Tag: ssl

Errbit + HTTPS: Setting up Errbit reporter (Airbrake v5 gem) to work with self-signed HTTPS certificate

May 10, 2016 / / 3 Comments

Note: If you're using old Errbit version (0.2.0, 0.4.0) and an old Airbrake version (v4) please refer to this manual to make it work with self-signed certificates.

Having an error catcher like Errbit behind SSL is generally a good idea. Especially when Errbit is hosted on a different server than you application (for example when you manage multiple apps with one Errbit instance). In many cases you will have a self-signed certificate (why would you pay for a cert for internal tool). If you try to use it with Airbrake, you will see following error:

Airbrake:
  HTTP error: SSL_connect returned=1 errno=0 state=unknown state: certificate verify failed

Unfortunately, global SSL certificates verification disabling hack (solution that used to work with Airbrake notifier v4) won't work:

# No longer working!
OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE

Luckily, Airbrake notifier is written pretty well, so hacking it (and disabling per request SSL certificate verification) is not hard at all. Here's a full code you need to place in config/initializers/errbit.rb to make it work:

module Patches
  module Airbrake
    module SyncSender
      def build_https(uri)
        super.tap do |req|
          req.verify_mode = OpenSSL::SSL::VERIFY_NONE
        end
      end
    end
  end
end

Airbrake::SyncSender.prepend(::Patches::Airbrake::SyncSender)

After that (and configuring Airbrake notifier), you can test it out like this:

Airbrake.notify :test

Errbit + HTTPS: Setting up Errbit reporter (Airbrake v4 gem) to work with self-signed HTTPS Errbit

April 16, 2014 / / 2 Comments

Warning: This post is outdated and this fix will work only with old Airbrake version (v4) - it does not work with the v4 version of Airbrake notifier. If you're looking for a solution for Airbrake v5, please refere to this post: Errbit + HTTPS: Setting up Errbit reporter (Airbrake v5 gem) to work with self-signed HTTPS certificate

Having an error catcher like Errbit behind SSL is generally a good idea. Especially when Errbit is hosted on a different server than you application (for example when you manage multiple apps with one Errbit instance). In many cases you will have a self-signed certificate (why would you pay for a cert for internal tool). If you try to use it with Airbrake, you will see following error:

2.1.0 :002 > Airbrake.notify Exception.new('test')
** [Airbrake] Unable to contact the Airbrake server. HTTP Error=SSL_connect 
   returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
** [Airbrake] Environment Info: [Ruby: 2.1.0] [Rails: 4.0.4] [Env: production]
** [Airbrake] Failure: NilClass
** [Airbrake] Environment Info: [Ruby: 2.1.0] [Rails: 4.0.4] [Env: production]
** [Airbrake] Notice details: 
  exception: test
  api_key: key
  backtrace: (irb):2:in `irb_binding'
/lib/ruby/2.1.0/irb/workspace.rb:86:in `eval'
/lib/ruby/2.1.0/irb/workspace.rb:86:in `evaluate'
/lib/ruby/2.1.0/irb/context.rb:380:in `evaluate'
/lib/ruby/2.1.0/irb.rb:492:in `block (2 levels) in eval_input'
/lib/ruby/2.1.0/irb.rb:624:in `signal_status'
/lib/ruby/2.1.0/irb.rb:489:in `block in eval_input'
/lib/ruby/2.1.0/irb/ruby-lex.rb:247:in `block (2 levels) in each_top_level_statement'
/lib/ruby/2.1.0/irb/ruby-lex.rb:233:in `loop'
/lib/ruby/2.1.0/irb/ruby-lex.rb:233:in `block in each_top_level_statement'
/lib/ruby/2.1.0/irb/ruby-lex.rb:232:in `catch'
/lib/ruby/2.1.0/irb/ruby-lex.rb:232:in `each_top_level_statement'
/lib/ruby/2.1.0/irb.rb:488:in `eval_input'
/lib/ruby/2.1.0/irb.rb:397:in `block in start'
/lib/ruby/2.1.0/irb.rb:396:in `catch'
/lib/ruby/2.1.0/irb.rb:396:in `start'
[GEM_ROOT]/gems/railties-4.0.4/lib/rails/commands/console.rb:90:in `start'
[GEM_ROOT]/gems/railties-4.0.4/lib/rails/commands/console.rb:9:in `start'
[GEM_ROOT]/gems/railties-4.0.4/lib/rails/commands.rb:62:in `<top (required)>'
bin/rails:4:in `require'
bin/rails:4:in `<main>'

In order to make it work you need to disable SSL verification for Ruby:

OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE

Of course keep in mind, that it will disable SSL verification for all other libs as well.

Whole Errbit config should look like this:

Airbrake.configure do |config|
  config.api_key = 'api_key'
  config.host    = 'errbit.domain'
  config.port    = 443
  config.secure  = true
  config.ignore_only = ['ActiveRecord::RecordNotFound']
end if Rails.env.production?

OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE

Copyright © 2024 Closer to Code

Theme by Anders NorenUp ↑