SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (OpenSSL::SSL::SSLError)Apparently, this is a standard problem for Ruby on OS X. The problem is that Ruby is unable to find the root certificates necessary to verify a given certificate. A typical (and very bad) workaround is to turn off certificate validation using some code that looks something like:
...verify_mode = OpenSSL::SSL::VERIFY_NONEThere's a good blog post called How to Cure Net::HTTP’s Risky Default HTTPS Behavior. It shows you how to force all certificates to be verified, but it doesn't show how to make use of the operating system's most up-to-date list of root certificates.
After reading a ton of different blog posts, this is the approach that I created for my Rails app:
# config/initializers/fix_ssl.rbAs the code says, you'll have to execute "sudo port install curl-ca-bundle" on OS X to install the root certificates. Unfortunately, I don't know what the brew version of that is.
# Work around errors that look like:
# SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (OpenSSL::SSL::SSLError)
alias_method :original_use_ssl=, :use_ssl=
self.ca_path = '/etc/ssl/certs'
# MacPorts on OS X
# You'll need to run: sudo port install curl-ca-bundle
self.ca_file = '/opt/local/share/curl/curl-ca-bundle.crt'
self.verify_mode = OpenSSL::SSL::VERIFY_PEER
self.original_use_ssl = flag
Hopefully this will be fixed properly soon.