Skip to content

Instantly share code, notes, and snippets.

@pezra

pezra/ssl-weirdness.md

Last active October 9, 2016 19:55
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save pezra/3d3072e8bbf39db6168625ae19e2a074 to your computer and use it in GitHub Desktop.
Save pezra/3d3072e8bbf39db6168625ae19e2a074 to your computer and use it in GitHub Desktop.
Download ZIP
SSL weirdness
Raw
ssl-weirdness.md

SSL connections from ruby are unable to verify a cert that curl and openssl are able to. Below i use the same cert.pem file for both curl and ruby but get different outcomes.

In irb:

> irb(main):004:0> http = Net::HTTP.new("localhost", 4000) 
> irb(main):006:0> http.use_ssl = true 
> irb(main):007:0> http.cert_store = OpenSSL::X509::Store.new 
> irb(main):008:0> http.cert_store.add_file('/usr/local/etc/openssl/cert.pem') 
> irb(main):009:0> http.request_get("/") 
> OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=error: certificate verify failed

In a shell:

> $ curl --cacert /usr/local/etc/openssl/cert.pem https://localhost:4000/
> Resource not found.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment