google-code-export / rubycas-server

Automatically exported from code.google.com/p/rubycas-server
GNU Lesser General Public License v2.1
1 stars 1 forks source link

OpenSSL::SSL::SSLError at /login #121

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?
1. Setup the server using google authentication and run on port 10433
2. Run the rake tasks to generate the certificates
3. Update the config.yml to use the generated certificate
4. Try to login on the /login form of the server

What version of RubyCAS-Server are you using? How is it installed (rubygem,
manual install)? How are you running it (webrick, mongrel, passenger,
etc.)?
Installed as RubyGem, version 1.1.0
Relies on Webrick to handle the requests

If relevant, please paste your RubyCAS-Server config.yml file here.

server: webrick
port: 10443
ssl_cert: ssl/cert.pem
ssl_key: ssl/key.pem

database:
 pool: 10
 adapter: mysq2
 database: cas_staging
 username: <cencored>
 password: <censored>
 host: <censored>
 reconnect: true

authenticator:
 class: CASServer::Authenticators::Google
 proxy:
  host: <censored>
  port: 80

theme: simple
default_locale: en
log:
 file: log/casserver.log
 level: DEBUG
db_log
 file: log/casserver_db.log
downcase_username: true

Please provide any additional information below.
We are planning to change the authenticator to a custom one later on, but right 
now we would like to see this up and running first.
The server itself seems to be running fine, as we can see the pages and login 
form, but when we enter account info and press subit, we receive the following:

OpenSSL::SSL::SSLError at /login
SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: 
certificate verify failed

    file: http.rb
    location: connect
    line: 799

condensed backtrace:

/usr/local/rvm/rubies/ruby-1.9.3-p194/lib/ruby/1.9.1/net/http.rb in connect
    timeout(@open_timeout) { s.connect }
/usr/local/rvm/rubies/ruby-1.9.3-p194/lib/ruby/1.9.1/net/http.rb in block in 
connect
    timeout(@open_timeout) { s.connect }
/usr/local/rvm/rubies/ruby-1.9.3-p194/lib/ruby/1.9.1/timeout.rb in timeout
    return yield(sec) if sec == nil or sec.zero?
/usr/local/rvm/rubies/ruby-1.9.3-p194/lib/ruby/1.9.1/timeout.rb in timeout
    Timeout::timeout(n, e, &block)
/usr/local/rvm/rubies/ruby-1.9.3-p194/lib/ruby/1.9.1/net/http.rb in connect
    timeout(@open_timeout) { s.connect }
/usr/local/rvm/rubies/ruby-1.9.3-p194/lib/ruby/1.9.1/net/http.rb in do_start
    connect
/usr/local/rvm/rubies/ruby-1.9.3-p194/lib/ruby/1.9.1/net/http.rb in start
    do_start
/usr/local/rvm/rubies/ruby-1.9.3-p194/lib/ruby/1.9.1/timeout.rb in timeout
    return yield(sec)
/usr/local/rvm/rubies/ruby-1.9.3-p194/lib/ruby/1.9.1/timeout.rb in timeout
    Timeout::timeout(n, e, &block)
/usr/local/rvm/rubies/ruby-1.9.3-p194/lib/ruby/1.9.1/webrick/httpserver.rb in 
service
    si.service(req, res)
/usr/local/rvm/rubies/ruby-1.9.3-p194/lib/ruby/1.9.1/webrick/httpserver.rb in 
run
    server.service(req, res)
/usr/local/rvm/rubies/ruby-1.9.3-p194/lib/ruby/1.9.1/webrick/server.rb in block 
in start_thread
    block ? block.call(sock) : run(sock)

Original issue reported on code.google.com by arne.de....@gmail.com on 29 May 2012 at 12:15

GoogleCodeExporter commented 9 years ago
Update about the server perhaps:

We are running a FreBSD system, with all libraries beeing installed through the 
ports. Ruby version is 1.9.3-p194, installed through RVM.
Running the rake tasks to generate the certificates does not seem to return any 
errors.

Original comment by arne.de....@gmail.com on 29 May 2012 at 12:17

GoogleCodeExporter commented 9 years ago
I figured out that it's a problem now with the generated SSL certificate.
When using the openSSL verify command, I receive the following error:

error 20 at 0 depth lookup:unable to get local issuer certificate

Could it be that the rake tasks require something additional to be installed 
for proper certificate generation?

Original comment by arne.de....@gmail.com on 29 May 2012 at 1:17