Ruby and OpenSSL certificates
I recently upgraded to Mountain Lion and reinstalled Ruby 1.9.3 with RVM. Today I needed some SSL connections to interface with a payment gateway in a Rails application and this error showed up:
SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
The OpenSSL library can't verify the Certificate Authority (CA) the certificate from the responding server is signed against and breaks. Certificates are verified using a chain of trust. The certficate should be verified by his parent, which, in his turn should be verified by his parent untill you reach a root certificate.
SSL::VERIFY_NONEA lot of resources on the web seem to take the easy route: not verifying certificates with OpenSSL::SSL::VERIFY_NONE. While this works, it's insecure. Why use SSL if you don't intend to use its advantages? Not verifying a certificate means you simply trust the remote server is who he claims to be, not who he really is. That might be acceptable for your personal website but not for a payment gateway. James Golick worte a nice article explaining his fight against SSL::VERIFY_NONE.
The Certificate Authority (CA) bundle
You'll need a CA bundle. The cURL website maintains a version of the Mozilla CA bundle in PEM format. Grab one of their certificates.
Once dowloaded you can tell Net::HTTP to use this certificate:
require "net/https" https = Net::HTTP.new("encrypted.google.com", 443) https.use_ssl = true https.ca_file = "path_to_certificate"; https.request_get("/")
Or, my prefered way, you can use an environment variable and not have hard coded paths:
Or, install it in your RVM directory: Fix OpenSSL Error on Mountain Lion (and RVM)