This help site has been deprecated. Please send your requests to support@rubygems.org

Unable to connect to rubygems.org from our linux server. Handshake_failure

Suresh Kongara's Avatar

Suresh Kongara

15 Feb, 2021 11:57 PM

Hello team, I was trying to install logstash plugins in a Linux server in cloud(Amazon Linux AMI 2016.09). and got the error that the server is not able to download data from https://rubygems.org. Handshake_failure

Command used to install plugin: sudo /usr/share/logstash/bin/logstash-plugin install logstash-filter-environment

Error log: Validating logstash-filter-environment
Unable to download data from https://rubygems.org - Received fatal alert: handshake_failure (https://api.rubygems.org/latest_specs.4.8.gz)
ERROR: Installation aborted, verification failed for logstash-filter-environment

Tried to access this website from this server with this command: w3m https://rubygems.org
Error log: Bad cert ident from rubygems.org: dNSName=j.sni.global.fastly.net

I can successfully wget https://rubygems.org/latest_specs.4.8.gz from the server and it got downloaded successfully.

Got this issue with Ruby 2.0, so upgraded version to Ruby 3.0 and still the same error.

Please let me know if you know any solutions.

  1. Support Staff 1 Posted by sonalkr132 on 16 Feb, 2021 06:17 AM

    sonalkr132's Avatar

    Hi Suresh,

    w3m https://rubygems.org Error log: Bad cert ident from rubygems.org: dNSName=j.sni.global.fastly.net

    Can you please check which IP address is this connecting to? This is working on my system. please confirm you are using the latest version.

    Make sure you are using the latest rubygems version and try adding/updating ca-certificates package on your host. If this doesn't work, it would be helpful if you can share steps to reproduce this, with ami id and commands you ran. Also, please share output of following command:

    curl -Lks 'https://git.io/rg-ssl' | ruby
    
  2. 2 Posted by Suresh Kongara on 16 Feb, 2021 07:51 AM

    Suresh Kongara's Avatar

    Hi these are the details,

    IP address i am connecting to:
    [root@ip-10-65-0-91 rubygems.org]# nslookup rubygems.org
    Server: 10.65.227.23
    Address: 10.65.227.23#53

    Non-authoritative answer:
    Name: rubygems.org
    Address: 151.101.66.132
    Name: rubygems.org
    Address: 151.101.2.132
    Name: rubygems.org
    Address: 151.101.194.132
    Name: rubygems.org
    Address: 151.101.130.132

    I have updated to the latest versions:
    [root@ip-10-65-0-91 ~]# ruby -v
    ruby 3.0.0p0 (2020-12-25 revision 95aff21468) [x86_64-linux]

    [root@ip-10-65-0-91 ~]# gem --version
    3.2.3

    Checked the certificates:
    [root@ip-10-65-0-91 rubygems.org]# ls
    GlobalSignRootCA.pem GlobalSignRootCA_R3.pem GlobalSignRootCA_R3.pem.1
    [root@ip-10-65-0-91 rubygems.org]# pwd
    /usr/local/rvm/rubies/ruby-3.0.0/lib/ruby/3.0.0/rubygems/ssl_certs/rubygems.org

    Still have the same error. Sharing the commands to reproduce the error.
    1. wget https://artifacts.elastic.co/downloads/logstash/logstash-5.2.2.rpm
    2. rpm -Uvh logstash-5.2.2.rpm
    3. sudo /usr/share/logstash/bin/logstash-plugin install logstash-filter-environment

    AMI ID: ami-6536791d
    OS : Amazon Linux AMI 2018.03

    [root@ip-10-65-0-91 ~]# curl -Lks 'https://git.io/rg-ssl' | ruby
    Here's your Ruby and OpenSSL environment:

    Ruby: 3.0.0p0 (2020-12-25 revision 95aff214687a5e12c3eb57d056665741e734c188) [x86_64-linux]
    RubyGems: 3.2.3
    Bundler: 2.2.10
    Compiled with: OpenSSL 1.0.2k 26 Jan 2017
    Loaded version: OpenSSL 1.0.2k-fips 26 Jan 2017
    SSL_CERT_FILE: /etc/pki/tls/cert.pem
    SSL_CERT_DIR: /etc/pki/tls/certs

    With that out of the way, let's see if you can connect to rubygems.org...

    Bundler connection to rubygems.org: success ✅
    RubyGems connection to rubygems.org: success ✅
    Ruby net/http connection to rubygems.org: success ✅

    Hooray! This Ruby can connect to rubygems.org. You are all set to use Bundler and RubyGems. 

    Thank you.

  3. Support Staff 3 Posted by sonalkr132 on 22 Feb, 2021 03:57 AM

    sonalkr132's Avatar

    Hi,

    logstash doesn't uses MRI ruby. It uses Jruby:

    $ sudo cat /usr/share/logstash/bin/logstash-plugin
    #!/bin/sh
    unset CDPATH
    .  "$(cd dirname $0/..; pwd)/bin/logstash.lib.sh"
    setup
    #bin/logstash-plugin is a short lived ruby script thus we can use aggressive "faster starting JRuby options"
    export JRUBY_OPTS="$JRUBY_OPTS -J-XX:+TieredCompilation -J-XX:TieredStopAtLevel=1 -J-noverify -X-C -Xcompile.invokedynamic=false"
    

    As far as I can tell, the vendored version of jruby is too old and doesn't support SNI:

    $ sudo /usr/share/logstash/vendor/jruby/bin/jruby -v
    jruby 1.7.25 (1.9.3p551) 2016-04-13 867cb81 on OpenJDK 64-Bit Server VM 1.8.0_171-b10 +jit [linux-amd64]
    You will need to find a way to update jruby vendored with logstash. Alternatively, you can use slightly newer logstash, I have verified that logstash-5.6.16 works.
  4. 4 Posted by Suresh Kongara on 23 Feb, 2021 05:27 PM

    Suresh Kongara's Avatar

    Thank you for the insights. The version 5.6.16 works for me.

  5. sonalkr132 closed this discussion on 12 Mar, 2021 09:12 AM.

Discussions are closed to public comments.
If you need help with RubyGems.org please start a new discussion.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac