I have a ruby client that connects to an exchange server using IMAP & SSL. I use the Ruby Net::IMAP library (which uses openssl under the covers) to connect. Its been working fine for months. The exchange server admin installed new cert from godaddy and now I get this error:
SSL_connect SYSCALL returned=5 errno=0 state=SSLv2/v3 read server hello A
Does anyone know what this error means? (I tried googling)
I suspect there is an issue with the new cert causing this, but I dont know how to troubleshoot it.
Also I know you can disable certificate verification when using NET:HTTP by doing:
http.verify_mode = OpenSSL::SSL::VERIFY_NONE if http.use_ssl?
but I cant figure out how to do this using NET:IMAP. I want to disable this to see if this is the problem.
As for code im using: Im using this(or very close to this) http://github.com/look/fetcher/blob/master/lib/fetcher/imap.rb
I tried changing to : @connection = Net::IMAP.new(@server, @port, @ssl, nil, false)
Here is the stacktrace
checking emails on: Tue Aug 17 20:48:01 +0000 2010
rake aborted!
SSL_connect SYSCALL returned=5 errno=0 state=SSLv2/v3 read server hello A
/usr/lib/ruby/1.8/net/imap.rb:904:in `connect'
/usr/lib/ruby/1.8/net/imap.rb:904:in `initialize'
/u/apps/aras/releases/20100728212439/vendor/plugins/fetcher/lib/fetcher/imap.rb:34:in `new'
/u/apps/aras/releases/20100728212439/vendor/plugins/fetcher/lib/fetcher/imap.rb:34:in `establish_connection'
/usr/lib/ruby/gems/1.8/gems/system_timer-1.0/lib/system_timer.rb:28:in `timeout_after'
/u/apps/aras/releases/20100728212439/vendor/plugins/fetcher/lib/fetcher/imap.rb:33:in `establish_connection'
/u/apps/aras/releases/20100728212439/vendor/plugins/fetcher/lib/fetcher/base.rb:31:in `fetch'
I received this error trying to connect to dynamoDB with rails 3 using the default setup. Solution was to add
config.port = 443
to the
dynamo_db.rb
initializer
As of this writing this fix is in an unmerged branch of the gem.
Well it turns out the root cause on this one was ms exchange was misconfigured. I would love to have learned more about ssl errors and how to troublshoot them, but I just didnt get much info on this.
I did try to just troublshoot this using open ssl, fyi, you can do: OpenSSL> s_client -connect myserver:993
When it was broken, I received this error: CONNECTED(00000003) 26831:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:188:
Once we fixed I got a cert and handshake message etc.
Here is what my exchange admin said he did: "I just went to the IMAP protocol and went to the access tab. Then the certificates button. From there I chose to replace the cert and chose the new cert."
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With