0

I am running Ruby 2.2.5 and RubyGems 2.2.3

I am new to programming and have been learning RubyGems and how to update them. Whenever I try to do anything from the Rubygems servers I get this error :

    ERROR:  Could not find a valid gem 'rspec' (>= 0), here is why:
          Unable to download data from https://rubygems.org/ - SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (https://api.rubygems.org/latest_specs.4.8.gz)

I have noticed that alot of people have had this problem and used the a workaround by turning of the SSL verification.

    require 'openssl'
    OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE

How dangerous is this workaround and how can I turn it back on?

Otelo
  • 3
  • 3
  • 1
    Don't turn it off, just fix the problem http://stackoverflow.com/questions/19150017/ssl-error-when-installing-rubygems-unable-to-pull-data-from-https-rubygems-o – Max Oct 11 '16 at 17:16

2 Answers2

1

The point of using SSL is that you know the code is coming from a trusted source and there isn't someone trying to hack your connection and send you malicious code. While it is probably unlikely that someone is trying to do that to you, why risk it?

There are a number of ways to update your certificates to get rubygems working. A quick google search gives me these 2 links:

For some things in development I would say it's fine to turn off SSL for testing, but for rubygems, you're actually downloading code that you're going to be running on your computer so it would make me uncomfortable to do it, especially when it shouldn't be too hard to fix.

Josh
  • 8,329
  • 4
  • 36
  • 33
  • Thanks for the quick response. I have tried the 2nd link you sent and followed those steps but the link on that page to the new ssl certificate is broken. I tried looking elsewhere for the new certificate but the ones I found seemed to be the same ones I already had in my ssl_certs file. – Otelo Oct 11 '16 at 17:34
  • your first link led me to to look up windows certificate updates and I found a solution. Thank you! – Otelo Oct 11 '16 at 17:57
  • Glad you got it fixed! @Otelo can you post the steps you used to fix your problem. It might help other people in the future. Make sure to include your operating system. – Josh Oct 11 '16 at 18:01
0

From Josh's answer I had already tried using the instructions from: https://gist.github.com/luislavena/f064211759ee0f806c88

but the link to the new trust certificate they provide there is broken. However Josh's first link led me to look up certificate updates for Ruby on Windows and eventually I found this link

How to solve "certificate verify failed" on Windows?

this one fixed my problem. Thanks guys

edit: the only difference is since I have not installed ruby on rails I saved the new certificate under c:\ruby22\cacert.pem

Also, I was previously running rubygems 2.4.something but downgraded to 2.2.3 as per the instructions on https://gist.github.com/luislavena/f064211759ee0f806c88

I wonder if the new certificate would have worked with the 2.4 version of rubygems.

Community
  • 1
  • 1
Otelo
  • 3
  • 3