Comments (27)
You appear to be using an out of date version of the gem. Version 2.0.1 was just pushed fixing this very problem. (see #23)
from gist.
The problem still exists for me with 2.0.1 installed.
$ echo "hello" | gist
SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
Usage: gist [options] [filename or stdin] [filename] ...
Filename '-' forces gist to read from stdin.
-p, --[no-]private Make the gist private
-t, --type [EXTENSION] Set syntax highlighting of the Gist by file extension
-o, --[no-]open Open gist in browser
-m, --man Print manual
-v, --version Print version
-h, --help Display this screen
$ gist -v
2.0.1
from gist.
Yep, same here. I still have the issue with 2.0.1.
from gist.
+1
$ gist -v
2.0.1
from gist.
Ditto - same issue:
echo ralsh file /etc/hosts | gist -t pp SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed Usage: gist [options] [filename or stdin] [filename] ... Filename '-' forces gist to read from stdin. -p, --[no-]private Make the gist private -t, --type [EXTENSION] Set syntax highlighting of the Gist by file extension -o, --[no-]open Open gist in browser -m, --man Print manual -v, --version Print version -h, --help Display this screen $ gist -v 2.0.1
from gist.
Same issue under Ubuntu 10.10 with RVM-installed REE 2011.03. Issue does not occur under 1.9.2-p180, or under OS X. I'm guessing this is a Linux-specific issue with the Ruby OpenSSL library in 1.8.
from gist.
Same issue here under FreeBSD 8.2-R amd64.
from gist.
same here with MacOS X 10.6.7
from gist.
I can confirm that gist works for me on OS X 10.6.7. Can anyone else give me some reproduction steps so I can try to fix this? Thanks.
from gist.
SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
same thing with 2.0.2
all I did was to try to upload a file to gist and this happens.
btw, I use the gem from macports to install
from gist.
Works on Debian wheezy/sid with ruby 1.9.2 but not 1.8.7. Presume it's a libopenssl-ruby issue.
from gist.
Just in case the comments here have not yet made it apparent, failing to verify github's SSL certificate is not a problem with Ruby, or a problem with the Gist gem (which does the "correct" SSL thing by requiring a valid certificate). If validation fails, your Ruby installation's OpenSSL library is having trouble finding the correct CA certificates to validate Github's cert.
Sometimes this simply means your CA cert bundle is too old, and is missing some certificates. If that's the case, you should update it, possible to a well-known recent version like curl's cacert.pem extraction of Mozilla's CA bundle.
Other times, this means your Ruby OpenSSL library is completely failing to find the CA certs that are already present on your machine. This seems to be common with Ruby 1.9 installed via RVM onto OS X. The system Ruby has no problem verifying the certificates, but the RVM Ruby 1.9 is unable to verify successfully, presumably because it cannot find any CA certificates at all.
Gist has already been updated to include an up-to-date cacert.pem file, and it instructs Net::HTTP to use that CA cert file to verify github's SSL certificate. If it is still failing for you, you may be hitting a bug I am not yet aware of, or your OpenSSL library may be broken in a way that prevents it from being able to verify SSL certificates even when the correct CA certs are present. Either way, I haven't been able to reproduce that case yet. :|
from gist.
I guess Macport's OpenSSL was corrupted because ever since I removed macports directories and started using homebrew which doesn't install all duplicate packages, gist works fine. Thanks for the help anyway. :)
from gist.
If anyone can provide me with reproduction steps, please do. In the meantime, I'm going to close this issue since there doesn't seem to be anything indicating that the problem is with the gist gem.
from gist.
I agree it's not gist's problem but I would suggest gist tries to monkey patch around it - given it's an issue with Ruby 1.8.7 which is installed heavily on Red Hat/Fedora/CentOS/Ubuntu hosts - and people are much more likely to be able to upgrade gist than Ruby.
Steps for reproduction on Ubuntu 10.10:
$ gem install gist
Successfully installed gist-2.0.2
$ echo ralsh file /etc/hosts | gist -t pp
SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
Usage: gist [options] [filename or stdin] [filename] ...
Filename '-' forces gist to read from stdin.
-p, --[no-]private Make the gist private
-t, --type [EXTENSION] Set syntax highlighting of the Gist by file extension
-o, --[no-]open Open gist in browser
-m, --man Print manual
-v, --version Print version
-h, --help Display this screen
$ ruby --version
ruby 1.8.7 (2010-06-23 patchlevel 299) [i686-linux]
Also on Fedora 14:
$ echo ralsh file /etc/hosts | gist -t pp
SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
Usage: gist [options] [filename or stdin] [filename] ...
