tag:help.rubygems.org,2010-01-19:/discussions/problems/39670-unable-to-connect-to-rubygemsorg-from-our-linux-server-handshake_failureRubyGems.org: Discussion 2021-03-12T09:12:25Ztag:help.rubygems.org,2010-01-19:Comment/490372682021-02-16T06:17:39Z2021-02-16T06:17:39ZUnable to connect to rubygems.org from our linux server. Handshake_failure<div><p>Hi Suresh,</p>
<blockquote>
<p>w3m <a href="https://rubygems.org">https://rubygems.org</a> Error log: Bad cert ident from rubygems.org: dNSName=j.sni.global.fastly.net</p>
</blockquote>
<p>Can you please check which IP address is this connecting to? This is working on my system. please confirm you are using the latest version.</p>
<p>Make sure you are using the latest rubygems version and try adding/updating ca-certificates package on your host. If this doesn't work, it would be helpful if you can share steps to reproduce this, with ami id and commands you ran. Also, please share output of following command:<br></p>
<pre>
<code>curl -Lks 'https://git.io/rg-ssl' | ruby</code>
</pre></div>sonalkr132tag:help.rubygems.org,2010-01-19:Comment/490372682021-02-16T07:51:36Z2021-02-16T07:51:37ZUnable to connect to rubygems.org from our linux server. Handshake_failure<div><p>Hi these are the details,</p>
<p>IP address i am connecting to:<br>
[root@ip-10-65-0-91 rubygems.org]# nslookup rubygems.org Server: 10.65.227.23<br>
Address: 10.65.227.23#53</p>
<p>Non-authoritative answer:<br>
Name: rubygems.org<br>
Address: 151.101.66.132<br>
Name: rubygems.org<br>
Address: 151.101.2.132<br>
Name: rubygems.org<br>
Address: 151.101.194.132<br>
Name: rubygems.org<br>
Address: 151.101.130.132</p>
<p>I have updated to the latest versions:<br>
[root@ip-10-65-0-91 ~]# ruby -v ruby 3.0.0p0 (2020-12-25 revision 95aff21468) [x86_64-linux]</p>
<p>[root@ip-10-65-0-91 ~]# gem --version 3.2.3</p>
<p>Checked the certificates:<br>
[root@ip-10-65-0-91 rubygems.org]# ls GlobalSignRootCA.pem GlobalSignRootCA_R3.pem GlobalSignRootCA_R3.pem.1<br>
[root@ip-10-65-0-91 rubygems.org]# pwd /usr/local/rvm/rubies/ruby-3.0.0/lib/ruby/3.0.0/rubygems/ssl_certs/rubygems.org</p>
<p>Still have the same error. Sharing the commands to reproduce the error.<br>
1. wget <a href="https://artifacts.elastic.co/downloads/logstash/logstash-5.2.2.rpm">https://artifacts.elastic.co/downloads/logstash/logstash-5.2.2.rpm</a><br>
2. rpm -Uvh logstash-5.2.2.rpm<br>
3. sudo /usr/share/logstash/bin/logstash-plugin install logstash-filter-environment</p>
<p>AMI ID: ami-6536791d<br>
OS : Amazon Linux AMI 2018.03</p>
<p>[root@ip-10-65-0-91 ~]# curl -Lks '<a href="https://git.io/rg-ssl">https://git.io/rg-ssl</a>' | ruby Here's your Ruby and OpenSSL environment:</p>
<p>Ruby: 3.0.0p0 (2020-12-25 revision 95aff214687a5e12c3eb57d056665741e734c188) [x86_64-linux]<br>
RubyGems: 3.2.3<br>
Bundler: 2.2.10<br>
Compiled with: OpenSSL 1.0.2k 26 Jan 2017<br>
Loaded version: OpenSSL 1.0.2k-fips 26 Jan 2017<br>
SSL_CERT_FILE: /etc/pki/tls/cert.pem<br>
SSL_CERT_DIR: /etc/pki/tls/certs</p>
<p>With that out of the way, let's see if you can connect to rubygems.org...</p>
<p>Bundler connection to rubygems.org: success ✅<br>
RubyGems connection to rubygems.org: success ✅<br>
Ruby net/http connection to rubygems.org: success ✅</p>
<p>Hooray! This Ruby can connect to rubygems.org. You are all set to use Bundler and RubyGems. </p>
<p>Thank you.</p></div>Suresh Kongaratag:help.rubygems.org,2010-01-19:Comment/490372682021-02-22T03:57:10Z2021-02-22T03:57:10ZUnable to connect to rubygems.org from our linux server. Handshake_failure<div><p>Hi,</p>
<p>logstash doesn't uses MRI ruby. It uses Jruby:<br></p>
<pre>
<code>$ sudo cat /usr/share/logstash/bin/logstash-plugin
#!/bin/sh
unset CDPATH
. "$(cd <code>dirname $0</code>/..; pwd)/bin/logstash.lib.sh"
setup
#bin/logstash-plugin is a short lived ruby script thus we can use aggressive "faster starting JRuby options"
export JRUBY_OPTS="$JRUBY_OPTS -J-XX:+TieredCompilation -J-XX:TieredStopAtLevel=1 -J-noverify -X-C -Xcompile.invokedynamic=false"</code>
</pre>
<p>As far as I can tell, the vendored version of jruby is too old and doesn't support SNI:<br></p>
<pre>
<code>$ sudo /usr/share/logstash/vendor/jruby/bin/jruby -v<br>jruby 1.7.25 (1.9.3p551) 2016-04-13 867cb81 on OpenJDK 64-Bit Server VM 1.8.0_171-b10 +jit [linux-amd64]</code>
</pre>
You will need to find a way to update jruby vendored with logstash. Alternatively, you can use slightly newer logstash, I have verified that logstash-5.6.16 works.</div>sonalkr132tag:help.rubygems.org,2010-01-19:Comment/490372682021-02-23T17:27:58Z2021-02-23T17:27:59ZUnable to connect to rubygems.org from our linux server. Handshake_failure<div><p>Thank you for the insights. The version 5.6.16 works for me.</p></div>Suresh Kongara