Thanks, Bensie, I'll look into that.
> On May 29, 2015, at 10:24 PM, James Miller <[email protected]> wrote: > > Authorize.net disabled SSLv3 sometime recently. You'll need to upgrade > whatever you're using to use TLS. Perhaps ActiveMerchant has an update that > takes care of it... > >> On Fri, May 29, 2015 at 8:14 PM Chris McCann <[email protected]> wrote: >> SD Ruby, >> >> A Rails app I've had in production for over 7 years developed an odd problem >> on Thursday. This change was not preceded by any code or server changes >> within the past few weeks. >> >> It's a Rails 2.3 app running on Ruby 1.8.7 (yes, it's old, and I've been >> working on upgrading it for months). It runs on Ubuntu 10.04.4 LTS (I know, >> also old, and being upgraded). >> >> It uses ActiveMerchant to process credit card payments via the Authorize.net >> gateway. This bit has worked essentially flawlessly for over 5 years. >> >> This past Thursday my client tried to process a credit card payment and the >> app threw an error: >> >> A OpenSSL::SSL::SSLError occurred in credit_card_payments#create: >> >> SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: >> certificate verify failed >> >> /usr/local/rvm/rubies/ruby-1.8.7-p352/lib/ruby/1.8/net/http.rb:586:in >> `connect' >> >> Of course, this happened while I was on an airplane, and more ironically, >> flying to San Antonio to see my client. >> >> Frantic Googling at 41,000 feet brought me to this: >> http://mislav.uniqpath.com/2013/07/ruby-openssl/ >> >> One of the suggestions in the mislav article is to do a CA certificate >> upgrade via apt-get (sounds of ominous bass notes in the background). Since >> the Ubuntu distro I have been using has been "end-of-lifed" (ELO'd), I >> cannot update the CA certificates on the distro, though all of the other >> checks indicate this isn't an issue. >> >> Also mentioned in that article is the "doctor.rb" script to check things, >> and it reported all was "OK". >> >> I contacted our SSL provider, RapidSSL, and they verified that our SSL >> certificate, and the others in the cert chain, were valid and installed >> correctly. >> >> I have reached out to Authorize.net to ask them if anything changed on their >> end but haven't heard back yet. >> >> My plea to SD Ruby: has anyone else encountered something like this? I'm at >> a loss as to what the cause might be or how to fix it, short of the >> long-delayed upgrade to Rails 4 and a new Linux distro. >> >> Thanks, >> >> Chris >> -- >> -- >> SD Ruby mailing list >> [email protected] >> http://groups.google.com/group/sdruby >> --- >> You received this message because you are subscribed to the Google Groups >> "SD Ruby" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> For more options, visit https://groups.google.com/d/optout. > > -- > -- > SD Ruby mailing list > [email protected] > http://groups.google.com/group/sdruby > --- > You received this message because you are subscribed to a topic in the Google > Groups "SD Ruby" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/sdruby/rhAsuBqZOYI/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > [email protected]. > For more options, visit https://groups.google.com/d/optout. -- -- SD Ruby mailing list [email protected] http://groups.google.com/group/sdruby --- You received this message because you are subscribed to the Google Groups "SD Ruby" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
