You are viewing a plain text version of this content. The canonical link for it is here.
Posted to httpclient-users@hc.apache.org by Mike Papper <bo...@gmail.com> on 2011/03/29 01:39:00 UTC
Failure to read SSL certs with Red Hat RHEL 4 versions of openssl
Hi, Im looking for help using HttpClient with Ruby on Rails. Heres our environment:
Red Hat Enterprise Linux ES release 4 (Nahant Update 4)
openssl version: OpenSSL 0.9.8e 23 Feb 2007 or OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008 or OpenSSL 0.9.7a Feb 19 2003
ruby: 1.8.6 or 1.8.7
httpclient ruby gem: httpclient 2.1.5.2
If this is the incorrect forum for openssl/httpclient I would appreciate direction to the proper forum, thanks.
I try to contact a SSL-based Http server. Im using ruby with soap and httpclient. I see this error:
loading wsdl: https://test.secure.bhg.com/ws/profile/authenticate?WSDL
cacerts loading failed
at depth 2 - 20: unable to get local issuer certificate
cacerts loading failed
at depth 2 - 20: unable to get local issuer certificate
cacerts loading failed
at depth 2 - 20: unable to get local issuer certificate
cacerts loading failed
at depth 2 - 20: unable to get local issuer certificate
cacerts loading failed
Wire dump:
= Request
! CONNECT TO test.secure.XYZ.com:443
! CONNECTION ESTABLISHED
at depth 2 - 20: unable to get local issuer certificate
! CONNECTION CLOSED
OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
from /usr/local/lib/ruby/gems/1.8/gems/httpclient-2.1.5.2/lib/httpclient/session.rb:247:in `connect'
from /usr/local/lib/ruby/gems/1.8/gems/httpclient-2.1.5.2/lib/httpclient/session.rb:247:in `ssl_connect'
from /usr/local/lib/ruby/gems/1.8/gems/httpclient-2.1.5.2/lib/httpclient/session.rb:639:in `connect'
from /usr/local/lib/ruby/gems/1.8/gems/httpclient-2.1.5.2/lib/httpclient/timeout.rb:128:in `timeout'
from /usr/local/lib/ruby/gems/1.8/gems/httpclient-2.1.5.2/lib/httpclient/session.rb:631:in `connect'
from /usr/local/lib/ruby/gems/1.8/gems/httpclient-2.1.5.2/lib/httpclient/session.rb:522:in `query'
from /usr/local/lib/ruby/gems/1.8/gems/httpclient-2.1.5.2/lib/httpclient/session.rb:147:in `query'
from /usr/local/lib/ruby/gems/1.8/gems/httpclient-2.1.5.2/lib/httpclient.rb:953:in `do_get_block'
from /usr/local/lib/ruby/gems/1.8/gems/httpclient-2.1.5.2/lib/httpclient.rb:765:in `do_request'
from /usr/local/lib/ruby/gems/1.8/gems/httpclient-2.1.5.2/lib/httpclient.rb:848:in `protect_keep_alive_disconnected'
from /usr/local/lib/ruby/gems/1.8/gems/httpclient-2.1.5.2/lib/httpclient.rb:764:in `do_request'
from /usr/local/lib/ruby/gems/1.8/gems/httpclient-2.1.5.2/lib/httpclient.rb:666:in `request'
from /usr/local/lib/ruby/gems/1.8/gems/httpclient-2.1.5.2/lib/httpclient.rb:596:in `post'
from /usr/local/lib/ruby/1.8/soap/streamHandler.rb:170:in `send_post'
from /usr/local/lib/ruby/1.8/soap/streamHandler.rb:109:in `send'
from /usr/local/lib/ruby/1.8/soap/rpc/proxy.rb:170:in `route'
from /usr/local/lib/ruby/1.8/soap/rpc/proxy.rb:141:in `call'
from /usr/local/lib/ruby/1.8/soap/rpc/driver.rb:178:in `call'
from /usr/local/lib/ruby/1.8/soap/rpc/driver.rb:232:in `authenticate'
from /u/apps/divine_caroline/releases/20110325223326/lib/registration_service.rb:215:in `authenticate'
===================
Some Notes:
I have been able to successfully run this code from CentOS 5.4 built server using the 0.9.8e openssl libraries. So, it seems there are other differences between centOS 5.4 and RHEL4 (other than openssl) that cause it not to work.
Any insight would be appreciated.
Mike
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org
Re: Failure to read SSL certs with Red Hat RHEL 4 versions of openssl
Posted by sebb <se...@gmail.com>.
