Skip to content

Instantly share code, notes, and snippets.

What would you like to do?

Updating rbenv Ruby to use newer OpenSSL versions

rbenv/ruby-build don’t use Homebrew-installed versions of OpenSSL — instead, they on OS X's built-in ancient version.

This can throw OpenSSL::SSL::SSLErrors when talking to websites that enforce newer SSL/TLS protocols and ciphersuites.

1: Dependencies

Update all the things.

brew update
brew upgrade rbenv
brew upgrade ruby-build
brew upgrade openssl

2: Install a new Ruby

Pick your Ruby version. This'll give you a list of all the available versions, though you'll only be interested in the "normal" ones at the top, 1.8.X, 1.9.X, 2.0.X, 2.1.X, etc.

ruby-build --definitions

The rest of this document assumes 1.9.3-p547.

If you're reinstalling a version you already have (so you can get the OpenSSL fix), you'll want to uninstall the current copy first:

rbenv uninstall -f 1.9.3-p547`

Install the new Ruby, telling it to use Homebrew’s OpenSSL -- and not the OS X system default one:

RUBY_CONFIGURE_OPTS="--with-openssl-dir=`brew --prefix openssl`" rbenv install 1.9.3-p547

3: Tell your project to use this new Ruby

Update your Ruby project, switch it over to this new version of Ruby 1.9.3, and reinstall the project's dependencies.

cd /path/to/your/project

rbenv local 1.9.3-p547

rbenv rehash
gem install bundler
bundle install

And test that your new Ruby doing all the right things:

$ ruby -v
ruby 1.9.3p547 (2014-05-14 revision 45962) [x86_64-darwin13.1.0]

$ ruby -ropenssl -e 'puts OpenSSL::OPENSSL_VERSION'
OpenSSL 1.0.1g 7 Apr 2014

In theory, you won’t need any cacert.pem fixes (or similar), as long as you use a Ruby installed in this manner.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.