Rails 2.3.x & Koala & Facebook: certificate verify failed

Question

I'm trying to get Facebook Graph API to work in Rails 2.3.5 using Koala. All works fine in my dev environment (Mac) but fails in production (Ubuntu 8.04.1).

Test code:

cookies = {"__utma"=>"158657023.1470934917.1315425280.1317394623.1317406089.55", "28aac256bbbe09dcae1eb7086ae1c326"=>"c14d42fcd1a6700aa6198a2ecd7587fa", "fbsetting_28aac256bbbe09dcae1eb7086ae1c326"=>"{\"connectState\":1,\"oneLineStorySetting\":3,\"shortStorySetting\":3,\"inFacebook\":false}", "__utmb"=>"158657023.23.10.1317406089", "28aac256bbbe09dcae1eb7086ae1c326_session_key"=>"c76e09e8124a194e26a9c1e9.1-635077092", "28aac256bbbe09dcae1eb7086ae1c326_user"=>"635077092", "__utmc"=>"158657023", "28aac256bbbe09dcae1eb7086ae1c326_expires"=>"0", "__utmz"=>"158657023.1317406089.55.52.utmcsr=angel.co|utmccn=(referral)|utmcmd=referral|utmcct=/thingspotter", "fbs_265881436784759"=>"\"access_token=AAADx0ViXiHcBAFMuyXsGRdZB4GmmHyZBQl9h7Ymqi6z0kk3ko5jRJGmdWZCdJQm7dWg2nCyraaZCJuJ6iurPxDHL6bZCMzosZD&expires=0&secret=815a69d93434d26034ada92bb2e80ae9&session_key=858594415a361e318af23dd1.1-635077092&sig=55f7e932f8e68a7dad6ae35af1877b45&uid=635077092\"", "_DefaultAppFacebook_session"=>"BAh7CToPc2Vzc2lvbl9pZCIlYzZjZGU5ZmJlNGU0NTM2ZjExNmQ1ZGQ5ZTc3ZjhiZDUiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhhc2h7AAY6CkB1c2VkewA6EF9jc3JmX3Rva2VuIjFnZllGbGFVK0hMdVdZcDZaZjhJY3VJWVlZY2dEakc4VCtpM0dWTktSbFFRPSILbGF5b3V0IgxkZXNrdG9w--195b2d14ce7593502ec6d161906ceb0c38ed4219", "28aac256bbbe09dcae1eb7086ae1c326_ss"=>"0854c086618a5e075e2d9a866ce03f82"}
@facebook_cookies = Koala::Facebook::OAuth.new.get_user_info_from_cookie(cookies)
oauth_access_token = @facebook_cookies["access_token"]
graph = Koala::Facebook::GraphAPI.new(oauth_access_token)
fb_user = graph.get_object('me')

Produces the error message:

OpenSSL::SSL::SSLError: certificate verify failed
    from /usr/lib/ruby/1.8/net/http.rb:586:in `connect'
    from /usr/lib/ruby/1.8/net/http.rb:586:in `connect'
    from /usr/lib/ruby/1.8/net/http.rb:553:in `do_start'
    from /usr/lib/ruby/1.8/net/http.rb:542:in `start'
    from /usr/lib/ruby/1.8/net/http.rb:1035:in `request'
    from /usr/lib/ruby/1.8/net/http.rb:772:in `get'
    from /usr/lib/ruby/gems/1.8/gems/faraday-0.7.4/lib/faraday/adapter/net_http.rb:49:in `call'
    from /usr/lib/ruby/gems/1.8/gems/faraday-0.7.4/lib/faraday/request/url_encoded.rb:14:in `call'
    from /usr/lib/ruby/gems/1.8/gems/faraday-0.7.4/lib/faraday/request/multipart.rb:13:in `call'
    from /usr/lib/ruby/gems/1.8/gems/faraday-0.7.4/lib/faraday/connection.rb:203:in `run_request'
    from /usr/lib/ruby/gems/1.8/gems/faraday-0.7.4/lib/faraday/connection.rb:85:in `get'
    from /usr/lib/ruby/gems/1.8/gems/koala-1.2.0/lib/koala/http_service.rb:49:in `send'
    from /usr/lib/ruby/gems/1.8/gems/koala-1.2.0/lib/koala/http_service.rb:49:in `make_request'
    from /usr/lib/ruby/gems/1.8/gems/koala-1.2.0/lib/koala.rb:131:in `make_request'
    from /usr/lib/ruby/gems/1.8/gems/koala-1.2.0/lib/koala.rb:57:in `api'
    from /usr/lib/ruby/gems/1.8/gems/koala-1.2.0/lib/koala/graph_api.rb:215:in `graph_call'
    from /usr/lib/ruby/gems/1.8/gems/koala-1.2.0/lib/koala/graph_api.rb:36:in `get_object'

It's obviously something related to SSL certificates, so I've tried to configure Koala:

Koala.http_service.http_options = {
  :ssl => {
    :ca_file => '/etc/ssl/certs',
    :verify_mode => OpenSSL::SSL::VERIFY_PEER,
    :verify => true
  }
}

...and also download http://curl.haxx.se/ca/cacert.pem to the /etc/ssl/certs folder. Does not make any visible difference though.

Relevant gems are:

faraday (0.7.4)
koala (1.2.0)
rails (2.3.5)
ruby 1.8.6 (2007-09-24 patchlevel 111) [i486-linux]

I've found related SO posts but no perfect match.

Answer 1

I had the same problem with Rails 3.2, Ruby 1.9.3, Ubuntu 11.10

TenJack's answer worked except the cert file is now ca-certificates.crt , so:

Koala::HTTPService.http_options[:ssl] = {:ca_file => '/etc/ssl/certs/ca-certificates.crt'}

Answer 2

I found the solution while browsing (taken verbatim):

Tweek for ssl error (when connecting to facebook using koala gem) in Ubuntu: Open the file ".rvm/gems/ruby-1.9.2-p136/gems/koala-1.0.0/lib/koala/http_services.rb" Add the following lines around line 60:

http = create_http(server(options), private_request, options)
http.use_ssl = true if private_request
http.verify_mode = OpenSSL ::SSL::VERIFY_PEER
http.ca_path = '/etc/ssl/certs' if File.exists?('/etc/ssl/certs') # Ubuntu
http.ca_file = '/opt/local/share/curl/curl-ca-bundle.crt' if File.exists?    ('/opt/local/share/curl/curl-ca-bundle.crt') # Mac OS X 

(Reference article : http://martinottenwaelter.fr/2010/12/ruby19-and-the-ssl-error/)

If the certificate still seems missing (error doesnt go away) add this certificate : http://curl.haxx.se/ca/cacert.pem to the /etc/ssl/certs folder with the file name as cacert.pem.

Answer 3

I had the exact same problem (Rails 2.3.8, Ruby 1.8.7, Ubuntu 8.04), the only way I could get it to work was to specify the exact path of the ca-bundle.crt file (http://certifie.com/ca-bundle/ca-bundle.crt.txt):

Koala::HTTPService.http_options[:ssl] = {:ca_file => '/etc/ssl/certs/ca-bundle.crt'}