6

I have already looked through many of the questions similar to this one on stack overflow and im asking the ruby gods for help now.

im getting this stack trace when making an HTTP request via ruby:

/System/Library/Frameworks/Ruby.framework/Versions/2.0/usr/lib/ruby/2.0.0/net/http.rb:918:in `connect': SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server hello A (OpenSSL::SSL::SSLError)
    from /System/Library/Frameworks/Ruby.framework/Versions/2.0/usr/lib/ruby/2.0.0/net/http.rb:918:in `block in connect'
    from /System/Library/Frameworks/Ruby.framework/Versions/2.0/usr/lib/ruby/2.0.0/timeout.rb:66:in `timeout'
    from /System/Library/Frameworks/Ruby.framework/Versions/2.0/usr/lib/ruby/2.0.0/net/http.rb:918:in `connect'
    from /System/Library/Frameworks/Ruby.framework/Versions/2.0/usr/lib/ruby/2.0.0/net/http.rb:862:in `do_start'
    from /System/Library/Frameworks/Ruby.framework/Versions/2.0/usr/lib/ruby/2.0.0/net/http.rb:851:in `start'
    from /System/Library/Frameworks/Ruby.framework/Versions/2.0/usr/lib/ruby/2.0.0/net/http.rb:1367:in `request'

Some things to note:

I have already tried setting these attributes on http object:

http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = true
http.ssl_version = :TLSv1
http.ciphers = ['RC4-SHA']
http.verify_mode = OpenSSL::SSL::VERIFY_NONE

I have already tried setting

   require 'openssl'
   OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE

And lastly, this error only happens on one of my machines. My guess is that i have a different version of openssl or possible some gem thats being used thats a different version. Both are Mac OSX Yosemite 10.10.5

Here is the environment for the machine that does work:

*** LOCAL GEMS ***

activesupport (4.2.4, 3.2.22)
addressable (2.3.8)
autoparse (0.3.3)
bigdecimal (1.2.4)
bluecloth (2.2.0)
builder (3.2.2)
bundler (1.6.2)
bundler-unload (1.0.2)
curb (0.8.8)
executable-hooks (1.3.2)
extlib (0.9.16)
faraday (0.9.2)
gem-wrappers (1.2.4)
google-api-client (0.8.4)
google_drive (1.0.1)
googleauth (0.4.2)
hurley (0.2)
i18n (0.7.0)
io-console (0.4.2)
jenkins_api_client (1.4.1)
json (1.8.1)
jwt (1.5.1)
launchy (2.4.3)
little-plugger (1.1.4)
logging (2.0.0)
macaddr (1.7.1)
maruku (0.7.2)
memoist (0.12.0)
mime-types (2.3)
mini_magick (4.2.7)
mini_portile (0.7.0.rc4)
minitest (5.8.1, 4.7.5)
mixlib-shellout (2.2.1)
multi_json (1.11.2)
multi_xml (0.5.5)
multipart-post (2.0.0)
netrc (0.7.7)
nokogiri (1.6.7.rc3)
oauth (0.4.7)
oauth2 (1.0.0)
plist (3.1.0)
polyglot (0.3.5)
psych (2.0.5)
rack (1.6.4)
rake (10.3.2, 10.1.0)
rdoc (4.1.0)
representable (2.3.0)
rest-client (1.7.2)
retriable (2.1.0, 1.4.1)
rubygems-bundler (1.4.4)
rvm (1.11.3.9)
signet (0.6.1)
sqlite3 (1.3.9)
systemu (2.6.4)
terminal-table (1.5.2)
test-unit (2.1.2.0)
thor (0.19.1)
thread_safe (0.3.5)
treetop (1.5.3)
tzinfo (1.2.2)
uber (0.0.15)
unicode (0.4.4.1)
uuid (2.3.7)

here is my version of openssl:

OpenSSL 0.9.8zg 14 July 2015

Here is my environment for the machine that doesnt work:

