Missing certificates for rubygems and bundler in Ruby 1.8.7
Using Ruby 1.8.7 you will not be able to use the maximum versions Rubygems 1.8.30 and Bundler 1.17.3 with https://rubygems.org/ anymore. This is a result of a server certificate on December 5th, 2020. The resulting errors will look like following:
TypeError: can't modify frozen objectCould not verify the SSL certificate for https://rubygems.org/*Bundler::Fetcher::CertificateFailureError: Could not verify the SSL certificate for https://index.rubygems.org/versions.Error fetching data: hostname was not match with the server certificate (https://rubygems.org/*)
Fix 1: Use docker and gemstash (recommended for makandra employees)
Use our legacy docker setup for development. For all other developers:
You can run a local gemstash container and proxy all requests to rubygems:
cat ~/.bundle/config
---
BUNDLE_MIRROR__HTTPS://RUBYGEMS__ORG/: "http://gemstash:9292"
Fix 2: Disable SSL checks (not recommended)
Be sure you know the risks of man-in-the-middle attacks.
Note: Rubygems 1 defaults to http if no source is set. So only users that have https://rubygems.org/ in their source list will notice an error when trying to run gem install.
Disable SSL checks globally for Rubygems
Add the following line to your ~/.gemrc file:
:ssl_verify_mode: 0
Disable SSL checks globally for Bundler
Update your ~/.bundle/config:
bundle config --global ssl_verify_mode 0
Disable SSL checks locally for Rubygems
You need to install a gem from http, disabling the SSL checks only seems not to be possible:
gem install some_gem --clear-sources --source 'http://rubygems.org/'
Disable SSL checks locally for Bundler
Update your .bundle/config file in the project:
bundle config --local ssl_verify_mode 0
Fix 3: Use a fixed release (status unknown)
It might happen, that a patch for Rubygems 1 and Bundler 1 is released. The patches are already merged in the most recent version of Rubygems and Bundler.