OpenSSL::SSL::SSLError

[errinlarsen]

I realize this is a very new gem. Thanks for your work!

I've been spiking recently on integrating Viewpoint into my app and I recently decided I'd like to integrate use of Exchange's Autodiscovery so my user's wouldn't need to know their EWS endpoints.

That being said, I experienced the following while playing with this gem:

client = Autodiscover::Client.new(email: user.email, password: user.password)
#=> #<Autodiscover::Client:0x007ff4c8413768 ...<details snipped>...>

data = client.autodiscover
#=> OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
#   from /Code/ews_poc/vendor/bundle/gems/httpclient-2.6.0.1/lib/httpclient/session.rb:307:in `connect'

I haven't had to deal with server certificates at all while playing with your `WinRb/Viewpoint' gem, so I thought this might be a "new gem; version 0.1.0; all-of-the-things don't work yet!" kinda thing.

On a whim, I did the following:

pox_request = Autodiscover::PoxRequest.new(client)
# => #<Autodiscover::PoxRequest:0x007ff4c4af9b80 ...<details snipped>...>

pox_request.send(:request_body)
#=> "<?xml version=\"1.0\"?>\n<Autodiscover xmlns=\"http://schemas.microsoft.com/exchange/autodiscover/outlook/requestschema/2006\">\n  <Request>\n    <EMailAddress>holleyb@advisory.com</EMailAddress>\n    <AcceptableResponseSchema>http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a</AcceptableResponseSchema>\n  </Request>\n</Autodiscover>\n"

pox_request.send(:available_urls).to_a
#=> ["https://advisory.com/autodiscover/autodiscover.xml", "https://autodiscover.advisory.com/autodiscover/autodiscover.xml", nil]

pox_request.instance_variable_get(:@formatted_urls)
#=> ["https://users_domain.com/autodiscover/autodiscover.xml", "https://autodiscover.users_domain.com/autodiscover/autodiscover.xml"]

pox_request.instance_variable_get(:@formatted_urls).each { |url| url.gsub!(/https/, 'http') }
=> ["http://users_domain.com/autodiscover/autodiscover.xml", "http://autodiscover.users_domain.com/autodiscover/autodiscover.xml"]

response = pox_request.autodiscover
#=> #<Autodiscover::PoxResponse:0x007ff4caaca488 ...<details snipped>...>

response.ews_url
#=> "https://mail.users_domain.com/ews/exchange.asmx"

Should I expect that I need to deal with server certificates? Is the gem supposed to handle this sort of thing but it just isn't handled yet?

[zenchild]

The reason you are seeing the SSL error is because the https domains that are being tried with Autodiscover have invalid certs for their domain. In the case of advisory.com the cert is only valid for www.advisory.com and autodiscover.advisory.com has a cert for mail.advisory.com. My point being is that this is a misconfiguration for autodiscover. I can add an option to ignore SSL errors but in the meantime you can do one of the following:

1. Keep those hosts from resolving to an actual web server so autodiscover fails and moves on to the non-https hosts.
2. Get valid certificates for those hosts
3. Turn off SSL verification, knowing that this basically removes any point to SSL.
   • client.http.ssl_config.verify_mode = OpenSSL::SSL::VERIFY_NONE

[errinlarsen]

Awesome answer, thanks! :+1:

This is the information I was looking for. Should I go ahead an close this for you? Or would you prefer to handle that yourself?

[zenchild]

Leave it open for now. I'll add an option to ignore SSL in the initialization or something and log it to this ticket.