General discussion about Chef

[chef] Re: SSL problem with embedded ruby on Windows?


Chronological Thread 
  • From: Adam Edwards < >
  • To: Chirag Jog < >, " " < >
  • Subject: [chef] Re: SSL problem with embedded ruby on Windows?
  • Date: Fri, 14 Jun 2013 13:05:23 +0000
  • Accept-language: en-US
The readme on github talks about this, and the latest changes to knife-google on github include a better error message in this case. As Chirag says, including cacert.pem with omnibus Chef on Windows is the correct fix and is in progress at the moment.

The issue for this plug-in is tracked at http://tickets.opscode.com/browse/KNIFE-279.

Jeppe, great to see that you're using this plug-in on Windows.

-Adam


Right. This is known issue for Windows. We have bug in JIRA to ship the certificate (self-signed) as part of Chef as we do in linux. Once that is fixed, SSL_CERT_FILE will not be required.

Regards,
Chirag Jog
Chief Technology Officer, 
Clogeny Technologies | http://clogeny.com 
(M) 0091-9766619440 | Skype: chirag.jog



On Fri, Jun 14, 2013 at 1:14 PM, Jeppe Nejsum Madsen < " target="_blank"> > wrote:
Hi,

I seem to have a problem with the embedded ruby when running on windows. It looks like the cacert.pem file is not located correctly:

C:\>irb
irb(main):001:0> require 'open-uri'
=> true
irb(main):002:0> open "https://google.com"
OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
        from C:/opscode/chef/embedded/lib/ruby/1.9.1/net/http.rb:799:in `connect'

Not sure if this is expected or not. Setting SSL_CERT_FILE solves the issue.

There seems to be at least two ca-bundle.pem files in the embedded ruby, but not sure if they are supposed to be located automagically?

/Jeppe

Archive powered by MHonArc 2.6.16.

§