sslv3 alert unexpected message when using soap4r

Question

I am working against the level3 SOAP API. Everything was working wonderfully until recently when OpenSSL was updated.

Here is the full output of the error message:

OpenSSL::SSL::SSLError (SSL_connect returned=1 errno=0 state=SSLv2/v3 read server hello A: sslv3 alert unexpected message):
  httpclient (2.1.5.2) lib/httpclient/session.rb:247:in `connect'
  httpclient (2.1.5.2) lib/httpclient/session.rb:247:in `ssl_connect'
  httpclient (2.1.5.2) lib/httpclient/session.rb:639:in `connect'
  httpclient (2.1.5.2) lib/httpclient/timeout.rb:128:in `timeout'
  httpclient (2.1.5.2) lib/httpclient/session.rb:631:in `connect'
  httpclient (2.1.5.2) lib/httpclient/session.rb:522:in `query'
  httpclient (2.1.5.2) lib/httpclient/session.rb:147:in `query'
  httpclient (2.1.5.2) lib/httpclient.rb:953:in `do_get_block'
  httpclient (2.1.5.2) lib/httpclient.rb:765:in `do_request'
  httpclient (2.1.5.2) lib/httpclient.rb:848:in `protect_keep_alive_disconnected'
  httpclient (2.1.5.2) lib/httpclient.rb:764:in `do_request'
  httpclient (2.1.5.2) lib/httpclient.rb:666:in `request'
  httpclient (2.1.5.2) lib/httpclient.rb:596:in `post'
  /Users/glanotte/.rvm/gems/ruby-1.8.7-p302/gems/soap4r-1.5.8/lib/soap/streamHandler.rb:238:in `send_post'
  /Users/glanotte/.rvm/gems/ruby-1.8.7-p302/gems/soap4r-1.5.8/lib/soap/streamHandler.rb:172:in `send'
  /Users/glanotte/.rvm/gems/ruby-1.8.7-p302/gems/soap4r-1.5.8/lib/soap/rpc/proxy.rb:179:in `route'
  /Users/glanotte/.rvm/gems/ruby-1.8.7-p302/gems/soap4r-1.5.8/lib/soap/rpc/proxy.rb:143:in `call'
  /Users/glanotte/.rvm/gems/ruby-1.8.7-p302/gems/soap4r-1.5.8/lib/soap/rpc/driver.rb:181:in `call'
    (eval):6:in `validateSLServiceAvailability'

The error is very similar to the error reported here:

http://dev.ctor.org/http-access2/ticket/223

the solution that the person who opened the above was "I fixed this by passing in SSL::OP_NO_TICKET as an option to SSLConfig." I have tried to do this by:

object = WsdlToRubyPortType.new
object.options['client.protocol.http.ssl_config.options'] = OpenSSL::SSL::OP_NO_TICKET

I have tried the following as well:

object.options['client.protocol.http.ssl_config.options'] = "OpenSSL::SSL::OP_NO_TICKET"
object.options['client.protocol.http.ssl_config.options'] = "SSL::OP_NO_TICKET"

The results are identical and the error message persists. I have tried adding a line to the soap/property file but it is not recognized as a valid option by the httpconfigloader.

Any help would be greatly appreciated, I am completely stuck. I feel the answer is obvious but cannot see it.

Answer 1

Just a guess: you may need to first specify OP_ALL then OR in the OP_NO_TICKET bit:

object = WsdlToRubyPortType.new
object.options['client.protocol.http.ssl_config.options'] = OpenSSL::SSL::OP_ALL
object.options['client.protocol.http.ssl_config.options'] |= OpenSSL::SSL::OP_NO_TICKET

Haven't tested this.

Answer 2

You would need to set the config on the HTTP instance:

http = HTTPClient.new
http.ssl_config.options = OpenSSL::SSL::OP_NO_TICKET

Answer 3

It seems that with the latest gem, this is how the option can be set:

jira.driver.options["protocol.http.ssl_config.options"] = OpenSSL::SSL::OP_NO_TICKET

where "jira" is an instance of a JiraTool class.

Answer 4

We ended up dropping soap4r, it is severely out of date. Switching libraries, while not ideal, solved the problem. For anyone running into issues similar to this, I recommend switching to savon. It was actually easier than I thought it would be