Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Why does accessing a SSL site with Mechanize on Windows fail, but on Mac work?

Tags:

ruby

mechanize

This is the code I'm using to connect to the SSL site.

require 'mechanize'
a = Mechanize.new
page = a.get 'https://site.com'

I"m using using Ruby 1.9.3 and Mechanize 2.1pre1 + dependencies. On Mac the above code works and returns the page. On windows 7 running the same versions it gives me the following error:

OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3
read server certificate B: certificate verify failed

Reverting to Mechanize 2.0.1 seems to solve this problem, but I then get plagued with the too many connections reset by peer problem. Thus that is not a solution.

I've tried doing a.verify_mode = false, but that does not do anything. I have read that you can turn off SSL verification by using:

open(uri,:ssl_verify_mode => OpenSSL::SSL::VERIFY_NONE)

How can I turn it off in Mechanize ? Why am I only getting this error on Windows ?

like image 877
Kassym Dorsel Avatar asked Dec 19 '11 21:12

Kassym Dorsel

2 Answers

The version of OpenSSL (the library used to establish secure connections with Net::HTTPS) is not able to properly find the certificate chain in your computer.

To our bad, OpenSSL was never able to use the Windows installed cert storage to validate remote servers so is failing because of that.

From your example, you can do:

a.agent.http.verify_mode = OpenSSL::SSL::VERIFY_NONE

To avoid the verification, however that is far from ideal (due clear security issues)

I recommend you download some cert bundles (like the ones from curl):

http://curl.haxx.se/ca

And modify your code to something like this:

require "rbconfig"
require "mechanize"

a = Mechanize.new

# conditionally set certificate under Windows
# http://blog.emptyway.com/2009/11/03/proper-way-to-detect-windows-platform-in-ruby/
if RbConfig::CONFIG["host_os"] =~ /mingw|mswin/
  # http://curl.haxx.se/ca
  ca_path = File.expand_path "~/Tools/bin/curl-ca-bundle.crt"

  a.agent.http.ca_file = ca_path
end

page = a.get "https://github.com/"

That seems to work, Ruby 1.9.3-p0 (i386-mingw32), Windows 7 x64 and mechanize 2.1.pre.1

Hope that helps.

like image 51
Luis Lavena Avatar answered Nov 16 '22 09:11

Luis Lavena

Luis' answer looks fine but more generally:

OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE
like image 6
pguardiario Avatar answered Nov 16 '22 10:11

pguardiario
Sign in to Comment

Related questions

get part of std::tuple
Sending JSON request with Python
How to use MySQLi inside a namespace
What are the best practices for making online high score lists in JavaScript based games? [closed]
Why can't I alter the height of a TextBox control in the windows forms design view?
Design-time package fails to build - File not found: 'Graphics.dcu'
Is there a way to check if Android device supports openGL ES 2.0?
Git / detached HEAD, get work back?
How to get the upload file with other inputs in play2?
Using the STL with Android NDK C++
Why can't "return" and "yield return" be used in the same method?
Auto-execute javascript functions AND call them later?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!