OpenSSL::SSL::SSLError

kxmoss · June 7, 2016, 2:13pm

I am all of a sudden getting the following error...

[2016-06-07T08:55:42-05:00] FATAL: Please provide the contents of the stacktrace.out file if you file a bug report
[2016-06-07T08:55:42-05:00] FATAL: OpenSSL::SSL::SSLError: machine_batch[default] (@recipe_files::C:/GIT Repositories/cookbook-relativity_scaled-autom
ation/recipes/automated_build_cluster_parallel.rb line 72) had an error: OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3 read serve
r certificate B: certificate verify failed

The StackTrace

Generated at 2016-06-07 08:55:42 -0500
OpenSSL::SSL::SSLError: machine_batch[default] (@recipe_files::C:/GIT Repositories/cookbook-relativity_scaled-automation/recipes/automated_build_cluster_parallel.rb line 72) had an error: OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
C:/Ruby21-x64/lib/ruby/2.1.0/net/http.rb:923:in `connect'
C:/Ruby21-x64/lib/ruby/2.1.0/net/http.rb:923:in `block in connect'
C:/Ruby21-x64/lib/ruby/2.1.0/timeout.rb:75:in `timeout'
C:/Ruby21-x64/lib/ruby/2.1.0/net/http.rb:923:in `connect'
C:/Ruby21-x64/lib/ruby/2.1.0/net/http.rb:863:in `do_start'
C:/Ruby21-x64/lib/ruby/2.1.0/net/http.rb:852:in `start'
C:/Ruby21-x64/lib/ruby/2.1.0/net/http.rb:583:in `start'
C:/Ruby21-x64/lib/ruby/gems/2.1.0/gems/vmware-vra-1.6.1/lib/vra/http.rb:39:in `call'
C:/Ruby21-x64/lib/ruby/gems/2.1.0/gems/vmware-vra-1.6.1/lib/vra/http.rb:7:in `execute'
C:/Ruby21-x64/lib/ruby/gems/2.1.0/gems/vmware-vra-1.6.1/lib/vra/client.rb:172:in `http_post'
C:/Ruby21-x64/lib/ruby/gems/2.1.0/gems/vmware-vra-1.6.1/lib/vra/client.rb:103:in `generate_bearer_token'
C:/Ruby21-x64/lib/ruby/gems/2.1.0/gems/vmware-vra-1.6.1/lib/vra/client.rb:87:in `authorize!'
C:/Ruby21-x64/lib/ruby/gems/2.1.0/gems/vmware-vra-1.6.1/lib/vra/client.rb:118:in `http_fetch'
C:/Ruby21-x64/lib/ruby/gems/2.1.0/gems/vmware-vra-1.6.1/lib/vra/client.rb:135:in `http_get'
C:/Ruby21-x64/lib/ruby/gems/2.1.0/gems/vmware-vra-1.6.1/lib/vra/client.rb:139:in `http_get!'
C:/Ruby21-x64/lib/ruby/gems/2.1.0/gems/vmware-vra-1.6.1/lib/vra/client.rb:144:in `get_parsed'
C:/Ruby21-x64/lib/ruby/gems/2.1.0/gems/vmware-vra-1.6.1/lib/vra/catalog_item.rb:45:in `fetch_catalog_item'
C:/Ruby21-x64/lib/ruby/gems/2.1.0/gems/vmware-vra-1.6.1/lib/vra/catalog_item.rb:38:in `initialize'
C:/Ruby21-x64/lib/ruby/gems/2.1.0/gems/vmware-vra-1.6.1/lib/vra/catalog_request.rb:36:in `new'
C:/Ruby21-x64/lib/ruby/gems/2.1.0/gems/vmware-vra-1.6.1/lib/vra/catalog_request.rb:36:in `initialize'
C:/Ruby21-x64/lib/ruby/gems/2.1.0/gems/vmware-vra-1.6.1/lib/vra/catalog.rb:38:in `new'
C:/Ruby21-x64/lib/ruby/gems/2.1.0/gems/vmware-vra-1.6.1/lib/vra/catalog.rb:38:in `request'
C:/Ruby21-x64/lib/ruby/gems/2.1.0/gems/chef-provisioning-vra-0.3.0/lib/chef/provisioning/vra_driver/driver.rb:162:in `catalog_request'
C:/Ruby21-x64/lib/ruby/gems/2.1.0/gems/chef-provisioning-vra-0.3.0/lib/chef/provisioning/vra_driver/driver.rb:143:in `create_resource'
C:/Ruby21-x64/lib/ruby/gems/2.1.0/gems/chef-provisioning-vra-0.3.0/lib/chef/provisioning/vra_driver/driver.rb:58:in `block in allocate_machine'
C:/Ruby21-x64/lib/ruby/gems/2.1.0/gems/chef-12.10.24-universal-mingw32/lib/chef/mixin/why_run.rb:52:in `add_action'
C:/Ruby21-x64/lib/ruby/gems/2.1.0/gems/chef-12.10.24-universal-mingw32/lib/chef/provider.rb:176:in `converge_by'
C:/Ruby21-x64/lib/ruby/gems/2.1.0/gems/chef-provisioning-1.7.1/lib/chef/provisioning/chef_provider_action_handler.rb:54:in `perform_action'
C:/Ruby21-x64/lib/ruby/gems/2.1.0/gems/chef-provisioning-1.7.1/lib/chef/provisioning/add_prefix_action_handler.rb:31:in `perform_action'
C:/Ruby21-x64/lib/ruby/gems/2.1.0/gems/chef-provisioning-vra-0.3.0/lib/chef/provisioning/vra_driver/driver.rb:57:in `allocate_machine'
C:/Ruby21-x64/lib/ruby/gems/2.1.0/gems/chef-provisioning-1.7.1/lib/chef/provisioning/driver.rb:241:in `block in allocate_machines'
C:/Ruby21-x64/lib/ruby/gems/2.1.0/gems/chef-12.10.24-universal-mingw32/lib/chef/chef_fs/parallelizer/parallel_enumerable.rb:267:in `call'
C:/Ruby21-x64/lib/ruby/gems/2.1.0/gems/chef-12.10.24-universal-mingw32/lib/chef/chef_fs/parallelizer/parallel_enumerable.rb:267:in `process_input'
C:/Ruby21-x64/lib/ruby/gems/2.1.0/gems/chef-12.10.24-universal-mingw32/lib/chef/chef_fs/parallelizer/parallel_enumerable.rb:257:in `process_one'
C:/Ruby21-x64/lib/ruby/gems/2.1.0/gems/chef-12.10.24-universal-mingw32/lib/chef/chef_fs/parallelizer.rb:93:in `call'
C:/Ruby21-x64/lib/ruby/gems/2.1.0/gems/chef-12.10.24-universal-mingw32/lib/chef/chef_fs/parallelizer.rb:93:in `worker_loop'

