Sudden Certificate Verify Failed on Xero Public Application

Question

Our staging server is connecting to our Xero Public Application perfectly fine, that is up until now (Dec 7, 2016). For some strange reason it is now returning the following error:

OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed

Here is the code snippet that we are using to connect to Xero.

@xero_client = Xeroizer::PublicApplication.new(APP_KEY, APP_SECRET, :logger => Logger.new('log/xero.log', 'weekly') request_token = @xero_client.request_token(:oauth_callback => "#{APP_DOMAIN}/oauth/callback")

Then the app fails at this line, and throws the SSLError specified above.

Anyone knows the root cause of this?

Details:

• We are using Ubuntu 14.04 (Trusty)
• We are using Ruby on Rails 4.1.7, Ruby 2.1.8p440
• We are using Xeroizer 2.16.4 gem
• SSL on the server seems OK, as per checking with 3rd-party sites that check if SSL is properly installed in the site;
• Changing the APP_KEY and APP_SECRET to a Partner Application and changing the constructor to Xeroizer::PartnerApplication, and adding relevant extra parameters works (meaning server SSL installation is not the issue).

Answer 1

We were running in to this problem as well - updating to version 2.16.5 of the Xeroizer gem resolved the issue for us.

Answer 2

Turns out we have to set ca_file as nil.

@xero_client.client.consumer_options[:ca_file] = nil

It might have to do with the fact that the built-in ca-certificates.crt that came with the gem is outdated.

In our server, the xeroizer crt file is found at /home/deploy/.bundler/mergethat/ruby/2.1.0/gems/xeroizer-2.16.4/lib/xeroizer/ca-certificates.crt. It will have a different path depending on your ruby gem/bundler/rvm setup.