9

I'm developing rails app with social authorization. Facebook and Twitter logins works fine, but something strange is going with Google...

My initializer for google:

  provider :google_oauth2, OAUTH_CONFIG[:google_api_key], OAUTH_CONFIG[:google_api_secret], {
    :access_type => 'offline',
    :prompt => 'consent',
    :scope => 'userinfo.email, userinfo.profile, youtube.readonly'
  }

My error, which I see when click login with Google:

Faraday::Error::ConnectionFailed
SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
/Users/bmalets/.rvm/rubies/ruby-2.1.4/lib/ruby/2.1.0/net/http.rb:920:in `connect'
/Users/bmalets/.rvm/rubies/ruby-2.1.4/lib/ruby/2.1.0/net/http.rb:920:in `block in connect'
/Users/bmalets/.rvm/rubies/ruby-2.1.4/lib/ruby/2.1.0/timeout.rb:76:in `timeout'
/Users/bmalets/.rvm/rubies/ruby-2.1.4/lib/ruby/2.1.0/net/http.rb:920:in `connect'
/Users/bmalets/.rvm/rubies/ruby-2.1.4/lib/ruby/2.1.0/net/http.rb:863:in `do_start'
/Users/bmalets/.rvm/rubies/ruby-2.1.4/lib/ruby/2.1.0/net/http.rb:852:in `start'
/Users/bmalets/.rvm/rubies/ruby-2.1.4/lib/ruby/2.1.0/net/http.rb:1369:in `request'
faraday (0.8.8) lib/faraday/adapter/net_http.rb:75:in `perform_request'
faraday (0.8.8) lib/faraday/adapter/net_http.rb:38:in `call'
faraday (0.8.8) lib/faraday/request/url_encoded.rb:14:in `call'
faraday (0.8.8) lib/faraday/connection.rb:253:in `run_request'
oauth2 (0.8.1) lib/oauth2/client.rb:88:in `request'
oauth2 (0.8.1) lib/oauth2/client.rb:131:in `get_token'
oauth2 (0.8.1) lib/oauth2/strategy/auth_code.rb:29:in `get_token'

What is wrong with SSL certificates? Please, help

In google search results I see many similar answers - update 'openssl' library, reinstall ruby, rvm, update gemsets, bla-bla and many others... I have tried everithing, nothing helps me.

Environment: rails 4.1.6, ruby 2.1.4, OS_X Yosemite

bmalets
  • 3,207
  • 7
  • 35
  • 64

3 Answers3

7

I add to my app initialize this not beautiful spike:

if Rails.env.development? 
  OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE 
end

Now login works in development mode.

bmalets
  • 3,207
  • 7
  • 35
  • 64
5

Another answer says to disable OpenSSL's VERIFY_PEER option which means your app is not validating the certificate and you cannot verify you are connecting to Google when you make queries. This is a huge security risk and you should never do this.

There is an issue on the GitHub repo for google-api-ruby-client (https://github.com/google/google-api-ruby-client/issues/253) for the problem you've described. The current workaround is to add this to your application:

ENV['SSL_CERT_FILE'] = Gem.loaded_specs['google-api-client'].full_gem_path+'/lib/cacerts.pem'

For a Rails app, you would add this as a line in config/application.rb.

anothermh
  • 9,815
  • 3
  • 33
  • 52
  • when I add the line above to my config file my Rails app my local server fails to start up. Can you provide any more detail on implementation? – tylerSF Oct 31 '15 at 23:46
  • I'm guessing that you don't have the gem 'google-api-client' installed which provides the certificate file that fixes it, you can also point your SSL_CERT_FILE to a different cacerts.pem file if you don't have/want this gem. The details of implementation and why it's a problem that can be fixed are at the github issue, I thought you were using this gem but you apparently are not. – anothermh Nov 01 '15 at 22:41
0

In short, you should do following things:

rvm remove 2.1.4
rvm install 2.1.4 --disable-binary

Here is complete solution with description: https://toadle.me/2015/04/16/fixing-failing-ssl-verification-with-rvm.html

Voldemar Duletskiy
  • 981
  • 1
  • 11
  • 30