Ylan, You sure hit the nail on the head with your blog post -- well said, my friend! I am living proof that pretty much everything you said is spot-on.
Chris On Mon, Jun 1, 2015 at 9:22 AM, Ylan Segal <[email protected]> wrote: > Chris, > > I agree wholeheartedly. A few months ago I was thinking along the same > lines and wrote a blog post about stagnation in old projects: > > http://ylan.segal-family.com/blog/2015/01/05/stagnation/ > > — > Ylan Segal > [email protected] > > > > On Jun 1, 2015, at 9:14 AM, Chris McCann <[email protected]> wrote: > > > > Thanks for the point-out. Once again, how you ask the question on > Google determines what you get for answers. > > > > Note to anyone else encountering a situation like this: if I google > "ActiveMerchant SSL_connect" the Github link Brian referenced is the very > first search result. > > > > In my somewhat frantic searching it didn't occur to me to try a variety > of terms around the issue, and had I done so, I most likely would have > found this. The main players in this problem were Rails, SSL, > ActiveMerchant, SSLv3, etc. -- I should have tried many combinations of > those terms. > > > > Lastly, this app was started over 8 years ago and has not gotten the > attention it needed in terms of Rails, Ruby, and gem version upgrades. I > did manage to upgrade it to Rails 2.3 several years ago but that's as far > as I got. Looking back, even an upgrade to ruby 1.9.3 might have prevented > this. > > > > Try to keep your apps and other major dependencies at least near the > current major release. An ounce of prevention here is worth hundreds of > pounds of cure later -- and reduces cranial bruising significantly! > > > > Cheers, > > > > Chris > > > > On Mon, Jun 1, 2015 at 2:27 AM, Brian <[email protected]> wrote: > > Glad to hear it worked for you too. I was tipped off by an issue opened > in the active_merchant repo: > https://github.com/Shopify/active_merchant/issues/1643 > > > > On Saturday, May 30, 2015 at 9:54:18 PM UTC-7, Chris McCann wrote: > > Brian, > > > > DUDE! All your beers at SD Ruby are on me for the rest of this year. > You just saved my bacon big time - thanks so much for the tip. That worked > like a charm. > > > > How did you come across this fix? > > > > Cheers, > > > > Chris > > > > On Sat, May 30, 2015 at 9:09 PM, Brian <[email protected]> wrote: > > I had the same issue with authorize.net and was able to resolve it by > updating the cacerts for activemerchant gem and restarting rails. > > > > gem env #find path to gems > > [root@ip-172-30-0-131 inumbr]# cd > /usr/lib64/ruby/gems/1.8/gems/activemerchant-1.4.2/ > > [root@ip-172-30-0-131 activemerchant-1.4.2]# cd lib/certs/ > > [root@ip-172-30-0-131 certs]# ls > > cacert.pem > > [root@ip-172-30-0-131 certs]# mv cacert.pem cacert.pem.old > > [root@ip-172-30-0-131 certs]# wget http://curl.haxx.se/ca/cacert.pem > > 2015-05-29 06:58:53 (548 KB/s) - ‘cacert.pem’ saved [258424/258424] > > > > > > On Friday, May 29, 2015 at 9:46:25 PM UTC-7, Chris McCann wrote: > > Thanks, Rob. I did in fact spend about 4 hours last night trying to > upgrade my Rails 2.3 app to Ruby 1.9.3. I ran into obstacle after obstacle > and was finally halted by an inability to get Rails 2.3 to talk to MySQL > 5.5+. > > > > Has anyone else cracked that nut? > > > > Chris > > > > On Fri, May 29, 2015 at 9:36 PM, Rob Kaufman <[email protected]> wrote: > > It comes down to trying to disable SSLv3. It's frankly pretty difficult > in 1.8.7. You'll need to dig in to which http library you need to get > started. If it is http.rb, get ready to patch your own Ruby. Here is a > place to get started. > > > > > https://www.ruby-lang.org/en/news/2014/10/27/changing-default-settings-of-ext-openssl/ > > > > I know it's not exciting, but you can upgrade a 2.3 app to 1.9.3. It's > worth doing even before you try and tackle the much bigger rails update. > > > > — > > Sent from Mailbox > > > > > > On Fri, May 29, 2015 at 8:14 PM, Chris McCann <[email protected]> > wrote: > > > > SD Ruby, > > > > A Rails app I've had in production for over 7 years developed an odd > problem on Thursday. This change was not preceded by any code or server > changes within the past few weeks. > > > > It's a Rails 2.3 app running on Ruby 1.8.7 (yes, it's old, and I've been > working on upgrading it for months). It runs on Ubuntu 10.04.4 LTS (I > know, also old, and being upgraded). > > > > It uses ActiveMerchant to process