2

I am making a Ruby On Rails application and I am attempting to use the Google Plus API's for user sign in. To do this I am using Signet an OAuth helper library. I am looking at this code as an example of Signet with Google APIs.

Here is my code:

require "signet/oauth_2/client"
require "google/api_client"


oathClient = Signet::OAuth2::Client.new(
  :authorization_uri => "https://accounts.google.com/o/oauth2/auth",
  :token_credential_uri => "https://accounts.google.com/o/oauth2/token",
  :client_id => Rails.application.secrets.gapi_client_id,
  :client_secret => Rails.application.secrets.gapi_client_secret,
  :redirect_uri => Rails.application.secrets.gapi_redirect_uri,
  :scope => "https://www.googleapis.com/auth/plus.login")

gapi_client = Google::APIClient.new(
  :application_name => "Branches",
  :application_version => "0.0.1")

oathClient.code = request.body.read
oathClient.fetch_access_token!#Error on this line
gapi_client.authorization = oathClient

An error occurs on the second to last line:

oathClient.fetch_access_token!

This is the error:

SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed

I have done some research and it seams like this is caused by the lack of certificate information. However none of the solution's shown address this issue when dealing with Signet.



OS: Windows 8 x64
RoR version: 4.1.1
Signet Version: 0.5.1
Google API Client Version: 0.6.2

Noah Huppert
  • 4,028
  • 6
  • 36
  • 58
  • Possible duplicate of [How to solve "certificate verify failed" on Windows?](http://stackoverflow.com/questions/5720484/how-to-solve-certificate-verify-failed-on-windows). – jww Jul 25 '14 at 03:49
  • @jww Sounds like the same problem, however, 1st answer is for facebook not g+, and the 2nd is if you used the rails installer. – Noah Huppert Jul 25 '14 at 03:53
  • Forgive my ignorance... do you fetch data from `accounts.google.com` or `googleapis.com`? Or both? – jww Jul 25 '14 at 03:57
  • @jww `acounts.google.com`, `googleapis.com` is used for the scope – Noah Huppert Jul 25 '14 at 03:59
  • 1
    So you don't fetch data from `googleapis.com`? Anyway, you have a trust problem. Go to pki.google.com and download [Google Internet Authority G2](https://pki.google.com/). Trust it, and your problems should be solved. That's essentially what the three answers in the duplicate tried to get you to do. – jww Jul 25 '14 at 04:02
  • @jww not 100% sure about that – Noah Huppert Jul 25 '14 at 04:04
  • @jww That didn't work – Noah Huppert Jul 27 '14 at 23:19
  • Please update your question to show the code changes that include use of Google's CA. – jww Jul 28 '14 at 00:12

1 Answers1

0

Looks related to https://github.com/googleapis/google-api-ruby-client/issues/235, where the solutions were:

  1. update openssl
  2. if you're using a custom .pem file, set it with: export SSL_CERT_FILE=/path/to/custom/certificate/authority.pem
Sean
  • 2,315
  • 20
  • 25