*** LOCAL GEMS ***

activesupport (3.2.22)
addressable (2.3.8)
autoparse (0.3.3)
bigdecimal (1.2.0)
bluecloth (2.2.0)
builder (3.2.2)
CFPropertyList (2.2.8)
curb (0.8.8)
extlib (0.9.16)
faraday (0.9.2)
google-api-client (0.8.4)
google_drive (1.0.1)
googleauth (0.4.2)
i18n (0.7.0)
io-console (0.4.2)
jenkins_api_client (1.4.1)
json (1.8.1, 1.7.7)
jwt (1.5.1)
launchy (2.4.3)
libxml-ruby (2.6.0)
little-plugger (1.1.4)
logging (2.0.0)
macaddr (1.7.1)
maruku (0.7.2)
memoist (0.12.0)
mime-types (2.3)
mini_portile (0.6.2)
minitest (5.8.1, 4.3.2)
mixlib-shellout (2.2.2)
multi_json (1.11.2)
multi_xml (0.5.5)
multipart-post (2.0.0)
netrc (0.7.7)
nokogiri (1.6.6.2, 1.5.6)
oauth (0.4.7)
oauth2 (1.0.0)
plist (3.1.0)
polyglot (0.3.5)
psych (2.0.0)
rack (1.6.4)
rake (10.3.2, 0.9.6)
rdoc (4.0.0)
rest-client (1.7.2)
retriable (1.4.1)
signet (0.6.1)
sqlite3 (1.3.9, 1.3.7)
systemu (2.6.4)
terminal-table (1.5.2)
test-unit (2.0.0.0)
thor (0.19.1)
thread_safe (0.3.5)
treetop (1.5.3)
tzinfo (1.2.2)
unicode (0.4.4.1)
uuid (2.3.7)

here is my version of openssl: (I tried upgrading to latest, that didnt work either)

OpenSSL 1.0.1g 7 Apr 2014
Rafthecalf
  • 461
  • 6
  • 20
  • 1
    In this case, `OpenSSL::SSL::VERIFY_PEER` is a constant and thus cannot be assigned to. Instead, an option worth trying is `http.verify_mode = OpenSSL::SSL::VERIFY_NONE` in the lines following `Net::HTTP.new` – Alexa Y Oct 22 '15 at 22:57
  • actually i tried this as well. let me update my question. – Rafthecalf Oct 22 '15 at 23:00

3 Answers3

1

Figured out the issue. I had an older version of ruby (2.0.0) I upgraded to 2.1.2 and works like magic. Not sure what ruby 2.0.0 has that makes openssl throw that Error. Very useless error message in my opinion.

Philip Kirkbride
  • 21,381
  • 38
  • 125
  • 225
Rafthecalf
  • 461
  • 6
  • 20
0

OpenSSL 0.9.8zg 14 July 2015

Don't let you fool by the recent date in the version of the OpenSSL version. Mac ships with an rotten old version of OpenSSL which is not able to do TLS 1.1 and TLS 1.2 and does not support any newer ciphers, but it applies security fixes to this old version. Given that your question lacks the details to reproduce the problem my guess is that the server simply expects a new TLS version or some of the newer ciphers.

You can check the behavior of a public https server at SSLLabs which also shows the SSL protocol versions and ciphers supported by the server. It also shows if problems are expected with various clients, including with OpenSSL version 0.9.8 which you use.

Steffen Ullrich
  • 114,247
  • 10
  • 131
  • 172
-1

Could this perhaps be caused by a timeout error? I was thinking so b/c in my ruby stack trace I am seeing this error and it goes through a timeout.rb file, just a guess.

error=SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read finished A
/Users/Ben/.rvm/rubies/ruby-2.1.5/lib/ruby/2.1.0/net/http.rb:920:in `connect'
/Users/Ben/.rvm/rubies/ruby-2.1.5/lib/ruby/2.1.0/net/http.rb:920:in `block in connect'
/Users/Ben/.rvm/rubies/ruby-2.1.5/lib/ruby/2.1.0/timeout.rb:76:in `timeout'
/Users/Ben/.rvm/rubies/ruby-2.1.5/lib/ruby/2.1.0/net/http.rb:920:in `connect'
/Users/Ben/.rvm/rubies/ruby-2.1.5/lib/ruby/2.1.0/net/http.rb:863:in `do_start'
/Users/Ben/.rvm/rubies/ruby-2.1.5/lib/ruby/2.1.0/net/http.rb:852:in `start'
/Users/Ben/.rvm/gems/ruby-2.1.5@caredox/gems/rest-client-1.8.0/lib/restclient/request.rb:413:in `transmit'
/Users/Ben/.rvm/gems/ruby-2.1.5@caredox/gems/rest-client-1.8.0/lib/restclient/request.rb:176:in `execute'
/Users/Ben/.rvm/gems/ruby-2.1.5@caredox/gems/rest-client-1.8.0/lib/restclient/request.rb:41:in `execute'
/Users/Ben/.rvm/gems/ruby-2.1.5@caredox/gems/rest-client-1.8.0/lib/restclient.rb:65:in `get'

You can try to adjust timeout setting, for me using RestClient lib

RestClient::Request.execute(method: :get, url: url,
                            timeout: 30,
                            headers: {:accept => :json,
                                       :Authorization =>access_token_header()}
James Kingsbery
  • 7,298
  • 2
  • 38
  • 67
bjm88
  • 690
  • 1
  • 8
  • 16