Tommyixi Tommyixi - 1 year ago 371
Ruby Question

SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed MAC

I'm attempting to use the SoundCloud SDK for user authentication. My first route after a user clicks "sign in":

get "/login" do
client = Soundcloud.new(:client_id => 'MY_ID',
:client_secret => 'MY_SECRET',
:redirect_uri => 'http://localhost:9393/signed_in')

redirect client.authorize_url()

end


I then have the next route where they are redirected:

get "/signed_in" do
client = Soundcloud.new(:client_id => '16d6ada1a0cfc5009f7d59d203a13b2f',
:client_secret => '845df7d44dc4e359fedc8ed5944d29a5',
:redirect_uri => 'http://localhost:9393/signed_in')

code = params[:code]
access_token = client.exchange_token(:code => code)

end


I can succesfully hit the redirect url and a code is passed back, but I receieve the following error from Sinatra:

OpenSSL::SSL::SSLError at /signed_in
SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed

I've read these popular articles:
http://railsapps.github.io/openssl-certificate-verify-failed.html

SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed

amongst many others

When I type:

rvm osx-ssl-certs status all


my result is
Certificates for /usr/local/etc/openssl/cert.pem: Up to date.

I'm currently using ruby 2.1.1 on Mac 10.6.8. I've gone thru about 20 stack overflow questions on this topic and I'm unable to move past this issue.

Answer Source
  1. Download http://curl.haxx.se/ca/ca-bundle.crt
  2. Copy certificate into /usr/local/etc/openssl/certs/
  3. Make omniauth.rb look like this:

    options = {
      scope: "email",
      :prompt => "select_account",
      access_type: 'offline',
      :client_options => {
        :ssl => {
          :ca_file => "/usr/local/etc/openssl/certs/ca-bundle.crt",
          :ca_path => "/usr/local/etc/openssl/certs"
        }
      }
    }
    
    Rails.application.config.middleware.use OmniAuth::Builder do
      provider :google_oauth2, Rails.application.secrets.client_id, Rails.application.secrets.client_secret, options
    end