0

on a fresh install of an old windows ruby binary, I have an error that I dont know how to get around

environment:

  • windows 10
  • ruby 2.3.3p222 (2016-11-21 revision 56859) [i386-mingw32] (32 bit version)
  • devkit - DevKit-mingw64-32-4.7.2-20130224-1151-sfx
PS C:\Users\ALilland> gem install bundler --verbose
HEAD http://api.rubygems.org/api/v1/dependencies
200 OK
GET http://api.rubygems.org/api/v1/dependencies?gems=bundler
301 Moved Permanently
ERROR:  While executing gem ... (Gem::RemoteFetcher::FetchError)
    SSL_connect returned=1 errno=0 state=error: certificate verify failed (https://api.rubygems.org/api/v1/dependencies)

I've been using this ruby version for almost 8 years and have never seen this issue while installing, any ideas on how to get around it?

i've messed with the proxy settings on the machine and i do not currently believe that is the issue

on my mac I have an old ruby 2.4.1 install with rvm, and I can see that it resolves successfully to a different URI

$ gem install bundler -v 2.3.26 --verbose
HEAD https://rubygems.org/api/v1/dependencies
200 OK
GET https://rubygems.org/api/v1/dependencies?gems=bundler
200 OK
Downloading gem bundler-2.3.26.gem
GET https://rubygems.org/gems/bundler-2.3.26.gem
Fetching bundler-2.3.26.gem
200 OK
...
alilland
  • 2,039
  • 1
  • 21
  • 42

1 Answers1

0

The problem is that the SSL certificates can't be verified. This is explained in detail in the Bundler documentation:

Why am I seeing certificate verify failed?

If you’ve seen the following SSL error when trying to pull updates from RubyGems: OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed

This error happens when your computer is missing a file that it needs to verify that the server behind RubyGems.org is the correct one.

The latest version of RubyGems should fix this problem, so we recommend updating to the current version. To tell RubyGems to update itself to the latest version, run gem update --system. If that doesn’t work, try the manual update process below.

(What do we mean by updating “should fix this problem”? Review the What are these certificates? and How Ruby uses CA certificates sections below to gain a better understanding of the underlying problems.)

How Ruby uses CA certificates

The SSL certificate used by RubyGems.org descends from a new-ish root certificate. Ruby (and therefore RubyGems and Bundler) does not have a regularly updated CA bundle to use when contacting websites. Usually, Ruby uses a CA bundle provided by the operating system (OS). On older OSes, this CA bundle can be really old—as in a decade old. Since a CA bundle that old can’t verify the (new-ish) certificate for RubyGems.org, you might see the error in question: certificate verify failed.

Further complicating things, an otherwise unrelated change 18-24 months ago lead to a new SSL certificate being issued for RubyGems.org. This meant the “root” certificate that needed to verify connections changed. So even if you’d previously upgraded RubyGems/Bundler in order to fix the SSL problem, you would need to upgrade again—this time to an even newer version with even newer certificates.

There are advanced troubleshooting steps available in the documentation that I'm not going to replicate here as they are subject to change and you should always reference the latest instructions.

I can say very broadly though that:

  1. You are using a version of Ruby that is end-of-life and will not receive further updates, including security updates
  2. You are using a version of Ruby that possibly cannot be made to work even with the troubleshooting steps
  3. The safest solution is likely to upgrade to a modern version of Ruby

If you cannot get any of the above steps to work then consider using :ssl_verify_mode: 0 in .gemrc. This should be a last-resort measure as it completely disables SSL certificate validation.

anothermh
  • 9,815
  • 3
  • 33
  • 52