SSL problem with embedded ruby on Windows?


#1

Hi,

I seem to have a problem with the embedded ruby when running on windows. It
looks like the cacert.pem file is not located correctly:

C:>irb
irb(main):001:0> require ‘open-uri’
=> true
irb(main):002:0> open "https://google.com"
OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3 read
server certificate B: certificate verify failed
from C:/opscode/chef/embedded/lib/ruby/1.9.1/net/http.rb:799:in
`connect’

Not sure if this is expected or not. Setting SSL_CERT_FILE solves the
issue.

There seems to be at least two ca-bundle.pem files in the embedded ruby,
but not sure if they are supposed to be located automagically?

/Jeppe


#2

Right. This is known issue for Windows. We have bug in JIRA to ship the
certificate (self-signed) as part of Chef as we do in linux. Once that is
fixed, SSL_CERT_FILE will not be required.

Regards*,*
Chirag Jog
Chief Technology Officer,
Clogeny Technologies | http://clogeny.com
(M) 0091-9766619440 | Skype: chirag.jog

On Fri, Jun 14, 2013 at 1:14 PM, Jeppe Nejsum Madsen jeppe@ingolfs.dkwrote:

Hi,

I seem to have a problem with the embedded ruby when running on windows.
It looks like the cacert.pem file is not located correctly:

C:>irb
irb(main):001:0> require ‘open-uri’
=> true
irb(main):002:0> open "https://google.com"
OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3 read
server certificate B: certificate verify failed
from C:/opscode/chef/embedded/lib/ruby/1.9.1/net/http.rb:799:in
`connect’

Not sure if this is expected or not. Setting SSL_CERT_FILE solves the
issue.

There seems to be at least two ca-bundle.pem files in the embedded ruby,
but not sure if they are supposed to be located automagically?

/Jeppe


#3

Chirag Jog chirag@clogeny.com writes:

Right. This is known issue for Windows. We have bug in JIRA to ship the
certificate (self-signed) as part of Chef as we do in linux. Once that is
fixed, SSL_CERT_FILE will not be required.

Great, thanks for the heads up.

/Jeppe


#4

The readme on github talks about this, and the latest changes to knife-google on github include a better error message in this case. As Chirag says, including cacert.pem with omnibus Chef on Windows is the correct fix and is in progress at the moment.

The issue for this plug-in is tracked at http://tickets.opscode.com/browse/KNIFE-279.

Jeppe, great to see that you’re using this plug-in on Windows.

-Adam

From: Chirag Jog <chirag@clogeny.commailto:chirag@clogeny.com>
Date: Friday, June 14, 2013 12:56 AM
To: "chef@lists.opscode.commailto:chef@lists.opscode.com" <chef@lists.opscode.commailto:chef@lists.opscode.com>, Adam Edwards <adamed@opscode.commailto:adamed@opscode.com>
Subject: Re: [chef] SSL problem with embedded ruby on Windows?

Right. This is known issue for Windows. We have bug in JIRA to ship the certificate (self-signed) as part of Chef as we do in linux. Once that is fixed, SSL_CERT_FILE will not be required.

Regards,
Chirag Jog
Chief Technology Officer,
Clogeny Technologies | http://clogeny.comhttp://clogeny.com/
(M) 0091-9766619440 | Skype: chirag.jog

On Fri, Jun 14, 2013 at 1:14 PM, Jeppe Nejsum Madsen <jeppe@ingolfs.dkmailto:jeppe@ingolfs.dk> wrote:
Hi,

I seem to have a problem with the embedded ruby when running on windows. It looks like the cacert.pem file is not located correctly:

C:>irb
irb(main):001:0> require ‘open-uri’
=> true
irb(main):002:0> open "https://google.com"
OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
from C:/opscode/chef/embedded/lib/ruby/1.9.1/net/http.rb:799:in `connect’

Not sure if this is expected or not. Setting SSL_CERT_FILE solves the issue.

There seems to be at least two ca-bundle.pem files in the embedded ruby, but not sure if they are supposed to be located automagically?

/Jeppe