-
Notifications
You must be signed in to change notification settings - Fork 30
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OpenSSL::SSL::SSLError
when accessing google.com
domain
#53
Comments
I'm not able to reproduce the issue:
Could you share your version of ruby and openssl? What is the output of this command if you run it from the same server that is throwing an error:
|
Thank you very much for your quick response!
|
Thanks, that'll be super helpful
Any chance your output got truncated there? The certificate values all look like they were cut off - for reference my output looks like this:
|
Sorry, I've truncated because it was too long. Updated my previous comment |
I'm still investigating my problem, but found that maybe something is related with rails (or my rails config)
|
Interesting - if you can get me that docker image to test against I'd be happy to dig into it |
I found that this is the minimum reproducible Dockerfile. The error only occurs if net-http is explicitly added to the Gemfile.
|
Investigating further, works on net-http 0.2.0 but fails with 0.2.2. Some thing between these versions should be the cause (the default installed net/http was 0.2.0 and explicitly adding the gem installs 0.2.2) |
It was this: ruby/net-http#36. I'm still trying to figure out how to work around this in the least bad way |
I believe this should be resolved in 1.1.1 - can you take a look and confirm? |
I can confirm that this issue is fixed! Thank you:+1: |
ssrf_filter version 1.0.8
When I try to
SsrfFilter.get
google related domains (google.com, *.googleapis.com) I get the following error.I can confirm that
Net::HTTP.get('https://google.com')
works if I don't use the ip address.I encountered this error while using carrierwave with downloading google cloud storage hosted images.
From my investigation, this only happens to certificates created by google and I guess maybe it's something related to this patch? but not sure.
https://github.com/arkadiyt/ssrf_filter/blob/main/lib/ssrf_filter/patch/ssl_socket.rb
The text was updated successfully, but these errors were encountered: