Chris, I agree wholeheartedly. A few months ago I was thinking along the same lines and wrote a blog post about stagnation in old projects:
http://ylan.segal-family.com/blog/2015/01/05/stagnation/ — Ylan Segal [email protected] > On Jun 1, 2015, at 9:14 AM, Chris McCann <[email protected]> wrote: > > Thanks for the point-out. Once again, how you ask the question on Google > determines what you get for answers. > > Note to anyone else encountering a situation like this: if I google > "ActiveMerchant SSL_connect" the Github link Brian referenced is the very > first search result. > > In my somewhat frantic searching it didn't occur to me to try a variety of > terms around the issue, and had I done so, I most likely would have found > this. The main players in this problem were Rails, SSL, ActiveMerchant, > SSLv3, etc. -- I should have tried many combinations of those terms. > > Lastly, this app was started over 8 years ago and has not gotten the > attention it needed in terms of Rails, Ruby, and gem version upgrades. I did > manage to upgrade it to Rails 2.3 several years ago but that's as far as I > got. Looking back, even an upgrade to ruby 1.9.3 might have prevented this. > > Try to keep your apps and other major dependencies at least near the current > major release. An ounce of prevention here is worth hundreds of pounds of > cure later -- and reduces cranial bruising significantly! > > Cheers, > > Chris > > On Mon, Jun 1, 2015 at 2:27 AM, Brian <[email protected]> wrote: > Glad to hear it worked for you too. I was tipped off by an issue opened in > the active_merchant repo: > https://github.com/Shopify/active_merchant/issues/1643 > > On Saturday, May 30, 2015 at 9:54:18 PM UTC-7, Chris McCann wrote: > Brian, > > DUDE! All your beers at SD Ruby are on me for the rest of this year. You > just saved my bacon big time - thanks so much for the tip. That worked like > a charm. > > How did you come across this fix? > > Cheers, > > Chris > > On Sat, May 30, 2015 at 9:09 PM, Brian <[email protected]> wrote: > I had the same issue with authorize.net and was able to resolve it by > updating the cacerts for activemerchant gem and restarting rails. > > gem env #find path to gems > [root@ip-172-30-0-131 inumbr]# cd > /usr/lib64/ruby/gems/1.8/gems/activemerchant-1.4.2/ > [root@ip-172-30-0-131 activemerchant-1.4.2]# cd lib/certs/ > [root@ip-172-30-0-131 certs]# ls > cacert.pem > [root@ip-172-30-0-131 certs]# mv cacert.pem cacert.pem.old > [root@ip-172-30-0-131 certs]# wget http://curl.haxx.se/ca/cacert.pem > 2015-05-29 06:58:53 (548 KB/s) - ‘cacert.pem’ saved [258424/258424] > > > On Friday, May 29, 2015 at 9:46:25 PM UTC-7, Chris McCann wrote: > Thanks, Rob. I did in fact spend about 4 hours last night trying to upgrade > my Rails 2.3 app to Ruby 1.9.3. I ran into obstacle after obstacle and was > finally halted by an inability to get Rails 2.3 to talk to MySQL 5.5+. > > Has anyone else cracked that nut? > > Chris > > On Fri, May 29, 2015 at 9:36 PM, Rob Kaufman <[email protected]> wrote: > It comes down to trying to disable SSLv3. It's frankly pretty difficult in > 1.8.7. You'll need to dig in to which http library you need to get started. > If it is http.rb, get ready to patch your own Ruby. Here is a place to get > started. > > https://www.ruby-lang.org/en/news/2014/10/27/changing-default-settings-of-ext-openssl/ > > I know it's not exciting, but you can upgrade a 2.3 app to 1.9.3. It's worth > doing even before you try and tackle the much bigger rails update. > > — > Sent from Mailbox > > > On Fri, May 29, 2015 at 8:14 PM, Chris McCann <[email protected]> wrote: > > SD Ruby, > > A Rails app I've had in production for over 7 years developed an odd problem > on Thursday. This change was not preceded by any code or server changes > within the past few weeks. > > It's a Rails 2.3 app running on Ruby 1.8.7 (yes, it's old, and I've been > working on upgrading it for months). It runs on Ubuntu 10.04.4 LTS (I know, > also old, and being upgraded). > > It uses ActiveMerchant to process credit card payments via the Authorize.net > gateway. This bit has worked essentially flawlessly for over 5 years. > > This past Thursday my client tried to process a credit card payment and the > app threw an error: > > A OpenSSL::SSL::SSLError occurred in credit_card_payments#create: > > SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: > certificate verify failed > > /usr/local/rvm/rubies/ruby-1.8.7-p352/lib/ruby/1.8/net/http.rb:586:in > `connect' > > Of course, this happened while I was on an airplane, and more ironically, > flying to San Antonio to see my client. > > Frantic Googling at 41,000 feet brought me to this: > http://mislav.uniqpath.com/2013/07/ruby-openssl/ > > One of the suggestions in the mislav article is to do a CA certificate > upgrade via apt-get (sounds of ominous bass notes in the background). Since > the Ubuntu distro I have been using has been "end-of-lifed" (ELO'd), I cannot > update the CA certificates on the distro, though all of the other checks > indicate this isn't an issue. > > Also mentioned in that article is the "doctor.rb" script to check things, and > it reported all was "OK". > > I contacted our SSL provider, RapidSSL, and they verified that our SSL > certificate, and the others in the cert chain, were valid and installed > correctly. > > I have reached out to Authorize.net to ask them if anything changed on their > end but haven't heard back yet. > > My plea to SD Ruby: has anyone else encountered something like this? I'm at > a loss as to what the cause might be or how to fix it, short of the > long-delayed upgrade to Rails 4 and a new Linux distro. > > Thanks, > > Chris > > -- > -- > SD Ruby mailing list > [email protected] > http://groups.google.com/group/sdruby > --- > You received this message because you are subscribed to the Google Groups "SD > Ruby" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > > > -- > -- > SD Ruby mailing list > [email protected] > http://groups.google.com/group/sdruby > --- > You received this message because you are subscribed to a topic in the Google > Groups "SD Ruby" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/sdruby/rhAsuBqZOYI/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > [email protected]. > For more options, visit https://groups.google.com/d/optout. > > > -- > -- > SD Ruby mailing list > [email protected] > http://groups.google.com/group/sdruby > --- > You received this message because you are subscribed to a topic in the Google > Groups "SD Ruby" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/sdruby/rhAsuBqZOYI/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > [email protected]. > For more options, visit https://groups.google.com/d/optout. > > > -- > -- > SD Ruby mailing list > [email protected] > http://groups.google.com/group/sdruby > --- > You received this message because you are subscribed to a topic in the Google > Groups "SD Ruby" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/sdruby/rhAsuBqZOYI/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > [email protected]. > For more options, visit https://groups.google.com/d/optout. > > > -- > -- > SD Ruby mailing list > [email protected] > http://groups.google.com/group/sdruby > --- > You received this message because you are subscribed to the Google Groups "SD > Ruby" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- -- SD Ruby mailing list [email protected] http://groups.google.com/group/sdruby --- You received this message because you are subscribed to the Google Groups "SD Ruby" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
