Excon issue with httpi since 2.3.0 (not in 2.2.0)

[fredv]

Excon::Errors::SocketError: no implicit conversion of OpenSSL::X509::Certificate into String (TypeError)

Hey, first up I compliment on the simplicity of savon and love it for the amount of SOAP-pain it hides!

Second, there seems to be a difference how 2.3.0 handles SSL Certificates due to a change in "httpi". Did I miss a change in the savon documentation?

[tjarratt]

Hey @fredv, sorry that no one has taken the time to write back to you. I don't believe there was any change to the docs for httpi or Savon around this. I realize that a lot of time has passed and that you probably forgot / do not care about this issue any more, but could you provide some more information? In particular, which change in HTTPi caused this?

At the very least I'd like to document this change, or maybe investigate if there is a bug we can fix.

[Shelvak]

@fredv you can solve this? I have the same problem... I try with different versions of excon, savon 2.3.X wasabi 3.2.X... the only way to do work this is taking out the "File.read" from 'excon-0.31.0/lib/excon/ssl_socket.rb:47' but I can do this in all servers.... It's not happy...

A hug

[fredv]

@Shelvak our issue was purely in the newer versions. We had success simply using 'httpi', '2.0.2' and 'savon', '2.2.0' for our use-case. In this setup we point to the necessary cert and private key for the ssl connection as "/path/to/cert"-style path-names in the Savon Client configuration:

Savon.client(
ssl_cert_file: "/path/to/ssl.cert",
ssl_cert_key_file: "/path/to/ssl.key",
ssl_cert_key_password: "KEY_PASSWORD",
)

Passing these credentials as strings would be much simpler in our env/redis-configuration environment.

[Shelvak]

Well i downgrade the gems and all works fine... is not a solution but it work ^^

Thanks for all =)

A hug!

[hishammalik]

having the same problem with version 2.3.2. Going to try the downgrade to 2.2.0

[tjarratt]

FWIW I haven't been able to reproduce this issue on Savon 2.3.3 and HTTPI 2.1.1 with Excon 0.32.1

jruby-1.7.10 :039 > Savon::VERSION
 => "2.3.3" 
jruby-1.7.10 :041 > HTTPI::VERSION
 => "2.1.0" 
jruby-1.7.10 :040 > Excon::VERSION
 => "0.32.1" 

> request = HTTPI::Request.new("http://example.com", :excon)
> request.auth.ssl.ca_cert_file = "path/to/my/ca_cert.pem"
> request.auth.ssl.cert_file = "path/to/my/client_cert.pem"
> request.auth.ssl.cert_key_file = "path/to/my/client_key.pem"

response = HTTPI.get(request, :excon) 

I'd love to try to fix this problem if someone could post some steps to reproduce the described error.

[lucashungaro]

Ugh, same problem here using the gem https://github.com/iugu/nfe-paulistana

I forked the gem and downgraded Savon 2.2.0 and now it works fine.

The error I see is the following:

Excon::Errors::SocketError: no implicit conversion of OpenSSL::X509::Certificate into String (TypeError)
from excon-0.25.3/lib/excon/ssl_socket.rb:36:in `read'

Any clues?

[Shelvak]

lucas I have the same problem, so i do the same and i add some new methods to the gems. So if you want to see that visit my fork.

I don't find another solution that downgrade the versions

A hug

[lucashungaro]

@Shelvak thanks man, will do that! :)

[julesce]

Just wanna throw a 👍 to this: "We had success simply using 'httpi', '2.0.2' and 'savon', '2.2.0' for our use-case."

I ran into the same issue as described, and the above suggestion got things fixed for me. Thanks @fredv!

[josegrad]

Hi, I'm on Rails (4.2.3), excon (0.45.4), savon (2.11.1), httpi (2.4.1)
Ruby 2.2.1

savonConfig = {
            :endpoint => 'https://webservices.abc/v1/',
            :env_namespace => :soapenv,
            :namespace_identifier => :ns,
            :wsdl => File.open(Rails.root.to_s+'/lib/assets/abc.wsdl', 'rb'),
            :log_level => :debug,
            :log => true,
            #:ssl_verify_mode => :none,
            :ssl_cert_file => (Rails.root.to_s+'/lib/assets/abc/public.pem').to_s,
            :ssl_cert_key_file => (Rails.root.to_s+'/lib/assets/aabc/private.pem').to_s,
            :ssl_cert_key_password => 'abc',
            :open_timeout => 600,
            :read_timeout => 600
        }

client = Savon.client(savonConfig)

When I try a connection with the commented ssl_verify_mode => :none this comes out:

Excon::Errors::SocketError: no implicit conversion of OpenSSL::X509::Certificate into String (TypeError)

If that line is in use I get:

Excon::Errors::SocketError: SSL_connect returned=1 errno=0 state=SSLv3 read finished A: sslv3 alert handshake failure (OpenSSL::SSL::SSLError)

I wasnt sure to open a new thread since this same stuff is discussed here. However the "fixes" seem to be downgrading to quite early versions, which I guess is not a good idea.

Any hints how to correct this problem?

I'm using a p12 cert and broke it down into a public cert and private key. Is it password protected.

[josegrad]

Well I got over my problem so far. Excon is loaded by HTTPI if httpclient gem is not present. I added httpclient to my gemfile and now the connection using the p12 cert seems to proceed properly.