tag:help.rubygems.org,2010-01-19:/discussions/problems/11197-sporadic-ssl-errorsRubyGems.org: Discussion 2018-10-18T19:51:19Ztag:help.rubygems.org,2010-01-19:Comment/294705642013-10-18T10:46:11Z2013-10-18T10:46:14ZSporadic SSL errors<div><p>Hi there,</p>
<p>I often get sporadic SSL errors when bundling. I can
<em>not</em> reliably reproduce the error, so I don't think it
simply a configuration issue on my end. Sometimes bundling works.
Often it doesn't. When it doesn't, I typically get halfway through
bundling when it exits with:</p>
<p>Could not verify the SSL certificate for <a href=
"https://rubygems.org/">https://rubygems.org/</a>.<br>
There is a chance you are experiencing a man-in-the-middle attack,
but most likely your system doesn't have the CA certificates needed
for verification. For information about OpenSSL certificates, see
bit.ly/ruby-ssl. To connect without<br>
using SSL, edit your Gemfile sources and change 'https' to
'http'.</p>
<p>I tried running "openssl s_client -connect rubygems.org:443" a
few times with the following result:</p>
<p><a href=
"https://gist.github.com/jonleighton/7039769">https://gist.github.com/jonleighton/7039769</a></p>
<p>Notice that it works the first two times, and then fails on the
third.</p>
<p>Is it possible that this could be some sort of load balancing
issue on rubygems.org?</p>
<p>Thanks for your time.</p>
<p>Jon</p>
<p>PS. I also asked on Twitter and it seems that others may have
similar issues: <a href=
"https://twitter.com/jonleighton/status/390903921528410112">https://twitter.com/jonleighton/status/390903921528410112</a>
(but note that I'm using MRI, not JRuby)</p></div>Jon Leightontag:help.rubygems.org,2010-01-19:Comment/294705642013-10-18T10:51:48Z2013-10-18T10:51:49ZSporadic SSL errors<div><p>Sometimes I also get:</p>
<p>OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0
state=SSLv3 read server hello A: wrong version numbe</p></div>Jon Leightontag:help.rubygems.org,2010-01-19:Comment/294705642013-10-21T01:32:31Z2013-10-21T01:32:33ZSporadic SSL errors<div><p>I seem to be experiencing both issues almost reliably. System is
Ubuntu 12.04, ruby version is 2.0.0p247, and RVM version is
1.23.10.</p></div>Endozetag:help.rubygems.org,2010-01-19:Comment/294705642013-10-21T12:49:06Z2013-10-21T12:49:07ZSporadic SSL errors<div><p>I'm also running 1.23.10 and I'm having the exact same issue
pulling gems for rubies 1.9.3 and 2.0.0. Sometimes it works,
sometimes it gets halfway through the Gemfile and throws that SSL
error and sometimes it throws it right after "Fetching source index
from <a href=
"https://rubygems.org/&quot">https://rubygems.org/&quot</a>;.</p></div>Matttag:help.rubygems.org,2010-01-19:Comment/294705642013-10-21T12:55:05Z2013-10-21T12:55:06ZSporadic SSL errors<div><p>Matt are you on Linux too? I run Fedora on my dev machine. So
I'm wondering if that's a common element.</p></div>Jon Leightontag:help.rubygems.org,2010-01-19:Comment/294705642013-10-21T14:09:34Z2013-10-21T14:09:36ZSporadic SSL errors<div><p>Ah yes, I forgot to add that I'm on Xubuntu 12.10 or 13.04,
after a good nice update && upgrade. I gotta check my
update history in apt, maybe something there is causing this
inconvenience.</p></div>Matttag:help.rubygems.org,2010-01-19:Comment/294705642013-10-21T16:43:40Z2013-10-21T16:43:41ZSporadic SSL errors<div><p>I had the same problem, but updating <code>rubygems</code>
solved the problem for me. It may be connected to the following:
<a href=
"https://github.com/rubygems/rubygems/blob/e0f36770d0df08ad02beb0474a341aa3a4378f1f/History.txt#L94">
https://github.com/rubygems/rubygems/blob/e0f36770d0df08ad02beb0474...</a></p></div>Fabiantag:help.rubygems.org,2010-01-19:Comment/294705642013-10-21T17:20:02Z2013-10-21T17:20:03ZSporadic SSL errors<div><p>I'm using Rubygems 2.1.9 and still seeing the problem.</p></div>Jon Leightontag:help.rubygems.org,2010-01-19:Comment/294705642013-10-22T08:27:50Z2013-10-22T08:27:51ZSporadic SSL errors<div><p>We've been dealing with this on Semaphore too, with the