Filename '-' forces gist to read from stdin.
-p, --[no-]private Make the gist private
-t, --type [EXTENSION] Set syntax highlighting of the Gist by file extension
-o, --[no-]open Open gist in browser
-m, --man Print manual
-v, --version Print version
-h, --help Display this screen
$ ruby --version
ruby 1.8.7 (2011-02-18 patchlevel 334) [i386-linux]
I can obviously monkey-patch it to set OpenSSL::SSL::VERIFY_NONE for this Ruby version but I am sure there is a more elegant solution?
from gist.
At the very least, perhaps the Gist gem could give some explanation on what's going wrong?
from gist.
I found nice patch (without warnings about const).
module OpenSSL
module SSL
remove_const :VERIFY_PEER
end
end
OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE
from gist.
shtirlic: what file does this code snippet go into?
from gist.
shtirlic: got it actually, but is there a reason to not submit this patch as a pull request?
from gist.
I found the problem. Defunkt's patch to add the CA certificates to the standalone gist file removed all the certificates except one, which is what made this problem crop up again. I fixed (and tested it on a RHEL machine that has the verification error) in 170c424. It'll go out as part of the 2.0.3 release.
from gist.
@shtirlic and @derwiki: please, please, please NEVER use that patch. ever. If you do use it, you have just destroyed SSL certificate verification for every connection made by that ruby process. It completely defeats the security that SSL provides. In this case, it means that you could be sending your github credentials to anyone. In other cases, it could mean that you are sending confidential user information to anyone. Hopefully I don't need to elaborate on how dangerous that is. :)
from gist.
@indirect 'every connection made by that ruby process' seems pretty isolated to just this script. I understand the security concerns but am more interested in getting something that works -- I will use this patch in the meantime, but anxiously await 2.0.3.
from gist.
@derwiki, yes, in this case, you are only exposing your github account to attackers. If you use this patch in a Rails application, however, you have broken SSL for any other code that tries to open an HTTP connection, which can potentially be really terrible. The real fix is to update your CA certificates, as I've explained a few times above. If you can't or won't update your CA certificates for some reason, the next version of gist will include some that it uses.
from gist.
I think this is now completely solved, and I have furthermore stripped out 213k of unneeded CA certificates. Could someone who was seeing this error please try the newest standalone gist script? You can get it at https://github.com/defunkt/gist/raw/master/gist Thanks.
from gist.
That script works fine for me. Thanks!
from gist.
@indirect, sure, it's dangerous solution but it's only for "get it work". Dot on the end of the link is preventing it to work ^-^.
from gist.
Thanks for the feedback. I've fixed the link and released and tagged gist 2.0.3, which should now work everywhere. (And the standalone script is now <20k, so this is a big improvement!)
from gist.
Related Issues (20)
- One test failure in Ubuntu on all architectures HOT 6
- Can't establish creds HOT 2
- Feature: Support uploading a complete directory / existing repo with "gist ." or "gist somedir"
- Feature: Limit number of Gists returned with `-l` flag
- Feature: Allow specifying a directory name
- Bug: Gist title and filenames not fetched for some Gists
- texrt
- Feature: Option to show SSH url for cloning a Gist
- For security propose i thin it's better to make private "-p or --private" parameter as default HOT 1
- > Hello @defunkt o/ HOT 4
- Please enable device flow HOT 2
- Terraform plan and strange gibberish at every line start HOT 2
- clipboard interaction issue on windows (has solution)
- > Hello @default
- [feat] avoid unchanged revisions
- Received this error trying to login
- Your token. // Octokit.js // https://github.com/octokit/core.js#readme const octokit = new Octokit({ auth: 'YOUR-TOKEN' }) await octokit.request('DELETE /repos/{owner}/{repo}/environments/{environment_name}/deployment-branch-policies/{branch_policy_id}', { owner: 'OWNER', repo: 'REPO', environment_name: 'ENVIRONMENT_NAME', branch_policy_id: 'BRANCH_POLICY_ID', headers: { 'X-GitHub-Api-Version': '2022-11-28' } })
- ![スクリーンショット 2022-04-07 10 04 42](https://user-images.githubusercontent.com/8407272/162099822-637d0cc1-e1d7-495f-a44f-2fc0ab9f5a4f.png) HOT 1
- hdj HOT 1
- he
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from gist.