems or missing certificates (which can be solved by updating RubyGems)

@sergiogomez

This comment has been minimized.

Show comment
Hide comment
@sergiogomez

sergiogomez Oct 23, 2013

I've got it with

rvm osx-ssl-certs update

as seen it http://stackoverflow.com/a/19143664

I've got it with

rvm osx-ssl-certs update

as seen it http://stackoverflow.com/a/19143664

@ajino2k

This comment has been minimized.

Show comment
Hide comment
@ajino2k

ajino2k Oct 22, 2015

Hi !
Please support case bundle install fluentd error ;
bundle install (Centos 6.7 64bit)

Gem::RemoteFetcher::FetchError: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (https://rubygems.org/gems/cool.io-1.4.1.gem)

[root@localhost ]# ruby -v
ruby 2.2.1p85 (2015-02-26 revision 49769) [x86_64-linux]

[root@localhost ]# gem -v
2.2.3

Thanks,

ajino2k commented Oct 22, 2015

Hi !
Please support case bundle install fluentd error ;
bundle install (Centos 6.7 64bit)

Gem::RemoteFetcher::FetchError: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (https://rubygems.org/gems/cool.io-1.4.1.gem)

[root@localhost ]# ruby -v
ruby 2.2.1p85 (2015-02-26 revision 49769) [x86_64-linux]

[root@localhost ]# gem -v
2.2.3

Thanks,

@agis

This comment has been minimized.

Show comment
Hide comment
@agis

agis Oct 22, 2015

Contributor

@cuong2k Have you tried the other suggestions mentioned in this issue? For example, if you're using rvm you can try rvm osx-ssl-certs update.

Contributor

agis commented Oct 22, 2015

@cuong2k Have you tried the other suggestions mentioned in this issue? For example, if you're using rvm you can try rvm osx-ssl-certs update.

@uchennafokoye

This comment has been minimized.

Show comment
Hide comment
@uchennafokoye

uchennafokoye Feb 6, 2016

I am also having a similar error with RailApp.

Gibbon::MailChimpError at /visitors
SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed @title=nil, @detail=nil, @Body=nil, @raw_body=nil, @status_code=nil

I have updated openssl with macport but I had already generated a new app with rails apps composer before updating the openssl. Could that be my issue? Any clues on how to fix this? I don't want to regenerate an entirely new app again.

I am also having a similar error with RailApp.

Gibbon::MailChimpError at /visitors
SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed @title=nil, @detail=nil, @Body=nil, @raw_body=nil, @status_code=nil

I have updated openssl with macport but I had already generated a new app with rails apps composer before updating the openssl. Could that be my issue? Any clues on how to fix this? I don't want to regenerate an entirely new app again.

@uchennafokoye

This comment has been minimized.

Show comment
Hide comment
@uchennafokoye

uchennafokoye Feb 6, 2016

Here's how I bypassed the error. This is a temporary solution.

I created a file in config/initializers called bypass_ssl_verification_for_open_uri.rb and then I placed this code:

OpenSSL::SSL.const_set(:VERIFY_PEER, OpenSSL::SSL::VERIFY_NONE)

You would get a warning :VERIFY_PEER has already been set, but once you reset your server, it should all work!

Here's how I bypassed the error. This is a temporary solution.

I created a file in config/initializers called bypass_ssl_verification_for_open_uri.rb and then I placed this code:

OpenSSL::SSL.const_set(:VERIFY_PEER, OpenSSL::SSL::VERIFY_NONE)

You would get a warning :VERIFY_PEER has already been set, but once you reset your server, it should all work!

@lalehmb

This comment has been minimized.

Show comment
Hide comment
@lalehmb

lalehmb Feb 20, 2016

I get the same error on vargant , linux system. and there's no rvm command on the machine + i'm a total newbie to ruby at least!

may someone help me handle this? as everything i find is related to mac or windows!

lalehmb commented Feb 20, 2016

I get the same error on vargant , linux system. and there's no rvm command on the machine + i'm a total newbie to ruby at least!

may someone help me handle this? as everything i find is related to mac or windows!

@drbrain

This comment has been minimized.

Show comment
Hide comment
@drbrain

drbrain Jan 17, 2017

Member

@mcshakes bundler errors are reported on the bundler repo, this is RubyGems.

Do you get an error with gem install?

Member

drbrain commented Jan 17, 2017

@mcshakes bundler errors are reported on the bundler repo, this is RubyGems.

Do you get an error with gem install?

@mcshakes

This comment has been minimized.

Show comment
Hide comment
@mcshakes

mcshakes Jan 17, 2017

Hmm I did, but reinstalled the latest version of Ruby and copy-pasting a certificate in the .pem file. This fixed gem install errors. My mistake! Thanks, and I'll head on over to the bundler. Will delete previous comment

mcshakes commented Jan 17, 2017

Hmm I did, but reinstalled the latest version of Ruby and copy-pasting a certificate in the .pem file. This fixed gem install errors. My mistake! Thanks, and I'll head on over to the bundler. Will delete previous comment

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment