SSL_connect Failure for Heroku Redis 6 Premium
garrettkidlet opened this issue · 2 comments
Getting the following failure when firebase_id_token processes are run.
Using redis 6 Premium tier on Heroku which forces secure TLS connections.
OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 peeraddr=52.3.18.23:26249 state=error: certificate verify failed (self signed certificate in certificate chain)
redis.rb configuration file is set to VERIFY_NONE as suggested in heroku documentation
$redis = Redis.new(url: url, driver: :ruby, ssl_params: { verify_mode: OpenSSL::SSL::VERIFY_NONE })
Firebase_id_token works when redis is not forcing secure connections.
Full stack
OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 peeraddr=52.3.18.23:26249 state=error: certificate verify failed (self signed certificate in certificate chain)
/opt/homebrew/lib/ruby/gems/3.1.0/gems/redis-4.8.0/lib/redis/connection/ruby.rb:264:in connect_nonblock' /opt/homebrew/lib/ruby/gems/3.1.0/gems/redis-4.8.0/lib/redis/connection/ruby.rb:264:in connect'
/opt/homebrew/lib/ruby/gems/3.1.0/gems/redis-4.8.0/lib/redis/connection/ruby.rb:306:in connect' /opt/homebrew/lib/ruby/gems/3.1.0/gems/redis-4.8.0/lib/redis/client.rb:385:in establish_connection'
/opt/homebrew/lib/ruby/gems/3.1.0/gems/redis-4.8.0/lib/redis/client.rb:115:in block in connect' /opt/homebrew/lib/ruby/gems/3.1.0/gems/redis-4.8.0/lib/redis/client.rb:344:in with_reconnect'
/opt/homebrew/lib/ruby/gems/3.1.0/gems/redis-4.8.0/lib/redis/client.rb:114:in connect' /opt/homebrew/lib/ruby/gems/3.1.0/gems/redis-4.8.0/lib/redis/client.rb:417:in ensure_connected'
/opt/homebrew/lib/ruby/gems/3.1.0/gems/redis-4.8.0/lib/redis/client.rb:269:in block in process' /opt/homebrew/lib/ruby/gems/3.1.0/gems/redis-4.8.0/lib/redis/client.rb:356:in logging'
/opt/homebrew/lib/ruby/gems/3.1.0/gems/redis-4.8.0/lib/redis/client.rb:268:in process' /opt/homebrew/lib/ruby/gems/3.1.0/gems/redis-4.8.0/lib/redis/client.rb:161:in call'
/opt/homebrew/lib/ruby/gems/3.1.0/gems/redis-4.8.0/lib/redis.rb:270:in block in send_command' /opt/homebrew/lib/ruby/gems/3.1.0/gems/redis-4.8.0/lib/redis.rb:269:in synchronize'
/opt/homebrew/lib/ruby/gems/3.1.0/gems/redis-4.8.0/lib/redis.rb:269:in send_command' /opt/homebrew/lib/ruby/gems/3.1.0/gems/redis-4.8.0/lib/redis/commands/strings.rb:191:in get'
/opt/homebrew/lib/ruby/gems/3.1.0/gems/redis-namespace-1.10.0/lib/redis/namespace.rb:558:in wrapped_send' /opt/homebrew/lib/ruby/gems/3.1.0/gems/redis-namespace-1.10.0/lib/redis/namespace.rb:515:in call_with_namespace'
/opt/homebrew/lib/ruby/gems/3.1.0/gems/redis-namespace-1.10.0/lib/redis/namespace.rb:389:in block (2 levels) in <class:Namespace>' /opt/homebrew/lib/ruby/gems/3.1.0/gems/firebase_id_token-2.4.0/lib/firebase_id_token/certificates.rb:181:in read_certificates'
/opt/homebrew/lib/ruby/gems/3.1.0/gems/firebase_id_token-2.4.0/lib/firebase_id_token/certificates.rb:159:in initialize' /opt/homebrew/lib/ruby/gems/3.1.0/gems/firebase_id_token-2.4.0/lib/firebase_id_token/certificates.rb:66:in new'
/opt/homebrew/lib/ruby/gems/3.1.0/gems/firebase_id_token-2.4.0/lib/firebase_id_token/certificates.rb:66:in request!' /Users/garrettglover/development/Kidletcare/kidletcare_api/lib/tasks/firebase.rake:10:in block (3 levels) in
Tasks: TOP => firebase:certificates:force_request
Versions
ruby '3.1.2'
gem 'rails', '> 7.0.3'> 4.2', '>= 4.2.5'
gem 'redis', '
gem 'firebase_id_token', '~> 2.4.0'
the issue is in the
/3.1.0/gems/firebase_id_token-2.4.0/lib/firebase_id_token/certificates.rb:181:in `read_certificates'
this call doesn't use the redis instance that was initially configured and so it loses the ssl_params settings
causing the error
OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 peeraddr=52.3.18.23:26249 state=error: certificate verify failed (self signed certificate in certificate chain)
Found the issue,
This was caused by Rails initialization order.
The Redis Initializer needs to be before the Firebase_id_token initializer
Now the issue is resolved.