following setup:</p>
<ul>
<li>Ubuntu 12.04 with latest base packages</li>
<li>RubyGems 2.1.9</li>
<li>any Ruby it seems</li>
</ul>
<p>Upgrading RubyGems is one step but if you read what people
who've really solved it on <a href=
"http://stackoverflow.com/questions/19150017/ssl-error-when-installing-rubygems-unable-to-pull-data-from-https-rubygems-o/19151697#19151697">
Mac OS with RVM</a> did, the second step is to somehow update the
root certificates on the system.</p>
<p>The problem on Linux (somehow only now exposed) seems to be that
Ruby's OpenSSL wrapper is looking at the wrong place for root
certificates. On Ubuntu these are provided by the
<code>ca-certificates</code> package. See eg <a href=
"http://stackoverflow.com/q/10728436/6634">this discussion on
SO</a>.</p>
<p>So our <a href=
"https://semaphoreapp.com/blog/2013/10/19/rubygems-update-and-jruby-175.html">
current solution</a> is latest RubyGems + setting the
<code>SSL_CERT_FILE</code> environment variable. Still need to wait
a bit for lack of error reports from users though, because it is
not possible to reproduce the error reliably.</p></div>markotag:help.rubygems.org,2010-01-19:Comment/294705642013-10-22T11:45:06Z2013-10-22T11:45:08ZSporadic SSL errors<div><p>I don't think it's a certificates issue on my system. Everything
looks up to date and ok on that front as far as I can tell.</p>
<p>I edited by lib/bundler/fetcher.rb to turn on debugging on the
net-http-persistent connection. This is what a failure looks like:
<a href=
"https://gist.github.com/jonleighton/7099162">https://gist.github.com/jonleighton/7099162</a></p>
<p>I'm not sure what to make of that, but it seems possible it
might be a bug in net-http-persistent to do with the retrying
functionality.</p></div>Jon Leightontag:help.rubygems.org,2010-01-19:Comment/294705642013-10-22T16:41:25Z2013-10-22T16:41:26ZSporadic SSL errors<div><p>Same issue on a Mac. Sporadic, seemingly random SSL errors.</p></div>hakan.ensaritag:help.rubygems.org,2010-01-19:Comment/294705642013-10-23T10:35:55Z2013-10-23T10:35:56ZSporadic SSL errors<div><p>@Jon, how is your Ruby installed (rvm, rbenv, package, manual
compilation)?</p></div>markotag:help.rubygems.org,2010-01-19:Comment/294705642013-10-23T11:14:57Z2013-10-23T11:14:58ZSporadic SSL errors<div><p>rbenv</p></div>Jon Leightontag:help.rubygems.org,2010-01-19:Comment/294705642013-10-23T20:15:51Z2013-10-23T20:15:53ZSporadic SSL errors<div><p>OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0
state=SSLv3 read server hello A: wrong version number</p>
<p>I'm experiencing this on my Bamboo build server. It's irritating
to be getting constant build failures when running tests or
deploying to heroku, where the problem also seems to manifest, but
much rarer.</p>
<p>Bamboo takes 3 or 4 tries to successfully bundle, heroku fails
maybe 1 out of 6 deploys.</p>
<p>I don't know off the top of my head what custom version of linux
Bamboo runs on, but this occurs with whatever my previous version
was, and my newly updated rubygems, no rbenv or rvm.</p>
<p>Heroku has their own stack, too.</p>
<p>Interestingly this hasn't happened once on my Mac with rbenv,
locally, old version of rubygems, on Lion nor Mavericks, rubies MRI
1.9, 2.0, 2.1, or rbx 2.0.</p></div>devtag:help.rubygems.org,2010-01-19:Comment/294705642013-11-01T20:29:58Z2013-11-01T20:29:58ZSporadic SSL errors<div><p>Also seeing the SSL certificate error a lot here. Mac OS X 10.9
Mavericks with Ruby 2.0 installed with chruby.</p></div>Nathan Youngmantag:help.rubygems.org,2010-01-19:Comment/294705642013-11-03T13:56:26Z2013-11-03T13:56:30ZSporadic SSL errors<div><p>I'm also receiving the same error after running <code>bundle
update</code> on Windows (RubyGems v2.1.10).</p>
<p>Error trace:</p>
<pre>
<code>Gem::RemoteFetcher::FetchError: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (https://rubygems.global.ssl.fastly.net/gems/aws-sdk-1.24.0.gem)
An error occurred while installing aws-sdk (1.24.0), and Bundler cannot continue.
