[jruby-dev] [jira] Created: (JRUBY-3673) jRuby-OpenSSL does not properly load certificate authority file

Sun, 17 May 2009 01:04:56 -0700 

jRuby-OpenSSL does not properly load certificate authority file
---------------------------------------------------------------

                 Key: JRUBY-3673
                 URL: http://jira.codehaus.org/browse/JRUBY-3673
             Project: JRuby
          Issue Type: Bug
          Components: Core Classes/Modules, OpenSSL
    Affects Versions: JRuby-OpenSSL 0.5
         Environment: MacOSX 10.5.7; Java(TM) 2 Runtime Environment, Standard 
Edition (build 1.5.0_16-b06-284); jRuby 1.2.0 and jRuby Master (2009-05-17 
1f2f4f6); jruby-openssl 0.5
            Reporter: Michael Rykov
             Fix For: JRuby-OpenSSL 0.5


As a follow up to JRUBY-3521, it looks like jRuby-OpenSSL does not properly 
load/recognize the CA file when calling _Net::HTTP.ca_file=_, and thus fails to 
fetch a page via SSL when certificate verification is enabled.  

Please use _fetch.rb_ and _cacert.new.pem_ (*not* _cacert.pem_) from JRUBY-3521 
to reproduce the following:

jRuby:
{noformat}
$ jruby -v
jruby 1.3.0RC2 (ruby 1.8.6p287) (2009-05-17 1f2f4f6) (Java HotSpot(TM) Client 
VM 1.5.0_16) [i386-java]

$ jruby ./fetch.rb 
/Users/mrykov/Projects/jRuby/lib/ruby/1.8/net/http.rb:590:in `connect': 
certificate verify failed (OpenSSL::SSL::SSLError)
        from /Users/mrykov/Projects/jRuby/lib/ruby/1.8/net/http.rb:557:in 
`do_start'
        from /Users/mrykov/Projects/jRuby/lib/ruby/1.8/net/http.rb:546:in 
`start'
        from ./fetch.rb:10
$ jruby ./fetch.rb https://www.google.com/
/Users/mrykov/Projects/jRuby/lib/ruby/1.8/net/http.rb:590:in `connect': 
certificate verify failed (OpenSSL::SSL::SSLError)
        from /Users/mrykov/Projects/jRuby/lib/ruby/1.8/net/http.rb:557:in 
`do_start'
        from /Users/mrykov/Projects/jRuby/lib/ruby/1.8/net/http.rb:546:in 
`start'
        from ./fetch.rb:10
{noformat}

MRI
{noformat}
$ ruby -v
ruby 1.8.6 (2008-08-11 patchlevel 287) [universal-darwin9.0]

$ ruby ./fetch.rb 
<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" 
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd";>

[... SNIP the rest of the successful response ...]

$ ruby ./fetch.rb https://www.google.com/
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">

[... SNIP the rest of the successful response ...]
{noformat}

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: 
http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email

Reply via email to