5

When trying to send the push notification from my rails application I'm getting this. I made sure the device token and .pem file are valid with the command

openssl s_client -connect gateway.sandbox.push.apple.com:2195 -cert aps_development.pem -key aps_development.pem

OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3 read finished A: tlsv1 alert internal error
    from /Library/Ruby/Gems/2.0.0/gems/houston-2.2.3/lib/houston/connection.rb:44:in `connect'
    from /Library/Ruby/Gems/2.0.0/gems/houston-2.2.3/lib/houston/connection.rb:44:in `open'
    from /Library/Ruby/Gems/2.0.0/gems/houston-2.2.3/lib/houston/connection.rb:19:in `open'
    from /Library/Ruby/Gems/2.0.0/gems/houston-2.2.3/lib/houston/client.rb:40:in `push'

This error message is incredibly vague, can't figure out what is going on.

blee908
  • 12,165
  • 10
  • 34
  • 41
  • 1
    Related, see [“verify error:num=20” when connecting to gateway.sandbox.push.apple.com](http://stackoverflow.com/a/23351633/608639). Your problem is likely related to the client certificate. How is it the certificate and private key are both named `aps_development.pem`? – jww Nov 19 '16 at 08:50
  • 1
    This solved the issue if I were to use open openssl via the command line, but I'm using a gem (Houston) that uses openssl and the problem still persists. Any ideas? – blee908 Nov 19 '16 at 10:41
  • Sorry, I don't know about Ruby. I gave up on it a long time ago. Its too difficult to do simple security related tasks, like set protocol version to TLS 1.0 or set a server name for SNI. Can you verify your Gem is using TLS 1.0 or above, it is using Server Nam Indication (SNI), and it is using the client certificate? Wireshark will be able to tell because they are available in the `ClientHello`, before the encryption kicks in. – jww Nov 19 '16 at 10:47
  • Here ar some related questions: [How to set TLS context options in Ruby (like OpenSSL::SSL::SSL_OP_NO_SSLv2)](http://stackoverflow.com/q/22550213), [OpenSSL::SSL::SSLContext SNI servername_cb Not Working](http://stackoverflow.com/q/30244745) and [HTTP library for Ruby with HTTPS, SSL Client Certificate and Keep-Alive support?](http://stackoverflow.com/q/18886501) I'm not sure if they apply to both Ruby and Gems; or only Ruby proper. – jww Nov 19 '16 at 11:00
  • 1
    I am running into the same problem. Are you sure your ruby is using the correct version of openssl? Try that to be sure: ```ruby -ropenssl -e 'puts OpenSSL::OPENSSL_VERSION'``` – wrtsprt Mar 07 '17 at 08:28

1 Answers1

3

when you get this error OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3 read finished A: tlsv1 alert internal error it means there is something wrong with your certificate. either certificate has been expired or maybe password.

Just update your Apple Push Notification certificate and you should be good.

Additional Note: openssl commands doesn't tell much about it, if you encounter that you need to add -CApath or -CAfile( or pass that paths to ENV ) that probably be misleading.

Hope this help. I fiddle almost a week to sort this issue.

rubyonrails3
  • 259
  • 2
  • 6