[Pkg-openssl-devel] Ruby issues

Sam Rowe sam.rowe at gmail.com
Fri Aug 17 14:17:33 UTC 2012 

Hi,

I apologize in advance if this is a Ruby issue, but I've done a lot of
testing and I don't think that it is.

I'm attempting to move some ruby code from CentOS to Wheezy and
everything works with the exception of two SSL connections that are
required.

I've installed ruby 1.9.1 on Squeeze and used the same code without
issue and as I mentioned it works on CentOS. I also compiled my own
Ruby on both Wheezy and Squeeze (from the same tarball) and the
squeeze version works and the Wheezy version does not, so I think the
issue is in the openssl side. Making the issue even stranger is that
Python appears to be able to connect to one of the services in
question without issue on Wheezy.

To make matters worse, I believe that at least one of the two
connections I need to make uses an expired SSL cert. I don't control
the remote system (Cisco does) and I've reported this to the admins of
that system, but I'm getting the run-around to say the least. The ruby
code I'm using should ignore the expiration, but the TLS negotiation
fails in some way that doesn't issue a clear error message.

In an attempt to avoid bothering this list, I did what limited
searching I knew to do, but I wasn't even sure how to frame the issue
let alone what keywords to search for beyond very generic terms. Sorry
again if this is covered elsewhere or a well known issue.

Steps to reproduce:

* Install ruby-1.9.1
* gem install xmpp4r
* run the code found here:  https://gist.github.com/3379006

If lines 14 and 15 are swapped, the connection succeeds. In other
words, I'm able to connect to Google Talk, but not Webex Connect. I'd
love to blame this on ruby in some way, but the fact that it works
everywhere except Wheezy makes me think it's an SSL issue.

The other SSL connection I'm trying to make is to the salesforce.com
API and it fails in a similar manner in that the remote side closes
the connection after starting the SSL negotiation. I can provide more
details if needed.

Thanks for any assistance.

-Sam Rowe

More information about the Pkg-openssl-devel mailing list