credit card payments via the > Authorize.net gateway. This bit has worked essentially flawlessly for over > 5 years. > > > > This past Thursday my client tried to process a credit card payment and > the app threw an error: > > > > A OpenSSL::SSL::SSLError occurred in credit_card_payments#create: > > > > SSL_connect returned=1 errno=0 state=SSLv3 read server certificate > B: certificate verify failed > > > > > /usr/local/rvm/rubies/ruby-1.8.7-p352/lib/ruby/1.8/net/http.rb:586:in > `connect' > > > > Of course, this happened while I was on an airplane, and more > ironically, flying to San Antonio to see my client. > > > > Frantic Googling at 41,000 feet brought me to this: > http://mislav.uniqpath.com/2013/07/ruby-openssl/ > > > > One of the suggestions in the mislav article is to do a CA certificate > upgrade via apt-get (sounds of ominous bass notes in the background). > Since the Ubuntu distro I have been using has been "end-of-lifed" (ELO'd), > I cannot update the CA certificates on the distro, though all of the other > checks indicate this isn't an issue. > > > > Also mentioned in that article is the "doctor.rb" script to check > things, and it reported all was "OK". > > > > I contacted our SSL provider, RapidSSL, and they verified that our SSL > certificate, and the others in the cert chain, were valid and installed > correctly. > > > > I have reached out to Authorize.net to ask them if anything changed on > their end but haven't heard back yet. > > > > My plea to SD Ruby: has anyone else encountered something like this? > I'm at a loss as to what the cause might be or how to fix it, short of the > long-delayed upgrade to Rails 4 and a new Linux distro. > > > > Thanks, > > > > Chris > > > > -- > > -- > > SD Ruby mailing list > > [email protected] > > http://groups.google.com/group/sdruby > > --- > > You received this message because you are subscribed to the Google > Groups "SD Ruby" group. > > To unsubscribe from this group and stop receiving emails from it, send > an email to [email protected]. > > For more options, visit https://groups.google.com/d/optout. > > > > > > -- > > -- > > SD Ruby mailing list > > [email protected] > > http://groups.google.com/group/sdruby > > --- > > You received this message because you are subscribed to a topic in the > Google Groups "SD Ruby" group. > > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/sdruby/rhAsuBqZOYI/unsubscribe. > > To unsubscribe from this group and all its topics, send an email to > [email protected]. > > For more options, visit https://groups.google.com/d/optout. > > > > > > -- > > -- > > SD Ruby mailing list > > [email protected] > > http://groups.google.com/group/sdruby > > --- > > You received this message because you are subscribed to a topic in the > Google Groups "SD Ruby" group. > > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/sdruby/rhAsuBqZOYI/unsubscribe. > > To unsubscribe from this group and all its topics, send an email to > [email protected]. > > For more options, visit https://groups.google.com/d/optout. > > > > > > -- > > -- > > SD Ruby mailing list > > [email protected] > > http://groups.google.com/group/sdruby > > --- > > You received this message because you are subscribed to a topic in the > Google Groups "SD Ruby" group. > > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/sdruby/rhAsuBqZOYI/unsubscribe. > > To unsubscribe from this group and all its topics, send an email to > [email protected]. > > For more options, visit https://groups.google.com/d/optout. > > > > > > -- > > -- > > SD Ruby mailing list > > [email protected] > > http://groups.google.com/group/sdruby > > --- > > You received this message because you are subscribed to the Google > Groups "SD Ruby" group. > > To unsubscribe from this group and stop receiving emails from it, send > an email to [email protected]. > > For more options, visit https://groups.google.com/d/optout. > > -- > -- > SD Ruby mailing list > [email protected] > http://groups.google.com/group/sdruby > --- > You received this message because you are subscribed to a topic in the > Google Groups "SD Ruby" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/sdruby/rhAsuBqZOYI/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- -- SD Ruby mailing list [email protected] http://groups.google.com/group/sdruby --- You received this message because you are subscribed to the Google Groups "SD Ruby" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
