Defending against cyber threats amid Israel-Iran geopolitical tensions. Learn More

Defending against cyber threats amid Israel-Iran geopolitical tensions. Learn More

Submit RFP
Request a Demo
Services
Cyber Advisory
Managed Cloud Security
Data Security
Managed Detection & Response
Email Security
Managed Network Infrastructure Security
Exposure Management
Security Operations Platforms
Incident Readiness & Response
SpiderLabs Threat Intelligence
View All Services
Solutions
BY INDUSTRY
BY REGULATION
BY TOPIC
Offensive Security
Solutions to maximize your security ROI
Operational Technology
End-to-end OT security
Microsoft Security
Unlock the full power of Microsoft Security
Securing the IoT Landscape
Test, monitor and secure network objects
Why LevelBlue
About Us
We reduce cyber risk and build resilience
Awards and Accolades
The most recognized cybersecurity leader
LevelBlue SpiderLabs
Elite global threat experts and intelligence
PGA of America Partnership
Cybersecurity at the championship level
Secure What's Next
Future-proof your organization
LevelBlue Security Operations Platforms
Unprecedented security visibility and control
Security Colony
Cybersecurity threat protection resources
Partners
Microsoft
Unlock the full power of Microsoft Security
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Register
Login
Resources
BLOGS
UPCOMING
MEDIA & ASSETS
NOTICES
HELP

A Friday Afternoon Troubleshooting Ruby OpenSSL... it's a trap!

Change theme to light
5 Minute Read by Jonathan Claudius

Last Friday I was trying out some new code that one of my colleagues wrote to help automate some of the work involved in releasing new versions of the Trust Keeper Scan engine. One of the many things the code did was send emails. I hate writing boilerplate emails, so I was excited to put it to use and save myself some precious time. Unfortunately, when I ran the code for the first time, it crashed with the following error when trying to connect to our Exchange Server:

8102_17da7574-eb57-4147-af0d-ee8add605e3e
Now, this error is pretty self-explanatory, and having spent time working with other Ruby libraries that utilize OpenSSL, this basically means that we're failing to verify the certificate of the server we're connecting to. The interesting part to me, was that when I visited this URL with Chrome and other web browsers, they successfully verified the certificate provided. Weird huh?

12675_f382faf0-93ad-41e4-9754-a3d537fbd406

In this blog post, I'll explain some of the diggings around I had to do to get to the bottom of this issue and some other interesting bits I found along the way.

 

A Gem, Inside a Gem, Inside a Gem, Inside a Gem

First of all, Ruby Gems are pretty cool because you can use them as building blocks to build something bigger, badder, and meaner. One of the tricky aspects of having such a structure like this is tracking down who's responsible for an error when you run into problems.

In our case, we were using the Ruby Viewpoint gem. The Viewpoint gem provides a thin layer on top of Microsoft Exchange Web Service (EWS) and lets you do all kinds of fun things with Exchange, including sending emails. After getting the above error, I was able to track the failure down through the gem dependency chain down to it's source, which turned out to be just a couple gems deep.

  • Layer 1: Viewpoint Gem - A light layer for talking Exchange Web Services
  • Layer 2: Handsoap Gem - A library for creating SOAP clients in Ruby
  • Layer 3: httpclient - A library for HTTP protocol communication
  • Layer 4: OpenSSL - A library that interfaces with native OpenSSL

 

Certificate Verification Nuances in Ruby OpenSSL

So to get right down to it, we're basically trying to establish an SSL-wrapped socket with the target service. We can do this quite easily using Ruby OpenSSL.