Unable to Install Librarian Chef Cookbooks on Windows 7

I am trying to set cookies librarian-chef

on windows command line. I have already installed the chef librarian using gem install librarian-chef

. However, I am getting this error:

C:\Users\crmpicco\Documents\vagrant-chef-deploy>librarian-chef install
DL is deprecated, please use Fiddle
Installing iptables (0.14.0)
C:/Ruby200-x64/lib/ruby/2.0.0/net/http.rb:918:in `connect': SSL_connect returned
=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (Ope
        from C:/Ruby200-x64/lib/ruby/2.0.0/net/http.rb:918:in `block in connect'

        from C:/Ruby200-x64/lib/ruby/2.0.0/timeout.rb:52:in `timeout'
        from C:/Ruby200-x64/lib/ruby/2.0.0/net/http.rb:918:in `connect'
        from C:/Ruby200-x64/lib/ruby/2.0.0/net/http.rb:862:in `do_start'
        from C:/Ruby200-x64/lib/ruby/2.0.0/net/http.rb:851:in `start'


Is this a problem with my configuration?

My sheffil:

#!/usr/bin/env ruby
#^syntax detection

site 'https://supermarket.getchef.com/api/v1'

# cookbook 'chef-client'

# cookbook 'apache2', '>= 1.0.0'

# cookbook 'rvm',
#   :git => 'https://github.com/fnichol/chef-rvm'

# cookbook 'postgresql',
#   :git => 'https://github.com/findsyou/cookbooks',
#   :ref => 'postgresql-improvements'

# Community cookbooks
#cookbook "apache2"
cookbook 'apache2', '~> 2.0.0'
cookbook "php"
#cookbook "yum"
#cookbook "ant"
cookbook "apt"
cookbook 'mysql', '~> 5.5.2'
cookbook "database"
cookbook "ssh_known_hosts"
cookbook "composer"
cookbook 'git', '~> 4.0.2'
cookbook 'varnish', '~> 0.9.18'
cookbook 'selinux', '~> 0.8.0'
cookbook 'hostsfile',
  :git => 'https://github.com/customink-webops/hostsfile'

cookbook "selenium", :git => 'https://github.com/kohkimakimoto/chef-cookbooks-selenium'



source to share

2 answers

Yes, the site uses an untrusted HTTPS certificate, and the chef librarian is doing everything right by refusing to connect to it. This is likely due to the fact that you need to update the root trust database. Generally, the easiest way to do this with Ruby is to download the cURL CA bundle and then set an environment variable SSL_CERT_FILE

to point to the path where you downloaded it. My windows-fu is rusty, but that should help you get a more recent CA listing.



As an extension to coderanger's answer, in my experience, you might have to use an older CA bundle. An explanation (and an older certificate) can be found here . However, you should be aware of the security implications for this.

Around the beginning of September 2014, Mozilla removed the trust bits from certificates in its CA package that were still using 1024-bit RSA keys. This can cause the TLS libraries to fail to validate some sites if the corresponding library does not properly support "path discovery" as defined in RFC 4158. (This includes OpenSSL and GnuTLS.)



All Articles