getting "OpenSSL read server certificate B: certificate verify failed" error, but ONLY for Twitter
I have a rails website (reccr.com) that uses omniauth to authenticate users with several different options, including Facebook and Twitter (using OAuth) and a few others (using OpenID). Lately, however, (I think within the last week or so) trying to authenticate via Twitter throws that
OpenSSL::SSL::SSLError (SSL_connect returned=1 errno=0 state=SS开发者_如何学JAVALv3 read server certificate B: certificate verify failed)
error, but ONLY Twitter does it; every other service authenticates just fine. I've been scouring the internet for a solution, but everything I can find on that error addresses situations where it occurs with ALL authentication providers, and nothing I can find applies to situations where it's only happening with one specific provider.
As far as I know (and I'm the sole developer) nothing had changed about the site that would have predicated this, and I would think that any change to the site that would cause this problem with Twitter would also cause the same problem with Facebook OAuth authentication.
Any ideas on how I can fix this? I was initially hoping that the problem was on Twitter's end and that they'd fix it in a couple of days, but it's been about a week and it's still ongoing, and I haven't seen any other Twitter-specific complaints about this error so I'm starting to suspect it's me after all.
EDIT: OK, after discovering THIS and THIS, I'm halfway there. I'm trying to implement the solution where I add a :client_options => {:ca_file => '#{Rails.root}/config/ca-bundle.crt'}
to the end of the line in my omniauth.rb where I declare Twitter as one of my providers. However, when I do that I get a wrong number of arguments (4 for 3)
error at lib/rack/builder.rb:54:in
initialize'`. Any ideas how to fix that?
Usually this error means that Ruby cant find the set of certificates on the local machine that verify those provided from the server, see if this blog post can help you out. http://martinottenwaelter.fr/2010/12/ruby19-and-the-ssl-error/
OK, it turns out it was a bunch of stuff.
Twitter had changed their SSL certificate, as mentioned HERE. (Which I couldn't read last night because dev.twitter.com was down!)
Omniauth uses oauth, which has a bug that forces it to use a specific CA file rather than a more general CA path, as detailed HERE.
One of the solutions is to specify a correct CA file when initializing your provider in omniauth, however I kept getting "wrong number of arguments" errors when I tried to do that. After a long series of mishaps which ended in my completely uninstalling and reinstalling rails, it stopped giving me that error, so I was able to add that specification for omniauth, and now it can authenticate to Twitter again! Hooray!
Unfortunately, somewhere in all of this it stopped being able to authenticate to Facebook, but I'm sure I can figure out why that's happening.
精彩评论