importmap-rails
importmap-rails copied to clipboard
rails
SSL Certificate Verification Error When Using importmap pin Command
I'm encountering an SSL certificate verification error when using the importmap pin command with importmap-rails (2.0.1) to pin packages like Bootstrap. Despite having the correct SSL certificates installed and being able to make HTTPS requests using Ruby's net/http, the importmap command fails with an SSL error.
Steps to Reproduce:
Set Up Environment Variables for SSL Certificates:
export SSL_CERT_FILE="/opt/homebrew/etc/openssl@3/cert.pem"
export SSL_CERT_DIR="/opt/homebrew/etc/openssl@3/certs"
Verify SSL Connectivity with a Test Script:
Created a test script ssl_test.rb to confirm that Ruby's net/http can establish an SSL connection:
require 'net/http'
require 'openssl'
uri = URI('https://ga.jspm.io/npm:[email protected]/dist/js/bootstrap.esm.js')
Net::HTTP.start(
uri.host,
uri.port,
use_ssl: true,
verify_mode: OpenSSL::SSL::VERIFY_PEER
) do |http|
request = Net::HTTP::Get.new(uri)
response = http.request(request)
puts "Response Code: #{response.code}"
end
Output: Response Code: 200
Attempt to Pin Bootstrap Using importmap:
Ran the command: ./bin/importmap pin bootstrap
Output/Error:
Pinning "bootstrap" to vendor/javascript/bootstrap.js via download from https://ga.jspm.io/npm:[email protected]/dist/js/bootstrap.esm.js
/path/to/gems/net-protocol-0.2.2/lib/net/protocol.rb:46:in `connect_nonblock': SSL_connect returned=1 errno=0 peeraddr=205.234.175.175:443 state=error: certificate verify failed (unable to get local issuer certificate) (OpenSSL::SSL::SSLError)
Additional Information:
Ruby Version: 3.2.2 OpenSSL Version: (Output of ruby -ropenssl -e 'puts OpenSSL::OPENSSL_VERSION'): OpenSSL 3.3.2 3 Sep 2024 Importmap-Rails Version: 2.0.1 Operating System: macOS on Apple Silicon
Environment Variables:
echo $SSL_CERT_FILE
# Output: /opt/homebrew/etc/openssl@3/cert.pem
echo $SSL_CERT_DIR
# Output: /opt/homebrew/etc/openssl@3/certs
What I've Tried:
Verified Certificates:
Ensured that the DigiCert Global Root G2 certificate is present in /opt/homebrew/etc/openssl@3/cert.pem. Updated and rehashed the certificates in the certs directory. Reinstalled Ruby and Gems:
Uninstalled and reinstalled Ruby using rbenv, ensuring it links to the correct OpenSSL. Updated gems and checked for conflicting versions of net-http and net-protocol. Modified bin/importmap:
Added debug statements to print environment variables and Ruby version. Attempted to override Net::HTTP settings within bin/importmap to explicitly set ca_file and ca_path. Modified importmap-rails Gem Code:
Edited packager.rb to set SSL options explicitly when initializing Net::HTTP. Tested with OpenSSL::SSL::VERIFY_NONE:
As a test (not for production), set verify_mode to OpenSSL::SSL::VERIFY_NONE, which allowed the command to succeed, indicating the issue is with SSL verification. Manually Downloaded Bootstrap:
Used curl to download Bootstrap and updated config/importmap.rb as a temporary workaround.
Suspected Cause:
It seems that the importmap-rails gem may not be correctly utilizing the SSL certificates specified by the environment variables or might be overriding SSL settings internally, leading to the SSL verification failure.
Expected Behavior:
The importmap pin command should respect the SSL certificate environment variables and successfully establish an SSL connection to pin packages.
Actual Behavior:
The command fails with an SSL certificate verification error, even though SSL connections work in other Ruby scripts and tools.
Please let me know if I can provide any more information.
