I installed rbenv from the git repository on Ubuntu18.04 on WSL (Windows10), but some SSL related errors were found. For example, gem install cannot be performed, or if you do not require certified when acquiring html with open-uri, a certificate error will occur. (For some reason, I was able to install and use nokogiri etc. once, but forget about it.)
So, let's check the version of OpenSSL that ruby is looking at.
irb(main):001:0> require "openssl"
=> true
irb(main):002:0> OpenSSL::OPENSSL_VERSION
=> "OpenSSL 1.1.1 11 Sep 2018"
Probably this should be fine in most situations, but in my case it wasn't. That's because I had manually installed OpenSSL 1.1.1h when I installed Python3 locally before, and that's what's running on my system, but that meant ruby didn't see it.
~/.rbenv
$ grep -r OPENSSL ./*
Then, there are quite a few hits, including those that are not decent, but among them,
./plugins/ruby-build/bin/ruby-build: OPENSSL_PREFIX_PATH="${PREFIX_PATH}/openssl"
./plugins/ruby-build/bin/ruby-build: OPENSSLDIR="${OPENSSLDIR:-$OPENSSL_PREFIX_PATH/ssl}"
Pay attention to. Apparently it is not recognized unless it is directly under the openssl directory \ $ PREFIX_PATH. And at this time \ $ PREFIX_PATH was not set.
(Digression) By the way, in the case of mac, I found a way to recognize OpenSSL as well ( article ), but the environment variable to refer to is I wonder if this isn't the case, so I ended up doing something like this.
Therefore, set \ $ PREFIX_PATH.
~/.bash_profile
$ export PREFIX_PATH=$PREFIX_PATH:/usr/local/bin
$ source ~/.bash_profile
In this state
$ rbenv install 2.7.2
If you do, it should work.
$ rbenv local 2.7.2
$ rbenv versions
system
2.6.5 (set by /home/rubyer/.ruby-version)
* 2.7.2
Don't forget to change the ruby version
irb(main):001:0> require "openssl"
=> true
irb(main):002:0> OpenSSL::OPENSSL_VERSION
=> "OpenSSL 1.1.1h 22 Sep 2020"
By the way, this does not solve the system ruby that does not go through rbenv. If you do the same thing, it will be solved, but it is not necessary, so I will not deal with it here.
irb(main):001:0> require "openssl"
=> true
irb(main):002:0> OpenSSL::X509::DEFAULT_CERT_FILE
=> "/usr/local/ssl/cert.pem"
$ cat /usr/local/ssl/cert.pem
-----BEGIN CERTIFICATE-----
MIIDXzCCAkegAwIBAgILBAAAAAABIVhTCKIwDQYJKoZIhvcNAQELBQAwTDEgMB4
GA1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjMxEzARBgNVBAoTCkdsb2JhbF
...
-----END CERTIFICATE-----
The certificate exists for the time being. Therefore, it is possible that the content is insufficient. Therefore, you can put the certificate required for communication with the site you are trying to connect to, but since there are several types of certificates for each site, <a href="https://jp." I don't want to copy or download from globalsign.com/support/rootcertificates/index.html "> this place and add it. So, in my case, I decided to borrow a comprehensive set of certificates from Python3, where SSL communication is working well.
$ find /usr/lib/python3 -name "*cert*"
/usr/lib/python3/dist-packages/certifi
/usr/lib/python3/dist-packages/certifi/cacert.pem
(The following is omitted)
$ cp /usr/local/ssl/cert.pem /usr/local/ssl/cert.pem_copy
$ cat /usr/lib/python3/dist-packages/certifi/cacert.pem > /usr/local/ssl/cert.pem
Search is appropriate. cacert.pem contained multiple certificates. Just in case, copy and keep the original certificate and replace it. Now there are no certificate errors.
(Digression) I have encountered many such errors and resolved them, but it may be the first time that I have resolved them without any "magic" from the identification of the cause.
Recommended Posts