Closed dynaum closed 12 years ago
You can now configure the ca_path
when configuring OmniAuth:
Rails.application.config.middleware.use OmniAuth::Builder do
provider :cas, :host => 'cas.yourdomain.com', :ssl => true, :ca_path => '/etc/ssl/certs'
end
Let me know how this work for you. Thanks for the contribution!
I used this reference: http://stackoverflow.com/a/5618072
On OSX, I use curl-ca-bundle.crt file which should be specified with http.ca_cert_file = "/opt/local/share/curl/curl-ca-bundle.crt". It would be great if this was supported as well. See: http://stackoverflow.com/questions/4528101/ssl-connect-returned-1-errno-0-state-sslv3-read-server-certificate-b-certificat
Maybe a generic http_options
would be the better solution.
Its generally been my experience with other omniauth gems to specify it as follows: {client_options: {ssl: {ca_file: '/opt/local/share/curl/curl-ca-bundle.crt'}}}.
However, I also came across this article which solved the problem for me: http://railsapps.github.io/openssl-certificate-verify-failed.html
@synth In my experience, if an OmniAuth strategy uses a client_options
key, then it is most likely a subclass of the OAuth strategies. Those specfically have an OAuth client that performs the "auth dance".
Well, I definitely know its used in the yammer omniauth gem, and I've included the option when using google and facebook strategies, but perhaps its just ignored for those as I tried digging through the source and didn't see it mentioned anywhere. Yammer's strategy specifically uses Net::HTTP which is where it uses the option...
When using ruby19 on ubuntu ssl verification returns this error:
SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (OpenSSL::SSL::SSLError)
But after set the path of certs everything works fine.