certificate verify failed (self signed certificate in certificate chain) (OpenSSL::SSL::SSLError) about chromedriver-helper HOT 9 CLOSED

OK, just to absolutely pin down the issue, please try these two commands in irb:

require 'open-uri'
URI.parse("https://chromedriver.storage.googleapis.com/").open.read

and

require 'open-uri'
require 'openssl'
URI.parse("https://chromedriver.storage.googleapis.com/").open(:ssl_verify_mode => OpenSSL::SSL::VERIFY_NONE).read

If the first script emits the certificate verify error, and the second doesn't, then that confirms my understanding of the underlying issue (which is that a proxy is intercepting SSL traffic with locally-signed certs).

from chromedriver-helper.

@daveomcd I'd be interested if you're able to run this command from your system:

curl https://chromedriver.storage.googleapis.com/

Do you get a similar ssl cert verification problem?

from chromedriver-helper.

I won't comment on what's going on or why, but will point you at a link to a similar question that might help you frame this for IT:

https://it.slashdot.org/story/14/03/05/1724237/ask-slashdot-does-your-employer-perform-https-mitm-attacks-on-employees

I think we can work around this, just need a bit of time to look into it.

from chromedriver-helper.

@daveomcd Sorry to hear you're having trouble.

You may want to check if there's a network proxy that is responding to your request from a different domain (e.g., hotel wifi often does this to force you to sign in via a webform), because I'm able to run this myself and it's fine, and the cert chain looks fine.

If you are still seeing this error, please try visiting this URL via a web browser, and let us know what results you see:

https://chromedriver.storage.googleapis.com/

from chromedriver-helper.

@flavorjones thanks Mike for responding. This is actually happening inside my organization, however they don't really have anyone using something like OpenSSL except myself. They have seen that it does work when visiting the site through the browser as you have suggested, but still doesn't when doing chromedriver-update. I could show my cert chain but not that familiar with certificates and not sure if that's a security issue to display here or not.

from chromedriver-helper.

@flavorjones I do not. I get the XML results; however, I do get a similar command using wget.

daveomcd@mcdonald-PC9020:~/downloads$ wget https://chromedriver.storage.googleapis.com/
--2018-10-01 10:12:33--  https://chromedriver.storage.googleapis.com/
Resolving chromedriver.storage.googleapis.com (chromedriver.storage.googleapis.com)... 172.217.7.208, 2607:f8b0:4004:801::2010
Connecting to chromedriver.storage.googleapis.com (chromedriver.storage.googleapis.com)|172.217.7.208|:443... connected.
ERROR: cannot verify chromedriver.storage.googleapis.com's certificate, issued by <Company>:
  Self-signed certificate encountered.
To connect to chromedriver.storage.googleapis.com insecurely, use `--no-check-certificate'.

I removed the company certificate string as a precaution. I can get around it by passing the --no-check-certificate

from chromedriver-helper.

Results

1. URI.parse("https://chromedriver.storage.googleapis.com/").open.read

2.5.1 :002 > URI.parse("https://chromedriver.storage.googleapis.com/").open.read
Traceback (most recent call last):
        1: from (irb):2
OpenSSL::SSL::SSLError (SSL_connect returned=1 errno=0 state=error: certificate verify failed (self signed certificate in certificate chain))

2. URI.parse("https://chromedriver.storage.googleapis.com/").open(:ssl_verify_mode => OpenSSL::SSL::VERIFY_NONE).read

Works. Returning the XML.

So to someone that doesn't understand your hypothesis what is happening exactly? Just trying to figure out what to convey back to my IT team.

from chromedriver-helper.

@flavorjones Much appreciated, I'll look forward to the work-around thanks.

from chromedriver-helper.

I'm going to close this issue, as the gem is being deprecated in favor of webdrivers, see #83.

from chromedriver-helper.