Missing certificates for rubygems and bundler in Ruby 1.8.7

Updated . Posted . Visible to the public.

Using Ruby 1.8.7 you will not be able to use the maximum versions Rubygems 1.8.30 and Bundler 1.17.3 with https://rubygems.org/ anymore. This is a result of a server certificate on December 5th, 2020. The resulting errors will look like following:

  • TypeError: can't modify frozen object
  • Could not verify the SSL certificate for https://rubygems.org/*
  • Bundler::Fetcher::CertificateFailureError: Could not verify the SSL certificate for https://index.rubygems.org/versions.
  • Error fetching data: hostname was not match with the server certificate (https://rubygems.org/*)

Use our legacy docker setup for development. For all other developers:

You can run a local gemstash container and proxy all requests to rubygems:

cat ~/.bundle/config 
---
BUNDLE_MIRROR__HTTPS://RUBYGEMS__ORG/: "http://gemstash:9292"

Be sure you know the risks of man-in-the-middle attacks.

Note: Rubygems 1 defaults to http if no source is set. So only users that have https://rubygems.org/ in their source list will notice an error when trying to run gem install.

Disable SSL checks globally for Rubygems

Add the following line to your ~/.gemrc file:

:ssl_verify_mode: 0

Disable SSL checks globally for Bundler

Update your ~/.bundle/config:

bundle config --global ssl_verify_mode 0

Disable SSL checks locally for Rubygems

You need to install a gem from http, disabling the SSL checks only seems not to be possible:

gem install some_gem --clear-sources --source 'http://rubygems.org/'

Disable SSL checks locally for Bundler

Update your .bundle/config file in the project:

bundle config --local ssl_verify_mode 0

Fix 3: Use a fixed release (status unknown)

It might happen, that a patch for Rubygems 1 and Bundler 1 is released. The patches are already merged in the most recent version of Rubygems and Bundler.

Last edit
Emanuel
License
Source code in this card is licensed under the MIT License.
Posted by Emanuel to makandra dev (2020-12-14 10:54)