Including Rubygem Certs in Building

[allenwyma]

Please refer to carlhuda/bundler#2318 for more information, but basically the proper certs are not getting bundled when ruby is built, so we cannot connect to rubygems over SSL.

@mkb

[mpapis]

RVM when building openssl will automatically include the certificates => https://github.com/wayneeseguin/rvm/blob/e450ad10e079e7c5d32d43bbcce27de5d36bb25a/scripts/functions/pkg#L204-L209

if you see this problem it means ruby found other openssl which does not have proper certificates but this is out of RVM scope.

[allenwyma]

Hmm, I'm using openssl installed by homebrew. How do I get it to pull in the right certificates so ruby builds with it? Or do I just need to download these certs and drop them in a folder?

[mpapis]

@HangingClowns try:

mkdir -p $(brew --prefix openssl)/ssl
curl http://curl.haxx.se/ca/cacert.pem -o $(brew --prefix openssl)/ssl/cert.pem

but this is something that homebrew should be doing not rvm

[allenwyma]

Hmm, that didn't seem to work, unless I'm missing something?

[mpapis]

@HangingClowns homebrew could be using different --sysonfdir, it could be for example /etc/ssl/cert.pem

[allenwyma]

I used this to install the certs:

brew install curl-ca-bundle

I used this to reinstall 2.0.0 and it all works.:

rvm reinstall 2.0.0 --with-opt-dir=$(brew --prefix openssl):$(brew --prefix sqlite):$(brew --prefix readline):$(brew --prefix autoconf):$(brew --prefix automake):$(brew --prefix apple-gcc42):$(brew --prefix libtool):$(brew --prefix pkg-config):$(brew --prefix libyaml):$(brew --prefix libxml2):$(brew --prefix libxslt):$(brew --prefix libksba):$(brew --prefix curl-ca-bundle)

[mpapis]

this will be simplified with #1531

[allenwyma]

For sure, I can also take a stab at this if you don't have time these days. I wont be free for maybe a week, though.

[mpapis]

@HangingClowns I have it almost implemented, will push to separate branch today, I would appreciate help in testing as I'm not homebrew user

[allenwyma]

Tell me the branch, when it's done, and how you want me to confirm and I can have a go at it. My coworker uses Lion and hates the terminal, so having the brew setup all automatic would be perfect for him.

[mpapis]

see #1544

[lyahdav]

I think there's still a bug in RVM here. I recently upgraded to ruby-1.9.3-p429 via RVM and started getting this error on HTTPS requests: OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed

Here's the details of my issue and my workaround: http://stackoverflow.com/a/16741712/62

[mpapis]

@lyahdav please open a new ticket as this one was for 1.19 and we are already at 1.20 already.

[lyahdav]

@mpapis done: https://github.com/wayneeseguin/rvm/issues/1920