SSL problems with RubyGems on Windows

Tonci Damjanic's Avatar

Tonci Damjanic

06 Nov, 2013 08:14 AM

Hello,

I'm starting a separate discussion because the SSL error seems to appear on Windows more often than on other platforms.

While I'm not sure why this happens, would it help if a reset-ssl-certs option were included into RubyGems? This action would clean any cached SSL certificates and re-download them from the source. Thoughts?

I'm receiving this error after running bundle update on Windows (RubyGems v2.1.10).

Error trace:

Gem::RemoteFetcher::FetchError: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (https://rubygems.global.ssl.fastly.net/gems/aws-sdk-1.24.0.gem)
An error occurred while installing aws-sdk (1.24.0), and Bundler cannot continue.
Make sure that `gem install aws-sdk -v '1.24.0'` succeeds before bundling.

Environment dump:

RubyGems Environment:
  - RUBYGEMS VERSION: 2.1.10
  - RUBY VERSION: 2.0.0 (2013-06-27 patchlevel 247) [i386-mingw32]
  - INSTALLATION DIRECTORY: C:/Ruby/Ruby200/lib/ruby/gems/2.0.0
  - RUBY EXECUTABLE: C:/Ruby/Ruby200/bin/ruby.exe
  - EXECUTABLE DIRECTORY: C:/Ruby/Ruby200/bin
  - SPEC CACHE DIRECTORY: C:/Users/Tonci/.gem/specs
  - RUBYGEMS PLATFORMS:
    - ruby
    - x86-mingw32
  - GEM PATHS:
     - C:/Ruby/Ruby200/lib/ruby/gems/2.0.0
     - C:/Users/Tonci/.gem/ruby/2.0.0
  - GEM CONFIGURATION:
     - :update_sources => true
     - :verbose => true
     - :backtrace => false
     - :bulk_threshold => 1000
  - REMOTE SOURCES:
     - https://rubygems.org/
  1. Support Staff 1 Posted by Luis Lavena on 06 Nov, 2013 12:54 PM

    Luis Lavena's Avatar

    Hello Tonci

    Seems lot of people is getting this issue, and seems to be related to the
    SSL certs.

    Can you check this issue at GitHub?

    https://github.com/rubygems/rubygems/issues/704

    Try downloading curl's cacert.pem and then set SSL_CERT_FILE to the full
    path of the file.

    Example, with cacert.pem downloaded as C:\Ruby200\cacert.pem:

    C:\>SET SSL_CERT_FILE=C:\Ruby200\cacert.pem

    And try gem installation again.

  2. 2 Posted by Tonci Damjanic on 16 Nov, 2013 01:13 PM

    Tonci Damjanic's Avatar

    Luis,

    Thanks for the reply. The problem seems to be intermittent, because I haven't experienced the issue for the past week. I did not install the custom PEM file on my computer.

    Also, RubyGems v2.1.11 was released in the meantime, which brought some certificate handling fixes. I'm not sure if that's related to the Fastly.net certificate error.

    I'll follow up here if the issue surfaces again.

  3. Support Staff 3 Posted by Luis Lavena on 16 Nov, 2013 03:56 PM

    Luis Lavena's Avatar

    Hello,

    I think both the cert and the following were related:

    https://twitter.com/rubygems_status/status/401107461328748544

  4. Support Staff 4 Posted by Eric Hodel on 17 Nov, 2013 05:37 PM

    Eric Hodel's Avatar

    Downloading new certificates should be done in securely, so if the certificates in RubyGems are out of date any updates can't be fetched.

    Also, the certificates in RubyGems will only work on RubyGems-related sites. You should have a complete set of certificates for communicating with other SSL-protected sites.

Reply to this discussion

Internal reply

Formatting help / Preview (switch to plain text) No formatting (switch to Markdown)

Attached Files

You can attach files up to 10MB

If you don't have an account yet, we need to confirm you're human and not a machine trying to post spam.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac