SSLError certificate verify failed (unable to get local issuer certificate)

[raulsperoni]

Hi I'm trying to integrate my app with an openid provider. I'm getting this:

(openid_connect) Callback phase initiated.
OpenSSL::SSL::SSLError (SSL_connect returned=1 errno=0 state=error: certificate verify failed (unable to get local issuer certificate)):
httpclient (2.8.3) lib/httpclient/ssl_socket.rb:103:in `connect'

The app is behind a Traefik proxy with a certificate from LetsEncrypt. I've tryied disabling https on my app but still getting the same error.

Any ideas? Thank you.

[raulsperoni]

I think this is not related to this gem. Sorry

[nicolasfranck]

It's not related indeed, but if someone needs it, please add the following code..

require 'httpclient'

class HTTPClient
  alias original_initialize initialize

  def initialize(*args, &block)
    original_initialize(*args, &block)
    # Force use of the default system CA certs (instead of the 6 year old bundled ones)
    @session_manager&.ssl_config&.set_default_paths
  end
end

.. which forces the underlying http client to use the system defaults, instead of stubbornly
using the stored root certificate (which is outdated).

See also nahi/httpclient#445 (comment) where I got it from.