Securité, je passe le premier

If you’re running FreeBSD 10 with Ruby 2.0 or 2.1, and use the Twitter gem or any other gem trying to establish a secure connection using OpenSSL, you probably already encountered the following message:

Twitter::Error: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
        from /usr/local/lib/ruby/gems/2.1/gems/twitter-5.8.0/lib/twitter/rest/client.rb:96:in `rescue in request'
        from /usr/local/lib/ruby/gems/2.1/gems/twitter-5.8.0/lib/twitter/rest/client.rb:92:in `request'
        from /usr/local/lib/ruby/gems/2.1/gems/twitter-5.8.0/lib/twitter/rest/client.rb:63:in `get'
        from /usr/local/lib/ruby/gems/2.1/gems/twitter-5.8.0/lib/twitter/request.rb:22:in `perform'
        from /usr/local/lib/ruby/gems/2.1/gems/twitter-5.8.0/lib/twitter/request.rb:29:in `perform_with_object'
        from /usr/local/lib/ruby/gems/2.1/gems/twitter-5.8.0/lib/twitter/rest/utils.rb:39:in `perform_with_object'
        from /usr/local/lib/ruby/gems/2.1/gems/twitter-5.8.0/lib/twitter/rest/users.rb:257:in `user'
        from (irb):3
        from /usr/local/bin/irb:11:in `<main>'

This probably means you’re running the ports based OpenSSL. Contrary to the base OpenSSL version, the port one does not read the cert.pem file from /etc/ssl but from /usr/local/etc/openssl.

You now have 2 ways to fix that.

If /etc/ssl/cert.pem exists, just create a symlink to /usr/local/etc/openssl/cert.pem.

If /etc/ssl/cert.pem does not exist, get the Curl cacert file:

wget -O /usr/local/etc/openssl/cert.pem

This will fix your OpenSSL issue.

Perry the Platypus wants you to subscribe now! Even if you don't visit my site on a regular basis, you can get the latest posts delivered to you for free via Email: