OpenSSL::SSL::SSLError SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
Question
My Environment,
% openssl version
OpenSSL 0.9.8r 8 Feb 2011
% curl --version
curl 7.24.0 (x86_64-apple-darwin12.0) libcurl/7.24.0 OpenSSL/0.9.8r zlib/1.2.5
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp smtp smtps telnet tftp
Features: AsynchDNS GSS-Negotiate IPv6 Largefile NTLM NTLM_WB SSL libz
% rails -v
Rails 3.0.3
% ruby -v
ruby 1.9.2p320 (2012-04-20 revision 35421) [x86_64-darwin12.2.0]
% rvm --version
rvm 1.15.0 (latest) by Wayne E. Seguin <wayneeseguin@gmail.com>, Michal Papis <mpapis@gmail.com> [https://rvm.io/]
omniauth version is '0.2.6'
then I log in via facebook with omniauth and get the following error.
OpenSSL::SSL::SSLError
SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
I tried to fix this problem.
add one line into ~/.zshrc
export CURL_CA_BUNDLE='/System/Library/OpenSSL/certs/cert.pem'
I'm using homebrew. and curl-config --ca show empty line.
% curl-config --ca
(empty output)
how can I solve this problem?
Thanks in advance.
3 answers
solution1
6 ACCPTED 2012-12-07 18:21:34
if you using brew and rvm, use the following:
rvm remove 1.9.3
brew install openssl
rvm install 1.9.3 --with-openssl-dir=`brew --prefix openssl`
solution2
2 2013-02-07 08:47:14
There is a bunch of solutions that might work for you here :
http://railsapps.github.com/openssl-certificate-verify-failed.html
If it still doesn't work, the answer from Rahul almost worked for me, except that i had to force the download of the certificate in the rvm SSL folder :
rvm pkg install openssl
rvm install 1.9.3-p374 –with-openssl-dir=$rvm_path/usr
cd $rvm_path/usr/ssl
curl -O http://curl.haxx.se/ca/cacert.pem
mv cacert.pem cert.pem
Hope this helps, Vincent
solution3
1 2012-09-24 16:13:30
Two things that might help. Firstly you can use openssl at the command line to test that your certificates are chained together properly. For example:
openssl verify -CAfile your-bundle.crt your.crt
This may involve adding the public key from facebook to your bundle, but it's hard to say without more details of the certificates that you're using. Secondly you are on the right path in exporting the CURL_CA_BUNDLE. Once the chain is correct then another option is to use curl with some commandline options. For example:
curl --verbose --head https://example.com:443/ --cert ./testclient.crt --key testclient.key --cacert test-bundle.crt
Sorry I can't help with the omniauth side of your question. Good luck!
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.