SSL error

Matt Olson's Avatar

Matt Olson

29 Sep, 2013 06:00 AM

Help!

I've been getting the following error repeatedly:
 SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
  /app/vendor/bundle/ruby/1.9.1/gems/pusher-client-0.3.0/lib/pusher-client/websocket.rb:27:in `connect'

My configuration hasn't changed at all, so this is a complete mystery to me. Did your certificate change or expire?

--Matt

  1. Support Staff 1 Posted by Pat Allan on 29 Sep, 2013 07:02 AM

    Pat Allan's Avatar

    Hi Matt

    This is odd - the current certificate's good until February next year. I've not seen this error crop up in my own apps, and there's been no recent changes really to the Flying Sphinx setup at all in the last couple of weeks, and especially not anything SSL related.

    The Pusher SSL certs also seem to be up to date (expiring November next year) - so this is certainly surprising. Is this error cropping up on every Flying Sphinx command? Only sometimes?

    Pat

  2. 2 Posted by Matt Olson on 29 Sep, 2013 07:19 AM

    Matt Olson's Avatar

    It's happening processing ts deltas through resque. Here is my Gemfile:
    gem 'thinking-sphinx', '3.0.3'
    gem 'mysql2', '0.3.12b5' # required by thinking-sphinx, even though we use
    pg (they use the mysql protocol for connections)
    gem 'ts-resque-delta', :github => 'pat/ts-resque-delta', :branch =>
    'all-ts-versions', :ref => 'a38e7b104a3072aa85a02196d7f2913f9e47bf07' #
    this is the only version that works with TS3 and Flying Sphinx

    Wasn't having any trouble like this until yesterday. Now my error logs are
    full of these SSL errors...

  3. Support Staff 3 Posted by Pat Allan on 29 Sep, 2013 07:32 AM

    Pat Allan's Avatar

    Just looking through the Pusher gem's code - it's providing a path to a local cert file to connect to ws.pusherapp.com, but I can't think of why that would stop working.

    Does it happen when you run a full index? Or only via Resque? I'm presuming Resque has been restarted since this first started appearing?

  4. 4 Posted by Matt Olson on 29 Sep, 2013 06:21 PM

    Matt Olson's Avatar

    The error persists even after a restart of the workers. Doesn't happen
    with heroku run bundle exec flying-sphinx index, only when processing
    deltas via Resque. Nothing has changed on my end in weeks, so there must be
    a misconfigured certificate somewhere, or a library change that triggers a
    different certificate validation, or something along those lines...

  5. Support Staff 5 Posted by Pat Allan on 30 Sep, 2013 12:06 PM

    Pat Allan's Avatar

    The fact that it's only happening within Resque is really odd. And if you've not made any changes but it's just stopped working is even odder.

    I'm going to try to get an sample app in place to debug further.

  6. Support Staff 6 Posted by Pat Allan on 30 Sep, 2013 12:25 PM

    Pat Allan's Avatar

    Sample app with Resque hits the error on standard flying-sphinx commands (not even getting through to deltas), but an equivalent app with Sidekiq only has the problem when running the 'stop' command.

    Apps in question are https://github.com/sphinxtamers/rails32_mri193_v4_sidekiq_ts3 and https://github.com/sphinxtamers/rails32_mri193_v4_resque_ts3

    Also of note: https://github.com/pusher/pusher-ruby-client/pull/21

  7. Support Staff 7 Posted by Pat Allan on 01 Oct, 2013 12:43 PM

    Pat Allan's Avatar

    Matt, I've just heard back from the Pusher team, they've just tweaked their cert setup, and I'm now finding both of those test apps I've mentioned are working reliably. I'm hoping the same is the case for your delta jobs! Let me know either way.

  8. 8 Posted by Matt Olson on 03 Oct, 2013 03:33 PM

    Matt Olson's Avatar

    Yep, problem solved. Thanks!

  9. Pat Allan closed this discussion on 13 Jan, 2014 11:19 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac