Can not import GoAgentX's CA

[jaggerwang]

I use GoAgentX as my proxy, and I can browse facebook, twitter, which using https. I installed this formula and run openssl-osx-ca manually. But pip and gem is still not working, curl is OK.

Using curl to access Facebook through GoAgent:

➜ ~ echo $http_proxy http://localhost:7070 ➜ ~ echo $https_proxy http://localhost:7070 ➜ ~ curl -I -v https://www.facebook.com/

• Adding handle: conn: 0x7fc9ca803a00
• Adding handle: send: 0
• Adding handle: recv: 0
• Curl_addHandleToPipeline: length: 1
• - Conn 0 (0x7fc9ca803a00) send_pipe: 1, recv_pipe: 0
• About to connect() to proxy localhost port 7070 (#0)
• Trying ::1...
• Trying 127.0.0.1...
• Connected to localhost (127.0.0.1) port 7070 (#0)

• Establish HTTP proxy tunnel to www.facebook.com:443

  CONNECT www.facebook.com:443 HTTP/1.1 Host: www.facebook.com:443 User-Agent: curl/7.30.0 Proxy-Connection: Keep-Alive

  < HTTP/1.1 200 OK HTTP/1.1 200 OK <

• Proxy replied OK to CONNECT request
• TLS 1.0 connection using TLS_RSA_WITH_AES_128_CBC_SHA
• Server certificate: *.facebook.com
• Server certificate: GoAgent CA

  HEAD / HTTP/1.1 User-Agent: curl/7.30.0 Host: www.facebook.com Accept: /

  < HTTP/1.1 200 HTTP/1.1 200 < Content-Length: 12357 Content-Length: 12357 < X-Xss-Protection: 0 X-Xss-Protection: 0 < X-Content-Type-Options: nosniff X-Content-Type-Options: nosniff < Content-Encoding: gzip Content-Encoding: gzip < Set-Cookie: reg_fb_gate=https%3A%2F%2Fwww.facebook.com%2F; path=/; domain=.facebook.com Set-Cookie: reg_fb_gate=https%3A%2F%2Fwww.facebook.com%2F; path=/; domain=.facebook.com < Set-Cookie: reg_fb_ref=https%3A%2F%2Fwww.facebook.com%2F; path=/; domain=.facebook.com Set-Cookie: reg_fb_ref=https%3A%2F%2Fwww.facebook.com%2F; path=/; domain=.facebook.com < Set-Cookie: reg_ext_ref=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com Set-Cookie: reg_ext_ref=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com < Set-Cookie: datr=GItJUzBDhlG6Zurxn0W6SiTT; expires=Mon, 11-Apr-2016 18:51:04 GMT; path=/; domain=.facebook.com; httponly Set-Cookie: datr=GItJUzBDhlG6Zurxn0W6SiTT; expires=Mon, 11-Apr-2016 18:51:04 GMT; path=/; domain=.facebook.com; httponly < Expires: Sat, 01 Jan 2000 00:00:00 GMT Expires: Sat, 01 Jan 2000 00:00:00 GMT < X-Fb-Debug: 3ZL2IGtBP7SM4xvAp+5oneFXFRV3LwCTtRXhi0tRAjI= X-Fb-Debug: 3ZL2IGtBP7SM4xvAp+5oneFXFRV3LwCTtRXhi0tRAjI= < Connection: keep-alive Connection: keep-alive < Via: HTTP/1.1 GWA Via: HTTP/1.1 GWA < Pragma: no-cache Pragma: no-cache < Cache-Control: private, no-cache, no-store, must-revalidate Cache-Control: private, no-cache, no-store, must-revalidate < Date: Sat, 12 Apr 2014 18:51:04 GMT Date: Sat, 12 Apr 2014 18:51:04 GMT < P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p" P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p" < Content-Type: text/html; charset=utf-8 Content-Type: text/html; charset=utf-8 < X-Frame-Options: DENY X-Frame-Options: DENY

<

• Connection #0 to host localhost left intact

  Pip error:

