kroe761 kroe761 - 4 months ago 23
Ruby Question

RestClient.get returning certificate verify failed

I am trying hit an internal testing API server using RestClient and Ruby v. 2.2.1.

This is essentially the code:

url = "https://10.10.0.10/thing/i/want/to/get"
header = {
:content_type => "application/json",
:"x-auth-token" => "testingtoken"
}
response = RestClient.get url, header


This is the failure message I get:

SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (RestClient::SSLCertificateNotVerified)


If I'm reading this right, it looks like Ruby couldn't accept the SSL security certificate. This call works in the Chrome app Postman, but in order for it to work, I have to hit the URL in Chrome itself and accept that the connection is not secure (but proceed anyway), and THEN it will work in postman.

Is there a way to ignore the certificate failures and proceed anyway in Ruby?

Answer

Try using #execute(&block) with verify_ssl set to false.

:verify_ssl enable ssl verification, possible values are constants from OpenSSL::SSL::VERIFY_*, defaults to OpenSSL::SSL::VERIFY_PEER

url = "https://10.10.0.10/thing/i/want/to/get"
headers = {
  :content_type => "application/json",
  :"x-auth-token" => "testingtoken"
}

RestClient::Request.execute(
  :url => url, 
  :method => :get, 
  :headers => headers,
  :verify_ssl => false
)

see: http://www.rubydoc.info/github/rest-client/rest-client/RestClient/Request#execute-instance_method


RVM

Additional solution for RVM users from: https://toadle.me/2015/04/16/fixing-failing-ssl-verification-with-rvm.html

This discussion on Github [https://github.com/rvm/rvm/issues/3330] finally gave the solution: Somehow RVM comes with a precompiled version of ruby that is statically linked against an openssl that looks into /etc/openssl for it's certificates.

What you wanna do is NOT TO USE any of the precompiled rubies and rather have ruby compiled on your local machine, like so: rvm install 2.2.0 --disable-binary

Comments