Make sure that `gem install aws-sdk -v '1.24.0'` succeeds before bundling.</code>
</pre>
<p>Environment dump:</p>
<pre>
<code>RubyGems Environment:
- RUBYGEMS VERSION: 2.1.10
- RUBY VERSION: 2.0.0 (2013-06-27 patchlevel 247) [i386-mingw32]
- INSTALLATION DIRECTORY: C:/Ruby/Ruby200/lib/ruby/gems/2.0.0
- RUBY EXECUTABLE: C:/Ruby/Ruby200/bin/ruby.exe
- EXECUTABLE DIRECTORY: C:/Ruby/Ruby200/bin
- SPEC CACHE DIRECTORY: C:/Users/Tonci/.gem/specs
- RUBYGEMS PLATFORMS:
- ruby
- x86-mingw32
- GEM PATHS:
- C:/Ruby/Ruby200/lib/ruby/gems/2.0.0
- C:/Users/Tonci/.gem/ruby/2.0.0
- GEM CONFIGURATION:
- :update_sources => true
- :verbose => true
- :backtrace => false
- :bulk_threshold => 1000
- REMOTE SOURCES:
- https://rubygems.org/</code>
</pre></div>Tonci Damjanictag:help.rubygems.org,2010-01-19:Comment/294705642013-11-03T14:44:20Z2013-11-03T14:44:20ZSporadic SSL errors<div><p>Occasionally I also receive the same error on mac, with ruby
2.0.0p247 (2013-06-27 revision 41674) [x86_64-darwin12.4.0], and
rvm</p></div>neotag:help.rubygems.org,2010-01-19:Comment/294705642013-11-08T00:46:33Z2013-11-08T00:46:34ZSporadic SSL errors<div><p>Correction: I'm experiencing widespread SSL issues on OS X
Mavericks (with fog/excon/etc.) so I suspect it's a problem with my
Ruby installation and not specific to RubyGems.</p></div>Nathan Youngmantag:help.rubygems.org,2010-01-19:Comment/294705642013-11-08T00:53:16Z2013-11-08T00:53:18ZSporadic SSL errors<div><p>This occurred to me before the Mavericks update.</p></div>devtag:help.rubygems.org,2010-01-19:Comment/294705642013-11-14T16:07:56Z2015-08-25T05:44:56ZSporadic SSL errors<div><p>Happened just now:</p>
<pre>
<code>Bundler::Fetcher::CertificateFailureError: Could not verify the SSL certificate for https://rubygems.org/.
There is a chance you are experiencing a man-in-the-middle attack, but most likely your system doesn't have the CA certificates needed for verification. For information about OpenSSL certificates, see bit.ly/ruby-ssl. To connect without using SSL, edit your Gemfile sources and change 'https' to 'http'.
An error occurred while installing activemerchant (1.37.0), and Bundler cannot continue.
Make sure that `gem install activemerchant -v '1.37.0'` succeeds before bundling.</code>
</pre>
<p>Environment: ruby-p247, openssl 1.0.1e, bundler 1.3.5, OS X
10.8.5 (12F45).</p></div>glex.spbtag:help.rubygems.org,2010-01-19:Comment/294705642013-11-19T15:45:31Z2013-11-19T15:45:31ZSporadic SSL errors<div><p>Experienced this yesterday and today, on different computers on
different networks. Both Ubuntu 12.04 using RVM.</p>
<p>This is crippling.</p></div>Tasstag:help.rubygems.org,2010-01-19:Comment/294705642013-11-19T22:54:37Z2013-11-19T22:54:39ZSporadic SSL errors<div><p>Seeing this issue as well on Ubuntu precise in production.
