OpenSSL issues.
Opened this issue · 3 comments
Hi there we started receiving the following errors today.
OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=error: certificate verify failed
Invoiced::ApiConnectionError: (): Failed to verify the Invoiced SSL certificate. Please verify that you have a recent version of OpenSSL installed.
We are on Ruby 2.3.8
We are using gem version 1.1.0 which seems to be the most up to date.
irb(main):005:0> puts OpenSSL::OPENSSL_VERSION
OpenSSL 1.0.2g 1 Mar 2016
This seems like an Invoiced.com issue as you claim to support Ruby 2.1+ ?
Some more information that I've discovered. It seems like I'm getting two different certs depending on if I'm using OpenSSL 1.1 vs. 1.0
The cert I receive when using 1.0 is not even for api.invoiced.com, its for www.billing.ajtutoring.com!?
OpenSSL 1.0
% /usr/local/Cellar/openssl/1.0.2t/bin/openssl version OpenSSL 1.0.2t 10 Sep 2019 % /usr/local/Cellar/openssl/1.0.2t/bin/openssl s_client -connect api.invoiced.com:443 CONNECTED(00000003) depth=3 C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root verify error:num=10:certificate has expired notAfter=May 30 10:48:38 2020 GMT --- Certificate chain 0 s:/OU=Domain Control Validated/OU=EssentialSSL/CN=www.billing.ajtutoring.com i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA 1 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority 2 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root ---
OpenSSL 1.1
% openssl version OpenSSL 1.1.1g 21 Apr 2020 % openssl s_client -connect api.invoiced.com:443 CONNECTED(00000006) depth=2 C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority verify return:1 depth=1 C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo RSA Domain Validation Secure Server CA verify return:1 depth=0 OU = Domain Control Validated, OU = EssentialSSL Wildcard, CN = *.invoiced.com verify return:1 --- Certificate chain 0 s:OU = Domain Control Validated, OU = EssentialSSL Wildcard, CN = *.invoiced.com i:C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo RSA Domain Validation Secure Server CA 1 s:C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo RSA Domain Validation Secure Server CA i:C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority 2 s:C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority i:C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root 3 s:C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root i:C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root ---
Weird certificates for ajtutoring.com also appear in SSL Labs report for api.invoiced.com
https://www.ssllabs.com/ssltest/analyze.html?d=api.invoiced.com
Just starting receiving this issue today as well, starting ~ 1 hour ago
> RUBY_VERSION
=> "2.7.1"
> OpenSSL::OPENSSL_VERSION
=> "OpenSSL 1.1.1d 10 Sep 2019"