6

I'm struggling to get the Savon gem to connect to one of our servers. I keep getting an error stating I can't get past the ssl. I've read numerous tutorials and fixes but none seem to work.

Any help appreciated - this will make my Monday if I can get past it :-).

Error:

D, [2011-06-20T09:43:02.002993 #10328] DEBUG -- : Retrieving WSDL from: http://path_to_wsdl:4443/sm/services/mailing/2009/03/02?wsdl
D, [2011-06-20T09:43:02.129057 #10328] DEBUG -- : HTTPI executes HTTP GET using the httpclient adapter
/.rvm/gems/ruby-1.9.2-p0/gems/httpclient-2.2.1/lib/httpclient/session.rb:276:in `connect': SSL_connect returned=1 errno=0 state=SSLv2/v3 read server hello A: sslv3 alert unexpected message (OpenSSL::SSL::SSLError)

My code:

require 'savon'

client = Savon::Client.new "path_to_my_wsdl"

client.http.auth.ssl.cert_file = "path/cert.pem"

client.http.auth.ssl.cert_key_file = "/path/localhost.key"
client.http.auth.ssl.verify_mode = :none

client.wsse.credentials "username", "password"

client.wsdl.soap_actions
rubiii
  • 6,903
  • 2
  • 38
  • 51
Northband
  • 433
  • 1
  • 6
  • 11
  • 2
    Are you certain SSL is running on port 4433? – President James K. Polk Jun 20 '11 at 13:49
  • As far as I know - when I access the wsdl file its under https - if I do it via browser it flags it as a self signed certificate. I'm wondering why/how the verify_mode = :none isn't kicking in. – Northband Jun 20 '11 at 14:40
  • which version of the httpi gem are you using? – rubiii Jun 20 '11 at 16:59
  • Was running httpi (0.9.3) but now updated to 0.9.4. Same output though. :-( – Northband Jun 20 '11 at 17:25
  • not sure if that's the problem, but it seems that if verify_mode is set to :none, [both cert and key are not set](https://github.com/rubiii/httpi/blob/v0.9.4/lib/httpi/adapter/httpclient.rb#L84)?! you could try to remove the unless statement. – rubiii Jun 20 '11 at 17:31
  • Yeah - I may have this butchered... Problem is I don't know what settings are required: request.auth.ssl.cert_key_file = "client_key.pem" request.auth.ssl.cert_file = "client_cert.pem" request.auth.ssl.ca_cert_file = "ca_cert.pem" On my other API calls, that I don't use httpi on, I simply set ":ssl_verify_mode => OpenSSL::SSL::VERIFY_NONE" which works fine. Here though some sort of cert is required and I don't quite know how to determine which one. – Northband Jun 20 '11 at 18:36
  • I'm curious if there's any way of just skipping the SSL? Quite frankly I'm wondering if I'm referencing the wrong cert/key. To avoid this would be easiest to skip over the SSL. – Northband Jun 20 '11 at 18:54
  • Trying this to get SSL to work over HTTPI: https://gist.github.com/0de6e2b3c5027699a211 – Northband Jun 20 '11 at 19:03
  • Update - SSL works fine on authenticated ssl - the issue I'm having is on self-signed ssl - which leads me to think that the code is fine - its the server I'm connecting to that has the issues. Never-the-less trying to find a workaround. – Northband Jun 20 '11 at 19:22
  • if you can provide access to the service and the ssl certificate, i'll make sure to get this working. please get in touch via (me at rubiii dot com). i don't think so comments are the best way to discuss this. – rubiii Jun 20 '11 at 19:23
  • if it's working fine with a self-signed certificate using httpclient on its own, then it should work through httpi. if it doesn't and the self-signed certificate seems to be the problem, then i don't know if i can help. – rubiii Jun 20 '11 at 19:29
  • Rubii - you've been great help and are kind. I don't think its your code. I think this is a server/host issue. I've been connecting to just about every other server on the planet - but this one in particular. Very strange. I'm going to contact the owner to see what's up. Otherwise I may take you up on your offer. Kind Regard - Adam O – Northband Jun 20 '11 at 20:04
  • thanks for the help - ended up being a host issue on the target box :-). Thanks again! – Northband Jun 28 '11 at 16:41

3 Answers3

3

Savon 2.x support ssl global option:

Savon.client(ssl_verify_mode: :none)

and

Savon.client(ssl_version: :SSLv3)
Luca Arcara
  • 46
  • 1
  • 3
1

Not sure if you did this already, but when I had to use Savon for a project I found it incredibly useful to make sure the Soap server was working as I thought it should with SoapUI (http://www.eviware.com/). You can then output the SOAP request from the two and compare..

CambridgeMike
  • 4,562
  • 1
  • 28
  • 37
0

There is a bug in Ruby's net/http handling of the SSL handshake.

Try forcing the SSL version to get around the bug:

client.http.auth.ssl.sock.ssl_version="SSLv3"
ihoka
  • 147
  • 8