Ruby on Rails SSL_connect error

Question

I have the following controller- courses-controller.rb:

class CoursesController < ApplicationController
  def index
    @search_term = params[:looking_for] || 'jhu'
    @courses = Coursera.for(@search_term)
  end
end

Following model - coursera.rb:

class Coursera
    include HTTParty

    base_uri 'https://api.coursera.org/api/catalog.v1/courses'
    default_params fields: "smallIcon,shortDescription", q: "search"
    format :json

    def self.for term
        get("", query: { query: term})["elements"]
    end
end

And following view- index.html.erb:

<h1>Searching for - <%= @search_term %></h1>

<table border="1">
    <tr>
        <th>Image</th>
        <th>Name</th>
        <th>Description</th>
    </tr>
    <% @courses.each do |course| %>
    <tr class=<%= cycle('even', 'odd') %>>
        <td><%= image_tag(course["smallIcon"])%></td>
        <td><%= course["name"] %></td>
        <td><%= course["shortDescription"] %></td>
    </tr>
    <% end %>
</table>

But, when I do http://localhost:3000/courses/index, I get the following error:

SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed Application Trace | Framework Trace | Full Trace app/models/coursera.rb:9:in for' app/controllers/courses_controller.rb:4:inindex'

Please tell me what to do. Nothing works!

Try changing get("", query: { query: term})["elements"] to get("", query: { query: term, verify: false})["elements"] — RichardAE, Apr 22 '16 at 15:51

score 0 · Accepted Answer · answered Apr 22 '16 at 15:53

0

It looks like its complaining that there isn't a valid certificate? If thats the case you can tell HTTParty to ignore the invalid cert for now, like this:

class Coursera
    include HTTParty

    default_options.update(verify: false)

...

If that works, then you probably want to figure out why it thinks the cert is invalid.

answered Apr 22 '16 at 15:53

Mike K.

3,751
28
41

Yes, this works! Now, why is the cert invalid? From where could I get a valid cert? – user3591433 Apr 22 '16 at 15:56
So it is a valid cert, I don't know enough about your server based on the information given to say how exactly, but you need to add the godaddy cert authority (the cert issuer) to the store on your server that rails is using. Is this a local VM? – Mike K. Apr 22 '16 at 16:47
Yes, it's a local VM. – user3591433 Apr 22 '16 at 17:06
See this, set HTTParty's cert authority file to your VM's : http://www.rubydoc.info/github/jnunemaker/httparty/HTTParty%2FClassMethods%3Assl_ca_file – Mike K. Apr 22 '16 at 17:23

score 0 · Answer 2 · answered Apr 22 '16 at 17:08

The answer posted by Mike above would work for you since you are ignoring invalid cert.

Well this might be a workaround to get the thing done. But it's not recommended as you cannot take this code to production.

So it's better to ignore that just for the development env.

Just add the following code block to the end of your application.rb and you should be good to go.

if Rails.env.development?
  OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE
end

score 0 · Answer 3 · edited May 23 '17 at 11:58

base_uri 'https://api.coursera.org/api/catalog.v1/courses'
...

The certificate contains the following DNS names:

$ openssl s_client -connect api.coursera.org:443 -tls1 -servername api.coursera.org | \
    openssl x509 -text -noout | grep DNS
...
    DNS:*.coursera.org, DNS:coursera.org

When you connect to https://localhost:3000/..., the certificate must include a DNS name of localhost.

Common Names (CN) don't matter. What matters is the Subject Alternate Names (SAN), and they must include all DNS names you user to contact the server.

Also see the following on creating well formed, SSL certificates:

Ruby on Rails SSL_connect error

3 Answers3