/usr/local/bin/pip3 run on Sun Apr 13 02:27:14 2014 Downloading/unpacking gevent Getting page https://pypi.python.org/simple/gevent/ Could not fetch URL https://pypi.python.org/simple/gevent/: connection error: unknown error (_ssl.c:2719) Will skip URL https://pypi.python.org/simple/gevent/ when looking for download links for gevent Getting page https://pypi.python.org/simple/ Could not fetch URL https://pypi.python.org/simple/: connection error: unknown error (_ssl.c:2719) Will skip URL https://pypi.python.org/simple/ when looking for download links for gevent Cannot fetch index base URL https://pypi.python.org/simple/ URLs to search for versions for gevent:

• https://pypi.python.org/simple/gevent/ Getting page https://pypi.python.org/simple/gevent/ Could not fetch URL https://pypi.python.org/simple/gevent/: connection error: unknown error (_ssl.c:2719) Will skip URL https://pypi.python.org/simple/gevent/ when looking for download links for gevent Could not find any downloads that satisfy the requirement gevent Cleaning up... Removing temporary dir /private/var/folders/w9/wlvxx1hj7vj6m1rkxmjs99vh0000gn/T/pip_build_jagger... No distributions at all found for gevent Exception information: Traceback (most recent call last): File "/usr/local/lib/python3.4/site-packages/pip/basecommand.py", line 122, in main status = self.run(options, args) File "/usr/local/lib/python3.4/site-packages/pip/commands/install.py", line 278, in run requirement_set.prepare_files(finder, force_root_egg_info=self.bundle, bundle=self.bundle) File "/usr/local/lib/python3.4/site-packages/pip/req.py", line 1177, in prepare_files url = finder.find_requirement(req_to_install, upgrade=self.upgrade) File "/usr/local/lib/python3.4/site-packages/pip/index.py", line 277, in find_requirement raise DistributionNotFound('No distributions at all found for %s' % req) pip.exceptions.DistributionNotFound: No distributions at all found for gevent

  Gem error:

ERROR: Could not find a valid gem 'redis' (>= 0), here is why: Unable to download data from https://rubygems.org/ - SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (https://rubygems.org/latest_specs.4.8.gz)

[raggi]

Did you try gem install -p $http_proxy redis ? If it doesn't work, please add --verbose --debug and paste the output into a code block.

[jaggerwang]

