Code Monkey home page Code Monkey logo

Comments (15)

kyledrake avatar kyledrake commented on August 18, 2024

Interesting. What version of ruby are you using?

from coinbase-ruby.

kyledrake avatar kyledrake commented on August 18, 2024

I have confirmed this. The current certificate is failing verification. Let me see if I can figure out what is going on.

from coinbase-ruby.

kyledrake avatar kyledrake commented on August 18, 2024 
$ openssl x509 -in ca-coinbase.crt -text
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
        Validity
            Not Before: Nov 10 00:00:00 2006 GMT
            Not After : Nov 10 00:00:00 2031 GMT
        Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
.. blah blah ..
-----BEGIN CERTIFICATE-----
MIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBs
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j
ZSBFViBSb290IENBMB4XDTA2MTExMDAwMDAwMFoXDTMxMTExMDAwMDAwMFowbDEL
MAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3
LmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFuY2Ug
RVYgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMbM5XPm
+9S75S0tMqbf5YE/yc0lSbZxKsPVlDRnogocsF9ppkCxxLeyj9CYpKlBWTrT3JTW
PNt0OKRKzE0lgvdKpVMSOO7zSW1xkX5jtqumX8OkhPhPYlG++MXs2ziS4wblCJEM
xChBVfvLWokVfnHoNb9Ncgk9vjo4UFt3MRuNs8ckRZqnrG0AFFoEt7oT61EKmEFB
Ik5lYYeBQVCmeVyJ3hlKV9Uu5l0cUyx+mM0aBhakaHPQNAQTXKFx01p8VdteZOE3
hzBWBOURtCmAEvF5OYiiAhF8J2a3iLd48soKqDirCmTCv2ZdlYTBoSUeh10aUAsg
EsxBu24LUTi4S8sCAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQF
MAMBAf8wHQYDVR0OBBYEFLE+w2kD+L9HAdSYJhoIAu9jZCvDMB8GA1UdIwQYMBaA
FLE+w2kD+L9HAdSYJhoIAu9jZCvDMA0GCSqGSIb3DQEBBQUAA4IBAQAcGgaX3Nec
nzyIZgYIVyHbIUf4KmeqvxgydkAQV8GK83rZEWWONfqe/EW1ntlMMUu4kehDLI6z
eM7b41N5cdblIZQB2lWHmiRk9opmzN6cN82oNLFpmyPInngiK3BD41VHMWEZ71jF
hS9OMPagMRYjyOfiZRYzy78aG6A9+MpeizGLYAiJLQwGXFK3xPkKmNEVX58Svnw2
Yzi9RKR/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CAx2/S6cCZdkGCe
vEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep
+OkuE6N36B9K
-----END CERTIFICATE-----

$ curl --cacert ./ca-coinbase.crt -vi https://coinbase.com/api/v1/account/balance?api_key=SECRET_KEY
* About to connect() to coinbase.com port 443 (#0)
*   Trying 141.101.113.127...
* connected
* Connected to coinbase.com (141.101.113.127) port 443 (#0)
* successfully set certificate verify locations:
*   CAfile: ./ca-coinbase.crt
  CApath: none
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using RC4-SHA
* Server certificate:
*    subject: C=US; ST=CA; L=San Francisco; O=CloudFlare, Inc.; CN=ssl4029.cloudflare.com
*    start date: 2013-04-12 19:18:21 GMT
*    expire date: 2018-01-15 17:32:16 GMT
*    subjectAltName: coinbase.com matched
*    issuer: C=BE; O=GlobalSign nv-sa; CN=GlobalSign Organization Validation CA - G2
*    SSL certificate verify ok.
> GET /api/v1/account/balance?api_key=SECRET_KEY HTTP/1.1
> User-Agent: curl/7.24.0 (x86_64-apple-darwin12.0) libcurl/7.24.0 OpenSSL/0.9.8r zlib/1.2.5
> Host: coinbase.com
> Accept: */*
> 
< HTTP/1.1 200 OK
HTTP/1.1 200 OK
< Server: cloudflare-nginx

My current theory is that Coinbase has recently switched to Cloudflare and is now using a different ssl certificate as a result.

from coinbase-ruby.

kyledrake avatar kyledrake commented on August 18, 2024

"Enable SSL with either a SSL certificate issued by CloudFlare or by uploading your own dedicated certificate to the CloudFlare network. We allow for upload of any SSL certificate type including Extended Validation (EV) SSL."

So I think the ssl cert just needs to get uploaded on Cloudflare. This problem should go away soon! I suspect this isn't foul play.

from coinbase-ruby.

Swizec avatar Swizec commented on August 18, 2024

Awesome!

So it's just a matter of waiting for coinbase to update their CloudFlare settings?

from coinbase-ruby.

kyledrake avatar kyledrake commented on August 18, 2024

If my hypothesis is correct then yes. Until then you can either add the certificate for Cloudflare's default wildcard SSL, or disable the certificate check in the interim as a temporary workaround.

from coinbase-ruby.

sibblegp avatar sibblegp commented on August 18, 2024

You dastardly fools! You've foiled my plan to steal all of teh bitcoinz! And I would have gotten away with it too, if it weren't for you meddling developers!

/sorry, had to

from coinbase-ruby.

kyledrake avatar kyledrake commented on August 18, 2024

@sibblegp Are you seeing a similar problem with the python library? I can't get cURL to fail verification, which is strange to me.

from coinbase-ruby.

sibblegp avatar sibblegp commented on August 18, 2024

I haven't tried it yet and won't have time for a few days. My guess is yes. The Cloudflare theory is sound.

from coinbase-ruby.

lian avatar lian commented on August 18, 2024

we changed from digicert to globalsign and missed to update the rubygem. thanks for noticing!

issue resolved in current master now.

from coinbase-ruby.

lian avatar lian commented on August 18, 2024

@Swizec btw, if you comment out the ssl_ca_file and your ruby doesn't know about your systems ca certs or the system ones are bad then mitm is possible and ruby gives you now hit/error.

from coinbase-ruby.

lian avatar lian commented on August 18, 2024

@kyledrake awesome job pushing it to libs in another languages. thank you very much!

from coinbase-ruby.

kyledrake avatar kyledrake commented on August 18, 2024

I sent pull requests for a few other coinbase libraries using the old certs, see my news feed to see them all.

from coinbase-ruby.

kyledrake avatar kyledrake commented on August 18, 2024

@lian NP, see you tomorrow. 😃

from coinbase-ruby.

barmstrong avatar barmstrong commented on August 18, 2024

Nice work guys :)

from coinbase-ruby.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.