You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I've a web service over HTTPS with self-signed SSL certificate on CentOS 6.5. I can't connect to it securely when providing ca_path parameter with net/http and JRuby 1.7.16 (works with MRI Ruby 2.1.2):
require'net/http'require'net/https'require'uri'# Standard path on RedHat systemsca_path='/etc/pki/tls/certs'url=URI.parse'https://api.example.com'http=Net::HTTP.new(url.host,url.port)http.set_debug_output $stderr
http.use_ssl=(url.scheme == 'https')if(File.directory?(ca_path) && http.use_ssl?)http.ca_path=ca_pathhttp.verify_mode=OpenSSL::SSL::VERIFY_PEERhttp.verify_depth=5elsehttp.verify_mode=OpenSSL::SSL::VERIFY_NONEendrequest=Net::HTTP::Get.new(url.path)response=http.request(request)putsresponse.inspect
Result:
certificate verify failed
It works when providing ca_file = '/etc/pki/tls/certs/ca-bundle.crt' instead (but adding self-signed certificates to the bundle is a bad idea...)
The text was updated successfully, but these errors were encountered:
Solution: generate x509 certificate hashes with -subject_hash_old instead of (or in addition to) -subject_hash.
JRuby's implementation of OpenSSL uses old, 0.9.8-compatible hashes (that's why it works out of the box in FreeBSD 9.x). I think it should be documented somewhere, because it is surprising that something works with openssl s_client testing (and in every program that links to OpenSSL library) and fails with JRuby.
Hi!
I've a web service over HTTPS with self-signed SSL certificate on CentOS 6.5. I can't connect to it securely when providing
ca_path
parameter with net/http and JRuby 1.7.16 (works with MRI Ruby 2.1.2):Result:
It works when providing
ca_file = '/etc/pki/tls/certs/ca-bundle.crt'
instead (but adding self-signed certificates to the bundle is a bad idea...)The text was updated successfully, but these errors were encountered: