$ cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=14.04
DISTRIB_CODENAME=trusty
DISTRIB_DESCRIPTION="Ubuntu 14.04.3 LTS"
$ apt-cache policy ca-certificates
ca-certificates:
Installed: 20170717~14.04.1
Candidate: 20170717~14.04.1
Version table:
*** 20170717~14.04.1 0
500 http://ftp.iij.ad.jp/pub/linux/ubuntu/archive/ trusty-updates/main amd64 Packages
500 http://security.ubuntu.com/ubuntu/ trusty-security/main amd64 Packages
100 /var/lib/dpkg/status
20130906ubuntu2 0
500 http://ftp.iij.ad.jp/pub/linux/ubuntu/archive/ trusty/main amd64 Packages
$ java -version
openjdk version "1.8.0_141"
OpenJDK Runtime Environment (build 1.8.0_141-8u141-b15-3~14.04-b15)
OpenJDK 64-Bit Server VM (build 25.141-b15, mixed mode)
require 'net/http'
uri = URI.parse('https://www.google.co.jp')
http = Net::HTTP.new(uri.hostname, uri.port)
http.use_ssl = true
get = Net::HTTP::Get.new(uri)
res = http.request(get)
puts "#{res.code}: #{res.message}"
CRubyだと通る
$ ~/.rbenv/versions/2.4.2/bin/ruby test.rb
200: OK
JRubyだと通らない
$ ~/.rbenv/versions/jruby-9.1.13.0/bin/jruby test.rb
OpenSSL::SSL::SSLError: certificate verify failed
connect_nonblock at org/jruby/ext/openssl/SSLSocket.java:228
connect at /var/lib/jenkins/.rbenv/versions/jruby-9.1.13.0/lib/ruby/stdlib/net/http.rb:938
do_start at /var/lib/jenkins/.rbenv/versions/jruby-9.1.13.0/lib/ruby/stdlib/net/http.rb:868
start at /var/lib/jenkins/.rbenv/versions/jruby-9.1.13.0/lib/ruby/stdlib/net/http.rb:857
request at /var/lib/jenkins/.rbenv/versions/jruby-9.1.13.0/lib/ruby/stdlib/net/http.rb:1409
<main> at test.rb:8
JRubyでも、消されたEquifax_Secure_Certificate_Authority.pemを設定すると通る https://knowledge.geotrust.com/support/knowledge-base/index?vproductcat=G&vdomain=GEOTRUST_COM&page=content&id=SO5761&locale=en_US&redirected=true
require 'net/http'
uri = URI.parse('https://www.google.co.jp')
http = Net::HTTP.new(uri.hostname, uri.port)
http.use_ssl = true
http.ca_file = './Equifax_Secure_Certificate_Authority.pem'
get = Net::HTTP::Get.new(uri)
res = http.request(get)
puts "#{res.code}: #{res.message}"
$ ~/.rbenv/versions/jruby-9.1.13.0/bin/jruby test.rb
200: OK
Embulk selfupdateも失敗する
$ sudo embulk selfupdate 0.8.16
2017-10-05 07:22:55.663 +0000: Embulk v0.7.9
Checking version 0.8.16...
Found version 0.8.16.
Downloading https://dl.bintray.com/embulk/maven/embulk-0.8.16.jar ...
OpenSSL::SSL::SSLError: certificate verify failed
connect at org/jruby/ext/openssl/SSLSocket.java:190
block in connect at uri:classloader:/META-INF/jruby.home/lib/ruby/stdlib/net/http.rb:927
timeout at org/jruby/ext/timeout/Timeout.java:128
connect at uri:classloader:/META-INF/jruby.home/lib/ruby/stdlib/net/http.rb:927
do_start at uri:classloader:/META-INF/jruby.home/lib/ruby/stdlib/net/http.rb:867
start at uri:classloader:/META-INF/jruby.home/lib/ruby/stdlib/net/http.rb:856
open_http at uri:classloader:/META-INF/jruby.home/lib/ruby/stdlib/open-uri.rb:318
buffer_open at uri:classloader:/META-INF/jruby.home/lib/ruby/stdlib/open-uri.rb:736
block in open_loop at uri:classloader:/META-INF/jruby.home/lib/ruby/stdlib/open-uri.rb:211
catch at org/jruby/RubyKernel.java:1099
open_loop at uri:classloader:/META-INF/jruby.home/lib/ruby/stdlib/open-uri.rb:209
open_uri at uri:classloader:/META-INF/jruby.home/lib/ruby/stdlib/open-uri.rb:150
block in selfupdate at /usr/local/bin/embulk!/embulk/command/embulk_selfupdate.rb:56
open at org/jruby/RubyIO.java:1126
selfupdate at /usr/local/bin/embulk!/embulk/command/embulk_selfupdate.rb:54
run at /usr/local/bin/embulk!/embulk/command/embulk_run.rb:273
<top> at /usr/local/bin/embulk!/embulk/command/embulk_main.rb:2
require at org/jruby/RubyKernel.java:940
(root) at uri:classloader:/META-INF/jruby.home/lib/ruby/stdlib/rubygems/core_ext/kernel_require.rb:1
<top> at file:/usr/local/bin/embulk!/embulk/command/embulk_bundle.rb:51