I had the same issue with authorize.net and was able to resolve it by updating the cacerts for activemerchant gem and restarting rails.
gem env #find path to gems [root@ip-172-30-0-131 inumbr]# cd /usr/lib64/ruby/gems/1.8/gems/activemerchant-1.4.2/ [root@ip-172-30-0-131 activemerchant-1.4.2]# cd lib/certs/ [root@ip-172-30-0-131 certs]# ls cacert.pem [root@ip-172-30-0-131 certs]# mv cacert.pem cacert.pem.old [root@ip-172-30-0-131 certs]# wget http://curl.haxx.se/ca/cacert.pem 2015-05-29 06:58:53 (548 KB/s) - ‘cacert.pem’ saved [258424/258424] On Friday, May 29, 2015 at 9:46:25 PM UTC-7, Chris McCann wrote: > > Thanks, Rob. I did in fact spend about 4 hours last night trying to > upgrade my Rails 2.3 app to Ruby 1.9.3. I ran into obstacle after obstacle > and was finally halted by an inability to get Rails 2.3 to talk to MySQL > 5.5+. > > Has anyone else cracked that nut? > > Chris > > On Fri, May 29, 2015 at 9:36 PM, Rob Kaufman <[email protected] > <javascript:>> wrote: > >> It comes down to trying to disable SSLv3. It's frankly pretty difficult >> in 1.8.7. You'll need to dig in to which http library you need to get >> started. If it is http.rb, get ready to patch your own Ruby. Here is a >> place to get started. >> >> >> https://www.ruby-lang.org/en/news/2014/10/27/changing-default-settings-of-ext-openssl/ >> >> I know it's not exciting, but you can upgrade a 2.3 app to 1.9.3. It's >> worth doing even before you try and tackle the much bigger rails update. >> >> — >> Sent from Mailbox <https://www.dropbox.com/mailbox> >> >> >> On Fri, May 29, 2015 at 8:14 PM, Chris McCann <[email protected] >> <javascript:>> wrote: >> >>> SD Ruby, >>> >>> A Rails app I've had in production for over 7 years developed an odd >>> problem on Thursday. This change was not preceded by any code or server >>> changes within the past few weeks. >>> >>> It's a Rails 2.3 app running on Ruby 1.8.7 (yes, it's old, and I've been >>> working on upgrading it for months). It runs on Ubuntu 10.04.4 LTS (I >>> know, also old, and being upgraded). >>> >>> It uses ActiveMerchant to process credit card payments via the >>> Authorize.net gateway. This bit has worked essentially flawlessly for over >>> 5 years. >>> >>> This past Thursday my client tried to process a credit card payment and >>> the app threw an error: >>> >>> A OpenSSL::SSL::SSLError occurred in credit_card_payments#create: >>> >>> SSL_connect returned=1 errno=0 state=SSLv3 read server certificate >>> B: certificate verify failed >>> >>> /usr/local/rvm/rubies/ruby-1.8.7-p352/lib/ruby/1.8/net/http.rb:586:in >>> `connect' >>> >>> Of course, this happened while I was on an airplane, and more >>> ironically, flying to San Antonio to see my client. >>> >>> Frantic Googling at 41,000 feet brought me to this: >>> http://mislav.uniqpath.com/2013/07/ruby-openssl/ >>> >>> One of the suggestions in the mislav article is to do a CA certificate >>> upgrade via apt-get (sounds of ominous bass notes in the background). >>> Since the Ubuntu distro I have been using has been "end-of-lifed" (ELO'd), >>> I cannot update the CA certificates on the distro, though all of the other >>> checks indicate this isn't an issue. >>> >>> Also mentioned in that article is the "doctor.rb" script to check >>> things, and it reported all was "OK". >>> >>> I contacted our SSL provider, RapidSSL, and they verified that our SSL >>> certificate, and the others in the cert chain, were valid and installed >>> correctly. >>> >>> I have reached out to Authorize.net to ask them if anything changed on >>> their end but haven't heard back yet. >>> >>> My plea to SD Ruby: has anyone else encountered something like this? >>> I'm at a loss as to what the cause might be or how to fix it, short of the >>> long-delayed upgrade to Rails 4 and a new Linux distro. >>> >>> Thanks, >>> >>> Chris >>> >>> -- >>> -- >>> SD Ruby mailing list >>> [email protected] <javascript:> >>> http://groups.google.com/group/sdruby >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "SD Ruby" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected] <javascript:>. >>> For more options, visit https://groups.google.com/d/optout. >>> >> >> -- >> -- >> SD Ruby mailing list >> [email protected] <javascript:> >> http://groups.google.com/group/sdruby >> --- >> You received this message because you are subscribed to a topic in the >> Google Groups "SD Ruby" group. >> To unsubscribe from this topic, visit >> https://groups.google.com/d/topic/sdruby/rhAsuBqZOYI/unsubscribe. >> To unsubscribe from this group and all its topics, send an email to >> [email protected] <javascript:>. >> For more options, visit https://groups.google.com/d/optout. >> > > -- -- SD Ruby mailing list [email protected] http://groups.google.com/group/sdruby --- You received this message because you are subscribed to the Google Groups "SD Ruby" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
