Windows: net/http SSL_connect certificate verify failed

I'm having a very similar issue to another thread[1], but instead of trying to install a gem, I'm just trying to use the net/http gem, and getting the same SSL certificate error:

in 'connect': SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (OpenSSL::SSL:SSLError)


I've applied the Rubygems 2.0.15 update[2] referenced in the other thread, and I've verified that Rubymine is using Rubygems 2.0.15 (Tools > Show Gem Environment).  When that didn't work, I looked at the manual steps and determined that the manual steps described were completed, probably by the 2.0.15 upgrade.  That is, there is a file AddTrustExternalCARoot-2048.pem in the directory C:\Ruby200-x64\lib\ruby\2.0.0\rubygems\ssl_certs, and that file's content matches the file described in the manual steps.

I also verified the certificate of the URL I'm trying to reach is valid/correct in a browser.  (The URL is internal, so I'm unable to provide it.)

I can also see in Rubymine that the error is coming from the net/http gem in the same path - C:\Ruby200-x64\lib\ruby\2.0.0\net\http.rb.

The time wasted trying to sort out this problem is very frustrating, so any ideas or suggestions would be appreciated.

thanks

[1] https://devnet.jetbrains.com/click.jspa?searchID=1238771&objectType=2&objectID=5559673
[2] https://gist.github.com/luislavena/f064211759ee0f806c88
1 comment
Comment actions Permalink

This is a bad answer, but it is an answer.  Basically, I figured out how to turn off SSL certificate verification entirely.

I had been using the short POST method, but I changed to the longer ("full control") approach[1] and added these lines:

http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE


The Rubymine inspector complains that it can't find the VERIFY_NONE constant, but at least it works.  It's a terrible solution, because it's not really a solution at all.  It's a lousy hack.

[1] http://www.rubyinside.com/nethttp-cheat-sheet-2940.html

0

Please sign in to leave a comment.