Hide Forgot
Description of problem: After 'gem update' I am getting this [1] error during 'deploy -t'. I am using rvm and I can reproduce this with: ruby-2.0.0-p648,ruby-2.2.1 Workaround for this is to just reinstall the rvm ruby [1] /home/fnguyen/.rvm/gems/ruby-2.2.1/gems/rest-client-2.0.0/lib/restclient/request.rb:809:in `rescue in transmit': SSL_connect returned=1 errno=0 state=error: certificate verify failed (RestClient::SSLCertificateNotVerified) from /home/fnguyen/.rvm/gems/ruby-2.2.1/gems/rest-client-2.0.0/lib/restclient/request.rb:698:in `transmit' from /home/fnguyen/.rvm/gems/ruby-2.2.1/gems/rest-client-2.0.0/lib/restclient/request.rb:215:in `execute' from /home/fnguyen/.rvm/gems/ruby-2.2.1/gems/rest-client-2.0.0/lib/restclient/request.rb:52:in `execute' from /home/fnguyen/.rvm/gems/ruby-2.2.1/gems/rest-client-2.0.0/lib/restclient/resource.rb:51:in `get' from /home/fnguyen/candlepin/candlepin/server/client/ruby/candlepin_api.rb:1221:in `get' from /home/fnguyen/candlepin/candlepin/server/client/ruby/candlepin_api.rb:52:in `initialize' from bin/import_test_data.rb:38:in `new' from bin/import_test_data.rb:38:in `<main>' Version-Release number of selected component (if applicable): ruby-2.0.0-p648 ruby-2.2.1 How reproducible: always Steps to Reproduce: 1. install rvm ruby ruby-2.2.1 2. gem update 3. bin/deploy -gt Actual results: 1] /home/fnguyen/.rvm/gems/ruby-2.2.1/gems/rest-client-2.0.0/lib/restclient/request.rb:809:in `rescue in transmit': SSL_connect returned=1 errno=0 state=error: certificate verify failed (RestClient::SSLCertificateNotVerified) from /home/fnguyen/.rvm/gems/ruby-2.2.1/gems/rest-client-2.0.0/lib/restclient/request.rb:698:in `transmit' from /home/fnguyen/.rvm/gems/ruby-2.2.1/gems/rest-client-2.0.0/lib/restclient/request.rb:215:in `execute' from /home/fnguyen/.rvm/gems/ruby-2.2.1/gems/rest-client-2.0.0/lib/restclient/request.rb:52:in `execute' from /home/fnguyen/.rvm/gems/ruby-2.2.1/gems/rest-client-2.0.0/lib/restclient/resource.rb:51:in `get' from /home/fnguyen/candlepin/candlepin/server/client/ruby/candlepin_api.rb:1221:in `get' from /home/fnguyen/candlepin/candlepin/server/client/ruby/candlepin_api.rb:52:in `initialize' from bin/import_test_data.rb:38:in `new' from bin/import_test_data.rb:38:in `<main>' Expected results: No exception Additional info: Before running gem update, I tried to backup .rvm/rubies/ruby-2.2.1 . After update I tried to revert this backed up dir, but it didn't help. I just find this strange, I thought that 'gem update' only affects .rvm/rubies/ruby-2.2.1 and doesn't disturb other parts of the enviro
In the candlepin_api.rb code I do not see any code that actually tells the Candlepin class about the CA that signed the Candlepin server's certificate. Without knowing who the CA is, the TLS/SSL connection is going to fail with a "certificate verify" error. Lots of libraries are sloppy about enforcing the requirement that the CA be known so it wouldn't suprise me if older versions weren't throwing this error. You can see in https://github.com/rest-client/rest-client/blob/master/lib/restclient/request.rb#L7 that the RestClient module accepts options for ssl_ca_file and such that we are not sending in when we construct a RestClient::Resource. I'll wager that's what the problem is. The CA will be the Candlepin cert under /etc/candlepin/certs/candlepin-ca.crt.