Comments (15)
Interesting. What version of ruby are you using?
from coinbase-ruby.
I have confirmed this. The current certificate is failing verification. Let me see if I can figure out what is going on.
from coinbase-ruby.
$ openssl x509 -in ca-coinbase.crt -text
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
Validity
Not Before: Nov 10 00:00:00 2006 GMT
Not After : Nov 10 00:00:00 2031 GMT
Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
.. blah blah ..
-----BEGIN CERTIFICATE-----
MIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBs
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j
ZSBFViBSb290IENBMB4XDTA2MTExMDAwMDAwMFoXDTMxMTExMDAwMDAwMFowbDEL
MAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3
LmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFuY2Ug
RVYgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMbM5XPm
+9S75S0tMqbf5YE/yc0lSbZxKsPVlDRnogocsF9ppkCxxLeyj9CYpKlBWTrT3JTW
PNt0OKRKzE0lgvdKpVMSOO7zSW1xkX5jtqumX8OkhPhPYlG++MXs2ziS4wblCJEM
xChBVfvLWokVfnHoNb9Ncgk9vjo4UFt3MRuNs8ckRZqnrG0AFFoEt7oT61EKmEFB
Ik5lYYeBQVCmeVyJ3hlKV9Uu5l0cUyx+mM0aBhakaHPQNAQTXKFx01p8VdteZOE3
hzBWBOURtCmAEvF5OYiiAhF8J2a3iLd48soKqDirCmTCv2ZdlYTBoSUeh10aUAsg
EsxBu24LUTi4S8sCAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQF
MAMBAf8wHQYDVR0OBBYEFLE+w2kD+L9HAdSYJhoIAu9jZCvDMB8GA1UdIwQYMBaA
FLE+w2kD+L9HAdSYJhoIAu9jZCvDMA0GCSqGSIb3DQEBBQUAA4IBAQAcGgaX3Nec
nzyIZgYIVyHbIUf4KmeqvxgydkAQV8GK83rZEWWONfqe/EW1ntlMMUu4kehDLI6z
eM7b41N5cdblIZQB2lWHmiRk9opmzN6cN82oNLFpmyPInngiK3BD41VHMWEZ71jF
hS9OMPagMRYjyOfiZRYzy78aG6A9+MpeizGLYAiJLQwGXFK3xPkKmNEVX58Svnw2
Yzi9RKR/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CAx2/S6cCZdkGCe
vEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep
+OkuE6N36B9K
-----END CERTIFICATE-----
$ curl --cacert ./ca-coinbase.crt -vi https://coinbase.com/api/v1/account/balance?api_key=SECRET_KEY
* About to connect() to coinbase.com port 443 (#0)
* Trying 141.101.113.127...
* connected
* Connected to coinbase.com (141.101.113.127) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: ./ca-coinbase.crt
CApath: none
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using RC4-SHA
* Server certificate:
* subject: C=US; ST=CA; L=San Francisco; O=CloudFlare, Inc.; CN=ssl4029.cloudflare.com
* start date: 2013-04-12 19:18:21 GMT
* expire date: 2018-01-15 17:32:16 GMT
* subjectAltName: coinbase.com matched
* issuer: C=BE; O=GlobalSign nv-sa; CN=GlobalSign Organization Validation CA - G2
* SSL certificate verify ok.
> GET /api/v1/account/balance?api_key=SECRET_KEY HTTP/1.1
> User-Agent: curl/7.24.0 (x86_64-apple-darwin12.0) libcurl/7.24.0 OpenSSL/0.9.8r zlib/1.2.5
> Host: coinbase.com
> Accept: */*
>
< HTTP/1.1 200 OK
HTTP/1.1 200 OK
< Server: cloudflare-nginx
My current theory is that Coinbase has recently switched to Cloudflare and is now using a different ssl certificate as a result.
from coinbase-ruby.
"Enable SSL with either a SSL certificate issued by CloudFlare or by uploading your own dedicated certificate to the CloudFlare network. We allow for upload of any SSL certificate type including Extended Validation (EV) SSL."
So I think the ssl cert just needs to get uploaded on Cloudflare. This problem should go away soon! I suspect this isn't foul play.
from coinbase-ruby.
Awesome!
So it's just a matter of waiting for coinbase to update their CloudFlare settings?
from coinbase-ruby.
If my hypothesis is correct then yes. Until then you can either add the certificate for Cloudflare's default wildcard SSL, or disable the certificate check in the interim as a temporary workaround.
from coinbase-ruby.
You dastardly fools! You've foiled my plan to steal all of teh bitcoinz! And I would have gotten away with it too, if it weren't for you meddling developers!
/sorry, had to
from coinbase-ruby.
@sibblegp Are you seeing a similar problem with the python library? I can't get cURL to fail verification, which is strange to me.
from coinbase-ruby.
I haven't tried it yet and won't have time for a few days. My guess is yes. The Cloudflare theory is sound.
from coinbase-ruby.
we changed from digicert to globalsign and missed to update the rubygem. thanks for noticing!
issue resolved in current master now.
from coinbase-ruby.
@Swizec btw, if you comment out the ssl_ca_file and your ruby doesn't know about your systems ca certs or the system ones are bad then mitm is possible and ruby gives you now hit/error.
from coinbase-ruby.
@kyledrake awesome job pushing it to libs in another languages. thank you very much!
from coinbase-ruby.
I sent pull requests for a few other coinbase libraries using the old certs, see my news feed to see them all.
from coinbase-ruby.
@lian NP, see you tomorrow. 😃
from coinbase-ruby.
Nice work guys :)
from coinbase-ruby.
Related Issues (20)
- How to get transaction_fee amount before sending BTC? HOT 2
- `account.address_transactions(address_id)` broken HOT 2
- Coinbase::Wallet::InvalidRequestError: Invalid currency (BTC-USD) HOT 3
- Addresses method going not working HOT 2
- Cannot refresh OAuth tokens HOT 5
- Rename 'send' to non-reserved method nam HOT 1
- Return Error Status Code in Coinbase::Wallet::APIError HOT 6
- Inquiry about ROI features HOT 1
- OAuth Token Refresh Issue HOT 2
- Coinbase::Wallet::APIError - [410] HOT 1
- Required parameter missing: currency HOT 1
- Invalid amount HOT 3
- OpenSSL issue in Production Server HOT 1
- Coinbase API 4.2.1 Account Request Method, Missing parameter: `type` HOT 1
- ''
- api.sandbox.coinbase.com:443 open=false HOT 3
- Generate payment button
- buy_price and sell_price only return BTH-USD HOT 10
- How to supply the API version. HOT 1
- Amount Conversion doesn't work properly HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from coinbase-ruby.