Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to tell gem command not to use SSL

I am trying to run the gem command to install/update some gems, but due to some network restrictions in this area, I get this error:

ERROR:  While executing gem ... (OpenSSL::SSL::SSLError)     SSL_connect returned=6 errno=0 state=SSLv3 read finished A 

(I think) this is mainly because of tampering with the SSL certificates.
Is there anyway to tell gem not to use SSL, to avoid the error?

like image 664
Omid Kamangar Avatar asked Dec 05 '13 12:12

Omid Kamangar


People also ask

What is the gem command?

The gem command allows you to interact with RubyGems. Ruby 1.9 and newer ships with RubyGems built-in but you may need to upgrade for bug fixes or new features.

What does certificate verify failed mean?

The Ruby OpenSSL error certificate verify failed means your code can't verify that the SSL certificate of the website or API you're connecting to is the real one. It's important to solve this issue correctly to keep your communication secure.

How do I know if the certificate for RubyGems is correct?

To know if the certificate for RubyGems.org is correct, your computer consults another certificate from a Certificate Authority (CA). The CA certificate bundle includes certificates from every company that provides SSL certificates for servers, like Verisign, Globalsign, and many others.

Why is my SSL certificate not working with RubyGems/bundler?

This meant the “root” certificate that needed to verify connections changed. So even if you’d previously upgraded RubyGems/Bundler in order to fix the SSL problem, you would need to upgrade again—this time to an even newer version with even newer certificates. Start by running the automatic SSL check, and follow the instructions.

What versions of SSL does RubyGems support?

As a result, security best practices suggest actively blocking all versions of SSL, as well as TLS versions 1.0 and 1.1. RubyGems.org uses a 3rd party CDN provider called Fastly, which lets users all around the world download gems really quickly.

How to check SSL certificate in Linux?

Openssl command is a very powerful command to check certificate info in Linux. We can use the flowing command to check the SSL certificate. openssl s_client -servername <NAME> -connect <HOST:PORT> 2>/dev/null | openssl x509 -noout -text


2 Answers

Use HTTP instead of HTTPS if you are unable to solve the certs issue:

$ gem install rails --source http://rubygems.org 

To avoid repeating this every time, either edit your ~/.gemrc or edit the file through the command line, like this:

$ gem sources --add http://rubygems.org $ gem sources --remove https://rubygems.org $ gem sources --list  *** CURRENT SOURCES *** http://rubygems.org 

Also, en every Gemfile you will need to change the first line from:

source 'https://rubygems.org' 

To:

source 'http://rubygems.org' 

Of course it would be much better if you manage to solve the certs issue as @p11y suggested on his comment.

like image 194
Leo Gallucci Avatar answered Oct 09 '22 11:10

Leo Gallucci


The accepted answer didn't work for me. The following, however, did.

Edit .gemrc file

  • On Windows c:\Users\yourusername\.gemrc

Specifically %HOMEPATH% in the event your path is different.

  • Thanks goes out to @AaronChristiansen for pointing this out.

add:

:ssl_verify_mode: 0 

It displayed the SSL errors but the install was successful.

like image 30
JerodG Avatar answered Oct 09 '22 10:10

JerodG