Mrinmay Kalita
asked on
SSL Certificate verification failure
Hello,
Beautiful people of Experts-Exchange,
I have an app built on ruby on rails running on a Linode server. The app has iOS and android versions available as code in Bitbucket for source control.
The app uses cloud hosting on cloudspace.com and rackspace.com.
When I send text from one end to another for 2 registered users; it gets delivered. But when I send pictures; there is an image failure with only placeholder shown in receiver.
Log shows
OpenSSL::SSL::SSLError (SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed):
app/controllers/api/v1/use rs_control ler.rb:16: in `auth_cloud'
The bucket has a users_controller.rb which (on branch 'auth_cloud') in api_server/app/controllers /api/v1 that looks like -
def auth_cloud
uri = URI 'https://identity.api.rackspacecloud.com/v2.0/tokens'
data = { 'auth' => { "RAX-KSKEY:apiKeyCredentia ls" => { 'username' => '***' , 'apiKey' => '***' }} }
json_headers = {"Content-Type" => "application/json", "Accept" => "application/json"}
http = Net::HTTP.new uri.host, 443
http.use_ssl = true
res = http.post uri.path, data.to_json, json_headers
if res //This is line 16
data = JSON.parse res.body
render json: { response: data['access']['token']['i d'] }
else
render json: { error: 'could not auth to rackspace' }, status: 401
end
end
Two attached screenshots show that cloud-drive and s3 aws bucket are used.
The current environment setting in environment.rb looks like -
require 'openssl'
ENV['SSL_CERT_FILE']=/etc/ production /nginx/cac ert.pem
Strace (dtruss) on the command for accessing rackspace {mentioned below) using curl shows that /etc/ssl/cert.pem in the other linode is being accessed. I was recommended to place the updated ca cert bundle from https://curl.haxx.se/ca/cacert.pem; where do I update the directory/environment variables?
dtruss command -
sudo dtruss ./curl -i -X POST https://storage101.ord1.clouddrive.com/v1/MossoCloudFS_917607/thumb -H "X-Auth-Token: ***" 2>/tmp/output.txt
Beautiful people of Experts-Exchange,
I have an app built on ruby on rails running on a Linode server. The app has iOS and android versions available as code in Bitbucket for source control.
The app uses cloud hosting on cloudspace.com and rackspace.com.
When I send text from one end to another for 2 registered users; it gets delivered. But when I send pictures; there is an image failure with only placeholder shown in receiver.
Log shows
OpenSSL::SSL::SSLError (SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed):
app/controllers/api/v1/use
The bucket has a users_controller.rb which (on branch 'auth_cloud') in api_server/app/controllers
def auth_cloud
uri = URI 'https://identity.api.rackspacecloud.com/v2.0/tokens'
data = { 'auth' => { "RAX-KSKEY:apiKeyCredentia
json_headers = {"Content-Type" => "application/json", "Accept" => "application/json"}
http = Net::HTTP.new uri.host, 443
http.use_ssl = true
res = http.post uri.path, data.to_json, json_headers
if res //This is line 16
data = JSON.parse res.body
render json: { response: data['access']['token']['i
else
render json: { error: 'could not auth to rackspace' }, status: 401
end
end
Two attached screenshots show that cloud-drive and s3 aws bucket are used.
The current environment setting in environment.rb looks like -
require 'openssl'
ENV['SSL_CERT_FILE']=/etc/
Strace (dtruss) on the command for accessing rackspace {mentioned below) using curl shows that /etc/ssl/cert.pem in the other linode is being accessed. I was recommended to place the updated ca cert bundle from https://curl.haxx.se/ca/cacert.pem; where do I update the directory/environment variables?
dtruss command -
sudo dtruss ./curl -i -X POST https://storage101.ord1.clouddrive.com/v1/MossoCloudFS_917607/thumb -H "X-Auth-Token: ***" 2>/tmp/output.txt
I had the same problem, thanks for sharing the information and code.
ASKER
solved by correct certificate files and rvm updates
This question needs an answer!
Become an EE member today
7 DAY FREE TRIALMembers can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Both storage buckets are good, Also the authentication 'https://identity.api.rackspacecloud.com/v2.0/tokens' is good.
So your client, doing the authentication, is at fault. I think that you already suspect that, given that you look for where to put the curl ca bundle.
But you have to place it on the client side.
You can try to instruct Ruby to use curl-like behaviour towwards SSL by using
OpenSSL::X509::Store#set_d