All geek questions in one place

Unable to install any ruby ​​stones on Mac OS - SSL_connect error

My environment is Mac OS 10.10.5, ruby ​​version 2.2.4 (or 2.2.2 or 2.2.0) gem (after updating) is 2.6.7, rvm version is version 1.27.0.

It has some duplicates even in the last few days, but this is more information than I can add a comment.

When installing any stones on any version of ruby, I get the following:

$ gem install bundler
ERROR:  Could not find a valid gem 'bundler' (>= 0), here is why:
          Unable to download data from https://rubygems.org/ - SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (https://api.rubygems.org/specs.4.8.gz)

There is a lot of information about this, especially for problems on Windows. For the proposed solution, see http://guides.rubygems.org/ssl-certificate-update/ . I follow this, but I keep getting the same error.

The problem is getting the GlobalSignRootCA.pem file in the appropriate place, which is not entirely clear. The link above explains how to find the appropriate ssl_certs directory, of which 2 are on my system but do not work.

I forgot where I found out the following:

$ ruby -ropenssl -e 'puts OpenSSL::X509::DEFAULT_CERT_DIR'
/etc/openssl/certs
$ ruby -ropenssl -e 'puts OpenSSL::X509::DEFAULT_CERT_FILE'
/etc/openssl/cert.pem

which might give a hint, but adding a .pem file to the latter or copying to the former has no effect.

When I reinstall openssl (homebrew), it helps me:

A CA file has been bootstrapped using certificates from the system
keychain. To add additional certificates, place .pem files in
  /usr/local/etc/openssl/certs

and run
  /usr/local/opt/openssl/bin/c_rehash

but it also does not solve the problem.

From another SO question:

rvm osx-ssl-certs update all

does not work. Doesn't:

security find-certificate -a -p /Library/Keychains/System.keychain > "$cert_file"
security find-certificate -a -p /System/Library/Keychains/SystemRootCertificates.keychain >> "$cert_file"

Does anyone know how to get an idea of ​​what Rubygems expects here? Where does he want this file or is it even the file he wants? Should I import a .pem file into the OSX keychain? How to do it?

gem ? rubygems , , .

-

- , : https://rubygems.org/gems/[package name] - . gem install --local [downloaded gem file]. .

:

# start by adding insecure source for --explain - thanks to @tnum
gem source -a http://rubygems.org/
while read x 
do
wget https://rubygems.org/downloads/$x.gem
gem install --local $x.gem 
rm $x.gem
done < <(gem install --explain [package name] | grep "^  ")
# remove insecure source
gem source -r http://rubygems.org/

grep- , - . , wget https:// , ssl rubygems.

+4
3

, "" - cd rails

gem source -a http://rubygems.org/

"gem install..." http-, https. , .

gemfile

source 'https://rubygems.org'

to

source 'http://rubygems.org'
0

https://rvm.io/support/fixing-broken-ssl-certificates :

rvm osx-ssl-certs update all
+5

@tnum , , .

ruby ​​2.3.1 . , , :

ruby -ropenssl -e 'puts OpenSSL::X509::DEFAULT_CERT_FILE'

two answers appear. For 2.2.4 it seems to use its own directory /etc/openssl/, but for 2.3.1 it uses openssl version -dthat on my computer /etc/local/etc/openssl/.

I copied the cert.pem file from last to first, and now gem runs on ruby ​​2.2.4.

There are so many options where these certificates can be located, this is too confusing.

0
source

Source: https://habr.com/ru/post/1657659/

More articles:


All Articles