I've since upgraded to the latest chefdk, still got same issues. And I've configured my knife.rb to:

ssl_verify_mode :verify_none
trusted_certs_dir "#{current_dir}/trusted_certs"

I'm not sure what else to try...

Matt_Wrock · June 7, 2016, 8:01pm

Try setting verify_ssl to false in your chef-provisioning-vra driver config. That controls tyhe ssl validation level between you and the VRA server which it looks like where things are breaking down in your stack trace. The ssl_verify_mode in your knife.rb would likely have no effect here since that controls the validation level between you and your chef server.

r4hul · September 30, 2016, 6:40pm

@Matt_Wrock

I am facing a similar issue when using chef-provisioning-aws to provision a Windows box. I tried using option ssl_verify_mode: :verify_none under convergence options in machine resource but it doesn’t work and I still get the error. How to bypass the SSL verification now? Or do I need to place the chef server cert on my box before the chef client run, I thought it would automatically do a SSL cert fetch after client installation and before chef-client run?

Please help!

Thanks.

Matt_Wrock · September 30, 2016, 8:30pm

Setting ssl_verify_mode: :verify_none in the convergence options should allow your node to reach your chef server. The error displayed above is coming from the SSL connection between the maching running provisioning and the vRA server. See the vra driver readme re garding how to set SSL options there. In short it looks something like:

driver_options username: 'my@email.address',
               password: 's00pers33cret',
               tenant: 'vsphere.local',
               verify_ssl: false,
               max_wait_time: 1800

r4hul · September 30, 2016, 10:46pm

Yes. That worked after I re-did the converge from beginning (removed old node, re-ran the recipe to create new node).
Thanks!

Topic		Replies	Views
Kitchen converge returns OpenSSL::SSL::SSLError: SSL_connect Chef Infra (archive)	5	3674	May 25, 2016
OpenSSL::SSL::SSLError: certificate verify failed Chef Infra (archive)	10	8289	July 13, 2016
Kitchen-Verify causing SSL: certificate verification failure Chef Infra (archive)	3	3205	April 14, 2016
Trying to download a file via HTTPS Chef Infra (archive)	3	513	February 27, 2020
Chef 11.8 - certificate verify failed Chef Infra (archive)	2	1416	February 1, 2016

OpenSSL::SSL::SSLError

Related topics