create-webhook doesn't respect SSL_CERT_FILE

[jarmy]

Pre issue-raising checklist

I have already (please mark the applicable with an x):

• [X ] Upgraded to the latest version of the relevant libraries
• [X] Checked to see if the issue has already been raised
• [x] Created an executable example that demonstrates the issue using either:
  • a Dockerfile
  • a fork of https://github.com/pact-foundation/pact-ruby-standalone-e2e-example
  • a Git repository with a Travis or Appveyor (or similar) build
  • a gist with all the relevant code and full instructions on how to run it

Software versions

• pact library: N/A
• pact broker-docker: 2.57.0.0
• pact-ruby-standalone: 1.88.0
• OS: Mac OSX 10.13.6

Expected behaviour

pact-broker create-webhook successfully creates a webhook

Actual behaviour

create-webhook fails with "certificate verify failed" even though SSL_CERT_FILE is set as an environment variable. On top of that, both "pact-broker create-version-tag" and "pact-broker can-i-deploy" are successful in the same shell.

jarmy-m02:bin jarmy$ echo $SSL_CERT_FILE
/usr/local/etc/openssl/cert.pem
jarmy-m02:bin jarmy$ ./pact-broker can-i-deploy -v --pacticipant=graphql --broker-base-url=https://pact-broker.docker.savagebeast.com --to shared --latest
opening connection to pact-broker.docker.savagebeast.com:443...
opened
starting SSL for pact-broker.docker.savagebeast.com:443...
SSL established
<- "GET /matrix?q%5B%5D%5Bpacticipant%5D=graphql&q%5B%5D%5Blatest%5D=true&latestby=cvp&latest=true&tag=shared HTTP/1.1\r\nAccept: application/hal+json, application/json\r\nAccept-Encoding: gzip;q=1.0,deflate;q=0.6,identity;q=0.3\r\nUser-Agent: Ruby\r\nConnection: close\r\nHost: pact-broker.docker.savagebeast.com\r\n\r\n"
-> "HTTP/1.1 200 OK\r\n"
-> "Server: nginx/1.17.4\r\n"
-> "Date: Thu, 06 Aug 2020 21:58:06 GMT\r\n"
-> "Content-Type: application/hal+json;charset=utf-8\r\n"
-> "Content-Length: 123\r\n"
-> "Connection: close\r\n"
-> "Vary: Accept\r\n"
-> "X-Pact-Broker-Version: 2.57.0\r\n"
-> "X-Content-Type-Options: nosniff\r\n"
-> "\r\n"
reading 123 bytes...
-> "{\"summary\":{\"deployable\":true,\"reason\":\"There are no missing dependencies\",\"success\":0,\"failed\":0,\"unknown\":0},\"matrix\":[]}"
read 123 bytes
Conn close
Computer says yes \o/ 

There are no missing dependencies
jarmy-m02:bin jarmy$ 

Steps to reproduce

Follow instructions to create a webhook here https://github.com/pact-foundation/pact_broker-client#create-webhook

Relevent log files

jarmy-m02:bin jarmy$ ./pact-broker create-webhook "https://listeners.jenkins-sb.savagebeast.com/job/listeners-acceptance/job/graphql/job/DEVTOOLS-610-test-pact-broker-webhooks/buildWithParameters?os_authType=basic&environment=shared&graphqlHost=shared.graphql.docker.savagebeast.com&vaultToken=s.Szy7CSZTjit9zHC11C9Z3W4H" -v --request=POST -u jenkins-builder:$TOKEN --consumer=pegasus-2 --provider=graphql --broker-base-url=https://pact-broker.docker.savagebeast.com --contract-content-changed --description="Trigger GraphQL Acceptance Test Job on contract-content-changed event" -H "Accept:application/json"
opening connection to pact-broker.docker.savagebeast.com:443...
opened
starting SSL for pact-broker.docker.savagebeast.com:443...
SSL established
Conn close because of connect error SSL_connect returned=1 errno=0 state=error: certificate verify failed
ERROR: Error making request - OpenSSL::SSL::SSLError SSL_connect returned=1 errno=0 state=error: certificate verify failed /Users/jarmy/src/git/pandora/devtools/pact/lib/vendor/ruby/2.2.0/gems/pact_broker-client-1.28.4/lib/pact_broker/client/hal/http_client.rb:60:in `block in perform_request', attempt 1 of 3
opening connection to pact-broker.docker.savagebeast.com:443...
opened
starting SSL for pact-broker.docker.savagebeast.com:443...
SSL established
Conn close because of connect error SSL_connect returned=1 errno=0 state=error: certificate verify failed
ERROR: Error making request - OpenSSL::SSL::SSLError SSL_connect returned=1 errno=0 state=error: certificate verify failed /Users/jarmy/src/git/pandora/devtools/pact/lib/vendor/ruby/2.2.0/gems/pact_broker-client-1.28.4/lib/pact_broker/client/hal/http_client.rb:60:in `block in perform_request', attempt 2 of 3
opening connection to pact-broker.docker.savagebeast.com:443...
opened
starting SSL for pact-broker.docker.savagebeast.com:443...
SSL established
Conn close because of connect error SSL_connect returned=1 errno=0 state=error: certificate verify failed
ERROR: Error making request - OpenSSL::SSL::SSLError SSL_connect returned=1 errno=0 state=error: certificate verify failed /Users/jarmy/src/git/pandora/devtools/pact/lib/vendor/ruby/2.2.0/gems/pact_broker-client-1.28.4/lib/pact_broker/client/hal/http_client.rb:60:in `block in perform_request', attempt 3 of 3
/Users/jarmy/src/git/pandora/devtools/pact/lib/ruby/lib/ruby/2.2.0/net/http.rb:923:in `connect': SSL_connect returned=1 errno=0 state=error: certificate verify failed (OpenSSL::SSL::SSLError)
    from /Users/jarmy/src/git/pandora/devtools/pact/lib/ruby/lib/ruby/2.2.0/net/http.rb:923:in `block in connect'
    from /Users/jarmy/src/git/pandora/devtools/pact/lib/ruby/lib/ruby/2.2.0/timeout.rb:74:in `timeout'
    from /Users/jarmy/src/git/pandora/devtools/pact/lib/ruby/lib/ruby/2.2.0/net/http.rb:923:in `connect'
    from /Users/jarmy/src/git/pandora/devtools/pact/lib/ruby/lib/ruby/2.2.0/net/http.rb:863:in `do_start'
    from /Users/jarmy/src/git/pandora/devtools/pact/lib/ruby/lib/ruby/2.2.0/net/http.rb:852:in `start'
    from /Users/jarmy/src/git/pandora/devtools/pact/lib/vendor/ruby/2.2.0/gems/pact_broker-client-1.28.4/lib/pact_broker/client/hal/http_client.rb:60:in `block in perform_request'
    from /Users/jarmy/src/git/pandora/devtools/pact/lib/vendor/ruby/2.2.0/gems/pact_broker-client-1.28.4/lib/pact_broker/client/retry.rb:40:in `until_truthy_or_max_times'
    from /Users/jarmy/src/git/pandora/devtools/pact/lib/vendor/ruby/2.2.0/gems/pact_broker-client-1.28.4/lib/pact_broker/client/hal/http_client.rb:56:in `perform_request'
    from /Users/jarmy/src/git/pandora/devtools/pact/lib/vendor/ruby/2.2.0/gems/pact_broker-client-1.28.4/lib/pact_broker/client/hal/http_client.rb:33:in `post'
    from /Users/jarmy/src/git/pandora/devtools/pact/lib/vendor/ruby/2.2.0/gems/pact_broker-client-1.28.4/lib/pact_broker/client/hal/link.rb:53:in `post'
    from /Users/jarmy/src/git/pandora/devtools/pact/lib/vendor/ruby/2.2.0/gems/pact_broker-client-1.28.4/lib/pact_broker/client/webhooks/create.rb:39:in `create_webhook_with_consumer_and_provider'
    from /Users/jarmy/src/git/pandora/devtools/pact/lib/vendor/ruby/2.2.0/gems/pact_broker-client-1.28.4/lib/pact_broker/client/webhooks/create.rb:28:in `call'
    from /Users/jarmy/src/git/pandora/devtools/pact/lib/vendor/ruby/2.2.0/gems/pact_broker-client-1.28.4/lib/pact_broker/client/webhooks/create.rb:17:in `call'
    from /Users/jarmy/src/git/pandora/devtools/pact/lib/vendor/ruby/2.2.0/gems/pact_broker-client-1.28.4/lib/pact_broker/client/cli/broker.rb:308:in `run_webhook_commands'
    from /Users/jarmy/src/git/pandora/devtools/pact/lib/vendor/ruby/2.2.0/gems/pact_broker-client-1.28.4/lib/pact_broker/client/cli/broker.rb:127:in `create_webhook'
    from /Users/jarmy/src/git/pandora/devtools/pact/lib/vendor/ruby/2.2.0/gems/thor-0.20.3/lib/thor/command.rb:27:in `run'
    from /Users/jarmy/src/git/pandora/devtools/pact/lib/vendor/ruby/2.2.0/gems/thor-0.20.3/lib/thor/invocation.rb:126:in `invoke_command'
    from /Users/jarmy/src/git/pandora/devtools/pact/lib/vendor/ruby/2.2.0/gems/thor-0.20.3/lib/thor.rb:387:in `dispatch'
    from /Users/jarmy/src/git/pandora/devtools/pact/lib/vendor/ruby/2.2.0/gems/thor-0.20.3/lib/thor/base.rb:466:in `start'
    from /Users/jarmy/src/git/pandora/devtools/pact/lib/vendor/ruby/2.2.0/gems/pact_broker-client-1.28.4/lib/pact_broker/client/cli/custom_thor.rb:15:in `start'
    from /Users/jarmy/src/git/pandora/devtools/pact/lib/app/pact-broker.rb:28:in `<main>'

[bethesque]

This took some recreating! It seems this only occurs when using the pact-ruby-standalone (it works fine when using the ruby code directly, and on the pact-cli docker image). It must be to do with the old version of Ruby that's included in the standalone. The fix ended up being in the pact_broker-client code here https://github.com/pact-foundation/pact_broker-client/commit/27a0fe6d90d15caea1d8dd220cb8a330924746dd

There will be a new version of the standalone out in a couple of minutes. Grab that and it should be fixed.

[jarmy]

Verified. Thanks for fixing Beth.