Specify SSL Version in ruby 1.9.3 breaks ruby 1.8.7

crafters / cielo

Gem para integração com os WebServices da Cielo

www.crafters.com.br

MIT License

85 stars 52 forks source link

Specify SSL Version in ruby 1.9.3 breaks ruby 1.8.7 #4

Closed fnmunhoz closed 10 years ago

fnmunhoz commented 12 years ago

Looks like ruby 1.9.3 is specifying SSL version to SSLv23 by default. It is supposed to allow connections to both SSLv2 and SSLv3 servers, but cielo servers are strict to SSLv3 only.

When I try :

$ openssl s_client -connect ecommerce.cbmp.com.br:443 -ssl2

I get one error. And when I try

$ openssl s_client -connect ecommerce.cbmp.com.br:443 -ssl3

It works.

The solution for ruby 1.9.3 is set the SSL version to SSLv3 like that:

http = Net::HTTP.new("qasecommerce.cielo.com.br", 443)
http.use_ssl = true
http.ssl_version = 'SSLv3'

The problem is Net::HTTP for ruby 1.8.7 don't have the ssl_version method.

The only way that I figured out is verify by the ssl_version method like that

http = Net::HTTP.new("qasecommerce.cielo.com.br", 443)
http.use_ssl = true
http.ssl_version = 'SSLv3' if http.respond_to? :ssl_version

But it looks like a poor implementation.

What you think? Can think in a better solution?

felipero commented 12 years ago

Sounds a good solution, but I'm not sure what it is solving. I use this gem with Ruby 1.9.3 and no problem with that. What is the error you're getting on what environment?

fnmunhoz commented 12 years ago

It could be the enviroment.

I'm running the application on a VirtualBox VM with Ubuntu 12.04 64 bits (using vagrant actually).

The error is:

OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errno=0 state=unknown state
from /opt/ruby/lib/ruby/1.9.1/net/http.rb:799:in `connect'

It looks like a timeout

In your environment you are able to run the openssl commands?

$ openssl s_client -connect ecommerce.cbmp.com.br:443 -ssl2

$ openssl s_client -connect ecommerce.cbmp.com.br:443 -ssl3

What responses you get?

felipero commented 12 years ago

I run the openssl commands and got an error for -ssl2.

Maybe it is related to how ruby was compiled with openssl support or maybe something about versions. Anyway, if setting the ssl version makes it work, let's add that to the code. I think this is a good enough solution. Could you add some specs and do a pull request?

Thanks

fnmunhoz commented 12 years ago

It could also be my own compiled ruby version.

https://github.com/fnmunhoz/compiled-packages/blob/master/recipes/ruby/Rakefile

The compiled package is available here

https://code.google.com/p/ruby-packages-ubuntu-precise/downloads/detail?name=ruby_1.9.3-p194-2_amd64.deb

fnmunhoz commented 12 years ago

Yes, I'll work on the pull request, thanks!