Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Net::IMAP won't connect to my IMAP server with jruby-openssl 0.9.17, MRI has no problems with it. #106

Closed
bgalbrecht opened this issue Sep 26, 2016 · 4 comments
Closed

Net::IMAP won't connect to my IMAP server with jruby-openssl 0.9.17, MRI has no problems with it. #106

bgalbrecht opened this issue Sep 26, 2016 · 4 comments

Comments

@bgalbrecht
Copy link

bgalbrecht commented Sep 26, 2016
edited by headius 

require 'net/imap'
imap = Net::IMAP.new('imap.zuhause.org', 993, true)
__END__
OpenSSL::SSL::SSLError: certificate verify failed
        from org/jruby/ext/openssl/SSLSocket.java:217:in `connect'
        from /usr/home/bruce/jruby-9.1.5.0/lib/ruby/stdlib/net/imap.rb:1492:in `start_tls_session'
        from /usr/home/bruce/jruby-9.1.5.0/lib/ruby/stdlib/net/imap.rb:1085:in `initialize'
        from (irb):2:in `<eval>'
        from org/jruby/RubyKernel.java:995:in `eval'
        from org/jruby/RubyKernel.java:1296:in `loop'
        from org/jruby/RubyKernel.java:1115:in `catch'
        from org/jruby/RubyKernel.java:1115:in `catch'
        from /home/bruce/jruby-9.1.5.0/bin/irb:13:in `<main>'

MRI successfully connects to the server:

irb(main):001:0> require 'net/imap'
=> true
irb(main):002:0>   imap = Net::IMAP.new('imap.zuhause.org', 993, true)
=> #<Net::IMAP:0x00000805961290 @mon_owner=nil, @mon_count=0, @mon_mutex=#<Thread::Mutex:0x000008059611f0>, @host="imap.zuhause.org", @port=993, @tag_prefix="RUBY", @tagno=0, @parser=#<Net::IMAP::ResponseParser:0x00000805961060 @str="* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN AUTH=LOGIN] Welcome to ZuHause.org\r\n", @pos=122, @lex_state=:EXPR_BEG, @token=nil, @flag_symbols={}>, @sock=#<OpenSSL::SSL::SSLSocket:0x00000805960e08 @io=#<TCPSocket:fd 9>, @context=#<OpenSSL::SSL::SSLContext:0x00000805960fe8 @cert=nil, @key=nil, @client_ca=nil, @ca_file=nil, @ca_path=nil, @timeout=nil, @verify_mode=1, @verify_depth=nil, @renegotiation_cb=nil, @verify_callback=nil, @cert_store=#<OpenSSL::X509::Store:0x000008034bf658 @verify_callback=nil, @error=nil, @error_string=nil, @chain=nil, @time=nil>, @extra_chain_cert=nil, @client_cert_cb=nil, @session_id_context=nil, @tmp_dh_callback=nil, @session_get_cb=nil, @session_new_cb=nil, @session_remove_cb=nil, @tmp_ecdh_callback=nil, @servername_cb=nil, @npn_protocols=nil, @alpn_protocols=nil, @alpn_select_cb=nil, @npn_select_cb=nil>, @sync_close=true, @hostname=nil, @eof=false, @rbuffer="", @sync=true, @callback_state=nil>, @usessl=true, @responses={}, @tagged_responses={}, @response_handlers=[], @tagged_response_arrival=#<MonitorMixin::ConditionVariable:0x00000805960160 @monitor=#<Net::IMAP:0x00000805961290 ...>, @cond=#<Thread::ConditionVariable:0x00000805960138>>, @continuation_request_arrival=#<MonitorMixin::ConditionVariable:0x000008059600e8 @monitor=#<Net::IMAP:0x00000805961290 ...>, @cond=#<Thread::ConditionVariable:0x000008059600c0>>, @idle_done_cond=nil, @logout_command_tag=nil, @debug_output_bol=true, @exception=nil, @greeting=#<struct Net::IMAP::UntaggedResponse name="OK", data=#<struct Net::IMAP::ResponseText code=#<struct Net::IMAP::ResponseCode name="CAPABILITY", data="IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN AUTH=LOGIN">, text=" Welcome to ZuHause.org">, raw_data="* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN AUTH=LOGIN] Welcome to ZuHause.org\r\n">, @client_thread=#<Thread:0x00000802d8f3d8 run>, @receiver_thread=#<Thread:0x00000802f391c0@/usr/local/lib/ruby/2.3/net/imap.rb:1109 sleep>, @receiver_thread_terminating=false>

@headius
Copy link
Member

headius commented Sep 26, 2016

Confirmed locally. We're not providing enough information in the SSLError to know what's wrong without a bit of digging.

@headius
Copy link
Member

headius commented Sep 26, 2016

@bgalbrecht Thanks for the simple example using your imap server! I don't suppose you could come up with a standalone reproduction that doesn't require us to have a separate server running, could you? It would definitely help us move forward on fixing this.

@bgalbrecht
Copy link
Author

This stopped working when I replaced a certificate for just imap.zuhause.org with a certificate for zuhause.org with about a half-dozen subject alternative names including imap.zuhause.org.

@bgalbrecht
Copy link
Author

I updated the cacerts file for my openjdk8 jre that included a trusted cert for ISRG Root X1 Valid Certificate, which signed the Let's Encrypt root certificate, and it's working now. Supposedly version 8u101 should have this cert in the cacerts file but I had to add it to get it to work.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@headius @bgalbrecht