On 29 March 2011 00:39, Mike Papper <bo...@gmail.com> wrote:
> Hi, Im looking for help using HttpClient with Ruby on Rails. Heres our environment:
>
> Red Hat Enterprise Linux ES release 4 (Nahant Update 4)
> openssl version: OpenSSL 0.9.8e 23 Feb 2007 or OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008 or OpenSSL 0.9.7a Feb 19 2003
> ruby: 1.8.6 or 1.8.7
> httpclient ruby gem: httpclient 2.1.5.2
>
> If this is the incorrect forum for openssl/httpclient I would appreciate direction to the proper forum, thanks.
This is the correct forum for Apache HttpComponents HttpClient 4.x and
the older Apache Commons HttpClient 3.x , but is not the correct forum
for any other HttpClient implementations, of which there are many.
It looks like you are using a Ruby version of HttpClient.
I suggest you check the Ruby documentation and/or website or try a
search engine using a term from the stack trace, e.g.
httpclient-2.1.5.2/lib/httpclient/session.rb
> I try to contact a SSL-based Http server. Im using ruby with soap and httpclient. I see this error:
>
> loading wsdl: https://test.secure.bhg.com/ws/profile/authenticate?WSDL
> cacerts loading failed
> at depth 2 - 20: unable to get local issuer certificate
> cacerts loading failed
> at depth 2 - 20: unable to get local issuer certificate
> cacerts loading failed
> at depth 2 - 20: unable to get local issuer certificate
> cacerts loading failed
> at depth 2 - 20: unable to get local issuer certificate
> cacerts loading failed
>
> Wire dump:
>
> = Request
>
> ! CONNECT TO test.secure.XYZ.com:443
> ! CONNECTION ESTABLISHED
> at depth 2 - 20: unable to get local issuer certificate
> ! CONNECTION CLOSED
> OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
> from /usr/local/lib/ruby/gems/1.8/gems/httpclient-2.1.5.2/lib/httpclient/session.rb:247:in `connect'
> from /usr/local/lib/ruby/gems/1.8/gems/httpclient-2.1.5.2/lib/httpclient/session.rb:247:in `ssl_connect'
> from /usr/local/lib/ruby/gems/1.8/gems/httpclient-2.1.5.2/lib/httpclient/session.rb:639:in `connect'
> from /usr/local/lib/ruby/gems/1.8/gems/httpclient-2.1.5.2/lib/httpclient/timeout.rb:128:in `timeout'
> from /usr/local/lib/ruby/gems/1.8/gems/httpclient-2.1.5.2/lib/httpclient/session.rb:631:in `connect'
> from /usr/local/lib/ruby/gems/1.8/gems/httpclient-2.1.5.2/lib/httpclient/session.rb:522:in `query'
> from /usr/local/lib/ruby/gems/1.8/gems/httpclient-2.1.5.2/lib/httpclient/session.rb:147:in `query'
> from /usr/local/lib/ruby/gems/1.8/gems/httpclient-2.1.5.2/lib/httpclient.rb:953:in `do_get_block'
> from /usr/local/lib/ruby/gems/1.8/gems/httpclient-2.1.5.2/lib/httpclient.rb:765:in `do_request'
> from /usr/local/lib/ruby/gems/1.8/gems/httpclient-2.1.5.2/lib/httpclient.rb:848:in `protect_keep_alive_disconnected'
> from /usr/local/lib/ruby/gems/1.8/gems/httpclient-2.1.5.2/lib/httpclient.rb:764:in `do_request'
> from /usr/local/lib/ruby/gems/1.8/gems/httpclient-2.1.5.2/lib/httpclient.rb:666:in `request'
> from /usr/local/lib/ruby/gems/1.8/gems/httpclient-2.1.5.2/lib/httpclient.rb:596:in `post'
> from /usr/local/lib/ruby/1.8/soap/streamHandler.rb:170:in `send_post'
> from /usr/local/lib/ruby/1.8/soap/streamHandler.rb:109:in `send'
> from /usr/local/lib/ruby/1.8/soap/rpc/proxy.rb:170:in `route'
> from /usr/local/lib/ruby/1.8/soap/rpc/proxy.rb:141:in `call'
> from /usr/local/lib/ruby/1.8/soap/rpc/driver.rb:178:in `call'
> from /usr/local/lib/ruby/1.8/soap/rpc/driver.rb:232:in `authenticate'
> from /u/apps/divine_caroline/releases/20110325223326/lib/registration_service.rb:215:in `authenticate'
>
> ===================
>
> Some Notes:
> I have been able to successfully run this code from CentOS 5.4 built server using the 0.9.8e openssl libraries. So, it seems there are other differences between centOS 5.4 and RHEL4 (other than openssl) that cause it not to work.
>
> Any insight would be appreciated.
>
> Mike
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> For additional commands, e-mail: httpclient-users-help@hc.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org