Skip to content

Instantly share code, notes, and snippets.

@mtigas
Last active February 26, 2016 02:05
Show Gist options
  • Save mtigas/416e172d879304af04ad to your computer and use it in GitHub Desktop.
Save mtigas/416e172d879304af04ad to your computer and use it in GitHub Desktop.

Updating rbenv Ruby to use newer OpenSSL versions

rbenv/ruby-build don’t use Homebrew-installed versions of OpenSSL — instead, they on OS X's built-in ancient version.

This can throw OpenSSL::SSL::SSLErrors when talking to websites that enforce newer SSL/TLS protocols and ciphersuites.


1: Dependencies

Update all the things.

brew update
brew upgrade rbenv
brew upgrade ruby-build
brew upgrade openssl

2: Install a new Ruby

Pick your Ruby version. This'll give you a list of all the available versions, though you'll only be interested in the "normal" ones at the top, 1.8.X, 1.9.X, 2.0.X, 2.1.X, etc.

ruby-build --definitions

The rest of this document assumes 1.9.3-p547.

If you're reinstalling a version you already have (so you can get the OpenSSL fix), you'll want to uninstall the current copy first:

rbenv uninstall -f 1.9.3-p547`

Install the new Ruby, telling it to use Homebrew’s OpenSSL -- and not the OS X system default one:

RUBY_CONFIGURE_OPTS="--with-openssl-dir=`brew --prefix openssl`" rbenv install 1.9.3-p547

3: Tell your project to use this new Ruby

Update your Ruby project, switch it over to this new version of Ruby 1.9.3, and reinstall the project's dependencies.

cd /path/to/your/project

rbenv local 1.9.3-p547

rbenv rehash
gem install bundler
bundle install

And test that your new Ruby doing all the right things:

$ ruby -v
ruby 1.9.3p547 (2014-05-14 revision 45962) [x86_64-darwin13.1.0]

$ ruby -ropenssl -e 'puts OpenSSL::OPENSSL_VERSION'
OpenSSL 1.0.1g 7 Apr 2014

In theory, you won’t need any cacert.pem fixes (or similar), as long as you use a Ruby installed in this manner.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment