bethesque
commented
3 years ago Why don't you set the SSL_CERT_FILE as documented here? https://docs.pact.io/pact_broker/advanced_topics/using-tls/#for-non-jvm
Closed eiriarte-mendez closed 2 years ago
bethesque
commented
3 years ago Why don't you set the SSL_CERT_FILE as documented here? https://docs.pact.io/pact_broker/advanced_topics/using-tls/#for-non-jvm
eiriarte-mendez
commented
3 years ago hi @bethesque , that for that info. I tried today however it still does not work for me:
...
/project/vendor/pact-foundation/pact-php/pact/lib/ruby/lib/ruby/2.2.0/net/http.rb:923:in `connect': SSL_connect returned=1 errno=0 state=error: certificate verify failed (OpenSSL::SSL::SSLError)
from /project/vendor/pact-foundation/pact-php/pact/lib/ruby/lib/ruby/2.2.0/net/http.rb:923:in `block in connect'
from /project/vendor/pact-foundation/pact-php/pact/lib/ruby/lib/ruby/2.2.0/timeout.rb:74:in `timeout'
from /project/vendor/pact-foundation/pact-php/pact/lib/ruby/lib/ruby/2.2.0/net/http.rb:923:in `connect'
from /project/vendor/pact-foundation/pact-php/pact/lib/ruby/lib/ruby/2.2.0/net/http.rb:863:in `do_start'
...I verified that env-var is correctly set or even setting "SSL_CERT_DIR"...
bethesque
commented
3 years ago You can test your set up using this docker-compose file. It has a self signed certificate configured for the broker, and the right env vars and certificate set up for the client. Run it with the baked in certificate, then grab a copy of your own server's certificate, and run it with that. If you can't get it working, then you may as well run the broker without SSL at all.
eiriarte-mendez
commented
3 years ago Hi @bethesque , I tried using the docker-compose config you suggested. Also directing my tests to that broker seem fine... so SSL_CERT_FILE is evaluated/passed correctly and provider-pact-verifier has no problems loading and publishing.
I will have to wait until tuesday for some peer that can provide me the certificate from our server ... then I can continue the experiment
eiriarte-mendez
commented
3 years ago very disappointed now... I got it running, but the solution is bonkers... The cert-chain downloaded from Firefox contains certificates in single lines... I dowloaded the single certs from FF and appended them manually, after that it worked for me..
Also our CI pipeline is running them without problems...
bethesque
commented
3 years ago That is bonkers. Sounds like we need to update our instructions for other users who might face the same issue then. Would you be interested in contributing to that? You can do it through the browser by clicking "edit this page" at the bottom of the page.
YOU54F
commented
2 years ago Hi @eiriarte-mendez , sorry to found this so tricky, but glad you got it working.
If you would like to update the documentation page you can via this link
In order to load pact files from broker with self-signed certificate, it allows to disable the ssl verification by setting an env-variable.
Would like to write a test, but im not a ruby dev...
88