Tommyixi Tommyixi - 7 months ago 216
Ruby Question

SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed MAC

I'm attempting to use the SoundCloud SDK for user authentication. My first route after a user clicks "sign in":

get "/login" do
client = Soundcloud.new(:client_id => 'MY_ID',
:client_secret => 'MY_SECRET',
:redirect_uri => 'http://localhost:9393/signed_in')

redirect client.authorize_url()

end


I then have the next route where they are redirected:

get "/signed_in" do
client = Soundcloud.new(:client_id => '16d6ada1a0cfc5009f7d59d203a13b2f',
:client_secret => '845df7d44dc4e359fedc8ed5944d29a5',
:redirect_uri => 'http://localhost:9393/signed_in')

code = params[:code]
access_token = client.exchange_token(:code => code)

end


I can succesfully hit the redirect url and a code is passed back, but I receieve the following error from Sinatra:

OpenSSL::SSL::SSLError at /signed_in
SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed

I've read these popular articles:
http://railsapps.github.io/openssl-certificate-verify-failed.html

SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed

amongst many others

When I type:

rvm osx-ssl-certs status all


my result is
Certificates for /usr/local/etc/openssl/cert.pem: Up to date.

I'm currently using ruby 2.1.1 on Mac 10.6.8. I've gone thru about 20 stack overflow questions on this topic and I'm unable to move past this issue.

Answer
  1. Download http://curl.haxx.se/ca/ca-bundle.crt
  2. Copy certificate into /usr/local/etc/openssl/certs/
  3. Make omniauth.rb look like this:

    options = {
      scope: "email",
      :prompt => "select_account",
      access_type: 'offline',
      :client_options => {
        :ssl => {
          :ca_file => "/usr/local/etc/openssl/certs/ca-bundle.crt",
          :ca_path => "/usr/local/etc/openssl/certs"
        }
      }
    }
    
    Rails.application.config.middleware.use OmniAuth::Builder do
      provider :google_oauth2, Rails.application.secrets.client_id, Rails.application.secrets.client_secret, options
    end