JRuby

jruby-openssl cert validation fails on windows

Details

  • Type: Bug Bug
  • Status: Resolved Resolved
  • Priority: Major Major
  • Resolution: Fixed
  • Affects Version/s: JRuby-OSSL 0.7.7
  • Fix Version/s: JRuby 1.7.0.pre2
  • Component/s: OpenSSL
  • Labels:
    None
  • Environment:
    Windows 7, JRuby 1.6.3
  • Number of attachments :
    0

Description

Our application uses the OmniAuth gem, which uses the Faraday gem, which uses Net::HTTP.
We run it from JRuby, and use it to talk HTTPS to a server that has a GoDaddy signed cert.
So we end up using which jruby-openssl.
We use the SSL_CERT_DIR to point to the SSL certificates directory, where there is a GoDaddy cert.
On Linux, this works fine.
On Windows (with the ssl certificate directory copied from Linux), this fails with a "certificate verify failed" error.

Test-case code looks like:

ENV['SSL_CERT_DIR']='c:\ssl\certs'
require 'rubygems'
require 'faraday'
response = Faraday.get 'https://www.godaddy.com/'

which results in this error:

OpenSSL::SSL::SSLError: certificate verify failed

The problem is on Lookup.java#L558 where the code constructs a path using a hardcoded slash; the code then tries to lookup "c:\ssl\certs/219d9499.0" which doesn't exist.

The simplest fix is to use the platform-dependent path-separator character instead of the slash, like this patch; I've confirmed that resolves the problem on Windows.

Better yet, instead of handcrafting paths, let Java do that with File.

Activity

Ascending order - Click to sort in descending order
Hide
Permalink
Charles Oliver Nutter added a comment -

I agree the small fix is not ideal, but it is neat and simple.

I will leave it up to you if you want to put that into a pull request or try to do more work to get a "proper" fix into a PR. Marking for 1.7 pre2.

Show
Charles Oliver Nutter added a comment - I agree the small fix is not ideal, but it is neat and simple. I will leave it up to you if you want to put that into a pull request or try to do more work to get a "proper" fix into a PR. Marking for 1.7 pre2.
Hide
Permalink
Martijn Koster added a comment -

I've created https://github.com/jruby/jruby-ossl/pull/23 for the minimal fix.

Show
Martijn Koster added a comment - I've created https://github.com/jruby/jruby-ossl/pull/23 for the minimal fix.
Hide
Permalink
Charles Oliver Nutter added a comment -

Patched on master, since jossl lives there now. Will work with nahi to get this into the gem for older JRuby versions.

commit b7ef22617f4b82a7d2c2863f5b857e1b1c105a0e
Author: Charles Oliver Nutter <headius@headius.com>
Date:   Fri Jun 29 17:42:29 2012 -0500

    Fix JRUBY-6715
    
    jruby-openssl cert validation fails on windows
    
    This is a small localized fix by Martijn Koster. There's probably
    a better long-term fix.
Show
Charles Oliver Nutter added a comment - Patched on master, since jossl lives there now. Will work with nahi to get this into the gem for older JRuby versions. commit b7ef22617f4b82a7d2c2863f5b857e1b1c105a0e Author: Charles Oliver Nutter <headius@headius.com> Date: Fri Jun 29 17:42:29 2012 -0500 Fix JRUBY-6715 jruby-openssl cert validation fails on windows This is a small localized fix by Martijn Koster. There's probably a better long-term fix.

People

  • Assignee:
    Charles Oliver Nutter
    Reporter:
    Martijn Koster
Vote (0)
Watch (3)

Dates

  • Created:
    Updated:
    Resolved: