Created
January 5, 2011 23:46
-
-
Save pweldon/767249 to your computer and use it in GitHub Desktop.
Test setting up SSL_CERT_FILE in mingw32 ruby
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| C:\Users\Peter\Ruby>mkdir cacert_test | |
| C:\Users\Peter\Ruby>cd cacert_test | |
| C:\Users\Peter\Ruby\cacert_test>ruby -v | |
| ruby 1.9.3dev (2010-12-28 trunk 30406) [i386-mingw32] | |
| C:\Users\Peter\Ruby\cacert_test>set SSL_CERT_FILE= | |
| C:\Users\Peter\Ruby\cacert_test>ruby -ropen-uri -e 'open("https://www.google.com/accounts").read' | |
| C:/Users/Peter/ruby-1.9.3dev-p30406/lib/ruby/1.9.1/net/http.rb:782:in `connect': SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certifica | |
| te verify failed (OpenSSL::SSL::SSLError) | |
| from C:/Users/Peter/ruby-1.9.3dev-p30406/lib/ruby/1.9.1/net/http.rb:782:in `connect' | |
| from C:/Users/Peter/ruby-1.9.3dev-p30406/lib/ruby/1.9.1/net/http.rb:742:in `do_start' | |
| from C:/Users/Peter/ruby-1.9.3dev-p30406/lib/ruby/1.9.1/net/http.rb:731:in `start' | |
| from C:/Users/Peter/ruby-1.9.3dev-p30406/lib/ruby/1.9.1/open-uri.rb:306:in `open_http' | |
| from C:/Users/Peter/ruby-1.9.3dev-p30406/lib/ruby/1.9.1/open-uri.rb:769:in `buffer_open' | |
| from C:/Users/Peter/ruby-1.9.3dev-p30406/lib/ruby/1.9.1/open-uri.rb:203:in `block in open_loop' | |
| from C:/Users/Peter/ruby-1.9.3dev-p30406/lib/ruby/1.9.1/open-uri.rb:201:in `catch' | |
| from C:/Users/Peter/ruby-1.9.3dev-p30406/lib/ruby/1.9.1/open-uri.rb:201:in `open_loop' | |
| from C:/Users/Peter/ruby-1.9.3dev-p30406/lib/ruby/1.9.1/open-uri.rb:146:in `open_uri' | |
| from C:/Users/Peter/ruby-1.9.3dev-p30406/lib/ruby/1.9.1/open-uri.rb:671:in `open' | |
| from C:/Users/Peter/ruby-1.9.3dev-p30406/lib/ruby/1.9.1/open-uri.rb:33:in `open' | |
| from -e:1:in `<main>' | |
| C:\Users\Peter\Ruby\cacert_test>ruby -ropen-uri -e 'IO.copy_stream(open("http://curl.haxx.se/ca/cacert.pem"), "cacert.pem")' | |
| C:\Users\Peter\Ruby\cacert_test>dir | |
| Volume in drive C has no label. | |
| Volume Serial Number is C871-5C0C | |
| Directory of C:\Users\Peter\Ruby\cacert_test | |
| 05/01/2011 03:41 PM <DIR> . | |
| 05/01/2011 03:41 PM <DIR> .. | |
| 05/01/2011 03:41 PM 225,828 cacert.pem | |
| 1 File(s) 225,828 bytes | |
| 2 Dir(s) 83,022,680,064 bytes free | |
| C:\Users\Peter\Ruby\cacert_test>set SSL_CERT_FILE=%CD%\cacert.pem | |
| C:\Users\Peter\Ruby\cacert_test>ruby -ropen-uri -e 'puts open("https://www.google.com/accounts").read' | |
| <html> | |
| <style type="text/css"> | |
| <!-- | |
| body { font-family: arial,sans-serif; background-color: #fff; margin-top: 2; } | |
| td {font-family: arial, sans-serif;} | |
| .c { width: 4; height: 4; } | |
| a:link { color: #00c; } | |
| a:visited { color: #551a8b; } | |
| a:active { color: #f00; } | |
| .form-noindent { background-color: #fff; border: 1px solid #c3d9ff; } | |
| --> | |
| </style> | |
| <style type="text/css"><!-- | |
| .gaia.le.lbl { font-family: Arial, Helvetica, sans-serif; font-size: smaller; } | |
| .gaia.le.fpwd { font-family: Arial, Helvetica, sans-serif; font-size: 70%; } | |
| .gaia.le.chusr { font-family: Arial, Helvetica, sans-serif; font-size: 70%; } | |
| .gaia.le.val { font-family: Arial, Helvetica, sans-serif; font-size: smaller; } | |
| .gaia.le.button { font-family: Arial, Helvetica, sans-serif; font-size: smaller; } | |
| .gaia.le.rem { font-family: Arial, Helvetica, sans-serif; font-size: smaller; } | |
| .gaia.captchahtml.desc { font-family: arial, sans-serif; font-size: smaller; } | |
| .gaia.captchahtml.cmt { font-family: arial, sans-serif; font-size: smaller; font-style: italic; } | |
| --></style> | |
| <head> | |
| <title>Google Accounts</title> | |
| .... | |
| C:\Users\Peter\Ruby\cacert_test> |
This solution works for me, to an extent. Using the URL's above, setting the SSL_CERT_FILE to the download .pem file works a treat. However, when I use a different url, say https://api.flickr.com/services, I get back to the same issue. Any one got any ideas?
Seems to need Verisign's old root certificate.
Try:
ruby -ropen-uri -e 'IO.copy_stream(open("http://www.symantec.com/content/en/us/enterprise/verisign/roots/Class-3-Public-Primary-Certification-Authority.pem"), "cacert.pem")'
I'm no expert, more details here:
- https://knowledge.verisign.com/support/ssl-certificates-support/index?page=content&id=AR1556&actp=search&viewlocale=en_US&searchid=1368166057387
- http://www.symantec.com/page.jsp?id=roots
HTH
@pweldon this works perfectly for me, thank you for taking the time to reply!
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This is a great solution.