➜ ~ export http_proxy='http://localhost:7070' ➜ ~ export https_proxy='http://localhost:7070' ➜ ~ gem install -p $http_proxy redis ERROR: Could not find a valid gem 'redis' (>= 0), here is why: Unable to download data from https://rubygems.org/ - SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (https://rubygems.org/latest_specs.4.8.gz) ➜ ~ gem install -p $http_proxy redis --verbose --debug Exception LoadError' at /usr/local/Cellar/ruby/2.1.1_1/lib/ruby/2.1.0/resolv.rb:169 - LoadError ExceptionErrno::EEXIST' at /usr/local/Cellar/ruby/2.1.1_1/lib/ruby/2.1.0/fileutils.rb:250 - File exists @ dir_s_mkdir - /Users/jagger/.gem/specs/api.rubygems.org%443 Exception Errno::ENOENT' at /usr/local/Cellar/ruby/2.1.1_1/lib/ruby/2.1.0/rubygems/remote_fetcher.rb:294 - No such file or directory @ rb_file_s_stat - /Users/jagger/.gem/specs/api.rubygems.org%443/latest_specs.4.8 ExceptionIO::EAGAINWaitReadable' at /usr/local/Cellar/ruby/2.1.1_1/lib/ruby/2.1.0/openssl/buffering.rb:182 - Resource temporarily unavailable - read would block Exception OpenSSL::SSL::SSLError' at /usr/local/Cellar/ruby/2.1.1_1/lib/ruby/2.1.0/net/http.rb:920 - SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed ExceptionOpenSSL::SSL::SSLError' at /usr/local/Cellar/ruby/2.1.1_1/lib/ruby/2.1.0/net/http.rb:928 - SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed Exception Gem::RemoteFetcher::FetchError' at /usr/local/Cellar/ruby/2.1.1_1/lib/ruby/2.1.0/rubygems/request.rb:101 - SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (https://api.rubygems.org/latest_specs.4.8.gz) ExceptionGem::RemoteFetcher::FetchError' at /usr/local/Cellar/ruby/2.1.1_1/lib/ruby/2.1.0/rubygems/remote_fetcher.rb:278 - SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (https://api.rubygems.org/latest_specs.4.8.gz) Exception Gem::RemoteFetcher::FetchError' at /usr/local/Cellar/ruby/2.1.1_1/lib/ruby/2.1.0/rubygems/spec_fetcher.rb:268 - SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (https://api.rubygems.org/latest_specs.4.8.gz) ExceptionGem::SpecificGemNotFoundException' at /usr/local/Cellar/ruby/2.1.1_1/lib/ruby/2.1.0/rubygems/dependency_installer.rb:297 - Could not find a valid gem 'redis' (>= 0) locally or in a repository ERROR: Could not find a valid gem 'redis' (>= 0), here is why: Unable to download data from https://rubygems.org/ - SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (https://api.rubygems.org/latest_specs.4.8.gz) Exception Errno::EEXIST' at /usr/local/Cellar/ruby/2.1.1_1/lib/ruby/2.1.0/fileutils.rb:250 - File exists @ dir_s_mkdir - /Users/jagger/.gem/specs/api.rubygems.org%443 ExceptionErrno::ENOENT' at /usr/local/Cellar/ruby/2.1.1_1/lib/ruby/2.1.0/rubygems/remote_fetcher.rb:294 - No such file or directory @ rb_file_s_stat - /Users/jagger/.gem/specs/api.rubygems.org%443/prerelease_specs.4.8 Exception IO::EAGAINWaitReadable' at /usr/local/Cellar/ruby/2.1.1_1/lib/ruby/2.1.0/openssl/buffering.rb:182 - Resource temporarily unavailable - read would block ExceptionOpenSSL::SSL::SSLError' at /usr/local/Cellar/ruby/2.1.1_1/lib/ruby/2.1.0/net/http.rb:920 - SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed Exception OpenSSL::SSL::SSLError' at /usr/local/Cellar/ruby/2.1.1_1/lib/ruby/2.1.0/net/http.rb:928 - SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed ExceptionGem::RemoteFetcher::FetchError' at /usr/local/Cellar/ruby/2.1.1_1/lib/ruby/2.1.0/rubygems/request.rb:101 - SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (https://api.rubygems.org/prerelease_specs.4.8.gz) Exception Gem::RemoteFetcher::FetchError' at /usr/local/Cellar/ruby/2.1.1_1/lib/ruby/2.1.0/rubygems/remote_fetcher.rb:278 - SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (https://api.rubygems.org/prerelease_specs.4.8.gz) ExceptionErrno::EEXIST' at /usr/local/Cellar/ruby/2.1.1_1/lib/ruby/2.1.0/fileutils.rb:250 - File exists @ dir_s_mkdir - /Users/jagger/.gem/specs/api.rubygems.org%443 Exception IO::EAGAINWaitReadable' at /usr/local/Cellar/ruby/2.1.1_1/lib/ruby/2.1.0/openssl/buffering.rb:182 - Resource temporarily unavailable - read would block ExceptionOpenSSL::SSL::SSLError' at /usr/local/Cellar/ruby/2.1.1_1/lib/ruby/2.1.0/net/http.rb:920 - SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed Exception OpenSSL::SSL::SSLError' at /usr/local/Cellar/ruby/2.1.1_1/lib/ruby/2.1.0/net/http.rb:928 - SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed ExceptionGem::RemoteFetcher::FetchError' at /usr/local/Cellar/ruby/2.1.1_1/lib/ruby/2.1.0/rubygems/request.rb:101 - SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (https://api.rubygems.org/specs.4.8.gz) Exception Gem::RemoteFetcher::FetchError' at /usr/local/Cellar/ruby/2.1.1_1/lib/ruby/2.1.0/rubygems/remote_fetcher.rb:278 - SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (https://api.rubygems.org/specs.4.8.gz) ExceptionGem::RemoteFetcher::FetchError' at /usr/local/Cellar/ruby/2.1.1_1/lib/ruby/2.1.0/rubygems/spec_fetcher.rb:268 - SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (https://api.rubygems.org/specs.4.8.gz)

[raggi]

Rubygems uses it's own certs: https://github.com/rubygems/rubygems/tree/master/lib/rubygems/ssl_certs so your proxy providing fake certs will not validate. This is all totally unrelated to this program.