search

PRX / cms.prx.org

CMS API for PRX
https://cms.prx.org
GNU Affero General Public License v3.0
4 stars 2 forks source link

Fix SSL support for Podcast Import #600

Closed cavis closed 1 year ago

cavis commented 2 years ago

For some feed urls (such as https://rss.wbur.org/foodtalk/podcast) - our Excon version is failing to verify the cert:

Faraday::SSLError: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (OpenSSL::SSL::SSLError) Unable to verify certificate. This may be an issue with the remote host or with Excon. Excon has certificates bundled, but these can be customized:

            `Excon.defaults[:ssl_ca_path] = path_to_certs`
            `ENV['SSL_CERT_DIR'] = path_to_certs`
            `Excon.defaults[:ssl_ca_file] = path_to_file`
            `ENV['SSL_CERT_FILE'] = path_to_file`
            `Excon.defaults[:ssl_verify_callback] = callback`
                (see OpenSSL::SSL::SSLContext#verify_callback)
or:
            `Excon.defaults[:ssl_verify_peer] = false` (less secure).

Should upgrade excon, or at least the certs.

kookster commented 2 years ago

excon is a dependency of fog, so likely would have to upgraded as well, or swapped for aws libs