rubygems 2.1.11 across the board. We've got these failures coming
out of bundler a few times of day:</p>
<pre>
<code>OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3 read server hello A: wrong version number</code>
</pre>
<p>definitely sporadic.</p></div>mkenttag:help.rubygems.org,2010-01-19:Comment/294705642013-11-20T18:14:09Z2013-11-20T18:14:10ZSporadic SSL errors<div><p>Just happened to me as well.</p>
<p>I'm on Mavericks, ruby 2.0, rails 4.0, rbenv 0.4.0, rubygems
2.1.11</p></div>Amed Rodrigueztag:help.rubygems.org,2010-01-19:Comment/294705642013-11-23T14:57:09Z2013-11-23T14:57:10ZSporadic SSL errors<div><p>this solved the problem for me: <a href=
"http://railsapps.github.io/openssl-certificate-verify-failed.html">
http://railsapps.github.io/openssl-certificate-verify-failed.html</a></p></div>Adria Walkertag:help.rubygems.org,2010-01-19:Comment/294705642013-11-25T01:42:49Z2013-11-25T01:42:49ZSporadic SSL errors<div><p>true</p></div>ShefIrrencetag:help.rubygems.org,2010-01-19:Comment/294705642013-11-27T21:41:56Z2013-11-27T21:41:56ZSporadic SSL errors<div><p>It might also be a good idea to make sure rubygems.org passes
with the SSL Labs system: <a href=
"https://www.ssllabs.com/ssltest/analyze.html?d=rubygems.org">https://www.ssllabs.com/ssltest/analyze.html?d=rubygems.org</a>
.. currently it scores a "C".</p>
<p>I can't say for sure it's the source of the issues on the server
side, but I'd probably fix the obvious issues this reports first
before digging in and debugging further.</p>
<p>Feel free to email me if you'd like a hand with this.</p></div>Dan Kubbtag:help.rubygems.org,2010-01-19:Comment/294705642013-12-23T21:50:42Z2013-12-23T21:50:43ZSporadic SSL errors<div><p>Our CircleCI builds are still failing sporadically.</p>
<pre>
<code>Bundler::Fetcher::CertificateFailureError: Could not verify the SSL certificate for https://rubygems.org/.
There is a chance you are experiencing a man-in-the-middle attack, but most likely your system doesn't have the CA certificates needed for verification.</code>
</pre>
<p>Should CircleCI be taking some action?</p></div>Jared Becktag:help.rubygems.org,2010-01-19:Comment/294705642014-01-02T03:27:34Z2014-01-02T03:27:35ZSporadic SSL errors<div><p>I'm experiencing the same issue on Windows.</p>
<pre>
<code>Updating https://github.com/codahale/bcrypt-ruby.git
Fetching source index from http://gemcutter.org/
Fetching source index from https://rubygems.org/
Resolving dependencies...
Could not verify the SSL certificate for
https://rubygems.org/quick/Marshal.4.8/haml-rails-0.5.1.gemspec.rz.
There is a chance you are experiencing a man-in-the-middle attack, but most
likely your system doesn't have the CA certificates needed for verification. For
information about OpenSSL certificates, see bit.ly/ruby-ssl. To connect without
using SSL, edit your Gemfile sources and change 'https' to 'http'.</code>
</pre>
<p>These are the sources from my Gemfile</p>
<pre>
<code>source 'http://rubygems.org'
source 'http://gemcutter.org'</code>
</pre>
<p>I can't work on the project currently since my version was out
of date on my main development machine, and now I cannot update.
I'm prevented from getting anything done as a result! Any ideas for
help anyone?</p></div>Paultag:help.rubygems.org,2010-01-19:Comment/294705642014-04-16T18:10:13Z2014-04-16T18:10:13ZSporadic SSL errors<div><p>Is this still happening? Also, I would remove gemcutter.org as a
source. It's now rubygems.org! :)</p></div>Nick Quarantotag:help.rubygems.org,2010-01-19:Comment/294705642014-12-09T03:17:10Z2014-12-09T03:17:12ZSporadic SSL errors<div><p>Nick,<br>
Yes, I'm seeing it again today from Travis-ci: <a href=
"https://travis-ci.org/projecthydra/sufia/jobs/43424620">https://travis-ci.org/projecthydra/sufia/jobs/43424620</a></p></div>Justin Coyne