Details

    • Type: Bug Bug
    • Status: Resolved Resolved
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: JRuby-OSSL 0.7.7
    • Fix Version/s: JRuby 1.7.0.pre2
    • Component/s: OpenSSL
    • Labels:
      None
    • Environment:
      Windows 7, JRuby 1.6.3
    • Number of attachments :
      0

      Description

      Our application uses the OmniAuth gem, which uses the Faraday gem, which uses Net::HTTP.
      We run it from JRuby, and use it to talk HTTPS to a server that has a GoDaddy signed cert.
      So we end up using which jruby-openssl.
      We use the SSL_CERT_DIR to point to the SSL certificates directory, where there is a GoDaddy cert.
      On Linux, this works fine.
      On Windows (with the ssl certificate directory copied from Linux), this fails with a "certificate verify failed" error.

      Test-case code looks like:

      ENV['SSL_CERT_DIR']='c:\ssl\certs'
      require 'rubygems'
      require 'faraday'
      response = Faraday.get 'https://www.godaddy.com/'
      

      which results in this error:

      OpenSSL::SSL::SSLError: certificate verify failed
      

      The problem is on Lookup.java#L558 where the code constructs a path using a hardcoded slash; the code then tries to lookup "c:\ssl\certs/219d9499.0" which doesn't exist.

      The simplest fix is to use the platform-dependent path-separator character instead of the slash, like this patch; I've confirmed that resolves the problem on Windows.

      Better yet, instead of handcrafting paths, let Java do that with File.

        Activity

        Hide
        Charles Oliver Nutter added a comment -

        I agree the small fix is not ideal, but it is neat and simple.

        I will leave it up to you if you want to put that into a pull request or try to do more work to get a "proper" fix into a PR. Marking for 1.7 pre2.

        Show
        Charles Oliver Nutter added a comment - I agree the small fix is not ideal, but it is neat and simple. I will leave it up to you if you want to put that into a pull request or try to do more work to get a "proper" fix into a PR. Marking for 1.7 pre2.
        Hide
        Martijn Koster added a comment -

        I've created https://github.com/jruby/jruby-ossl/pull/23 for the minimal fix.

        Show
        Martijn Koster added a comment - I've created https://github.com/jruby/jruby-ossl/pull/23 for the minimal fix.
        Hide
        Charles Oliver Nutter added a comment -

        Patched on master, since jossl lives there now. Will work with nahi to get this into the gem for older JRuby versions.

        commit b7ef22617f4b82a7d2c2863f5b857e1b1c105a0e
        Author: Charles Oliver Nutter <headius@headius.com>
        Date:   Fri Jun 29 17:42:29 2012 -0500
        
            Fix JRUBY-6715
            
            jruby-openssl cert validation fails on windows
            
            This is a small localized fix by Martijn Koster. There's probably
            a better long-term fix.
        
        Show
        Charles Oliver Nutter added a comment - Patched on master, since jossl lives there now. Will work with nahi to get this into the gem for older JRuby versions. commit b7ef22617f4b82a7d2c2863f5b857e1b1c105a0e Author: Charles Oliver Nutter <headius@headius.com> Date: Fri Jun 29 17:42:29 2012 -0500 Fix JRUBY-6715 jruby-openssl cert validation fails on windows This is a small localized fix by Martijn Koster. There's probably a better long-term fix.

          People

          • Assignee:
            Charles Oliver Nutter
            Reporter:
            Martijn Koster
          • Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: