Configuring ssl certs path for ubuntu

[dynaum]

When using ruby19 on ubuntu ssl verification returns this error:

SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (OpenSSL::SSL::SSLError)

But after set the path of certs everything works fine.

[dlindahl]

You can now configure the ca_path when configuring OmniAuth:

Rails.application.config.middleware.use OmniAuth::Builder do
  provider :cas, :host => 'cas.yourdomain.com', :ssl => true, :ca_path => '/etc/ssl/certs'
end

Let me know how this work for you. Thanks for the contribution!

[dynaum]

I used this reference: http://stackoverflow.com/a/5618072

[synth]

On OSX, I use curl-ca-bundle.crt file which should be specified with http.ca_cert_file = "/opt/local/share/curl/curl-ca-bundle.crt". It would be great if this was supported as well. See: http://stackoverflow.com/questions/4528101/ssl-connect-returned-1-errno-0-state-sslv3-read-server-certificate-b-certificat

[pencil]

Maybe a generic http_options would be the better solution.

[synth]

Its generally been my experience with other omniauth gems to specify it as follows: {client_options: {ssl: {ca_file: '/opt/local/share/curl/curl-ca-bundle.crt'}}}.

However, I also came across this article which solved the problem for me: http://railsapps.github.io/openssl-certificate-verify-failed.html

[dlindahl]

@synth In my experience, if an OmniAuth strategy uses a client_options key, then it is most likely a subclass of the OAuth strategies. Those specfically have an OAuth client that performs the "auth dance".

[synth]

Well, I definitely know its used in the yammer omniauth gem, and I've included the option when using google and facebook strategies, but perhaps its just ignored for those as I tried digging through the source and didn't see it mentioned anywhere. Yammer's strategy specifically uses Net::HTTP which is where it uses the option...