starred/Proxyman
1
0
Fork 0
mirror of https://github.com/ProxymanApp/Proxyman.git synced 2026-04-27 09:05:54 +03:00
Code Issues 1.2k Projects Releases 5 Packages Wiki Activity

[GH-ISSUE #682] "SSL handshake failed" error after setting https_proxy variable in terminal for CLI usage #677

New issue
Closed
opened 2026-03-03 19:20:53 +03:00 by kerem · 7 comments
kerem commented 2026-03-03 19:20:53 +03:00
Owner
Copy link

Originally created by @djpowers on GitHub (Nov 11, 2020).
Original GitHub issue: https://github.com/ProxymanApp/Proxyman/issues/682

Originally assigned to: @NghiaTranUIT on GitHub.

Proxyman version? (Ex. Proxyman 1.4.3)

2.11.1

macOS Version? (Ex. mac 10.14)

10.15.7

Steps to reproduce

  1. In a terminal window, run: export https_proxy=http://127.0.0.1:9090 (approach copied from this comment, fixing presumed typo in IP address)
  2. Open a new Rails console and make an API call resulting in an HTTPS request.
  3. Response says "Enable SSL Proxying to see this content" (with "Enabled" button indicating certificate is installed and trusted), so then click "Enable all domains from 'rails_console'."
  4. Run same request from previous step.

Proxyman shows:

handshakeFailed(NIOSSL.BoringSSLError.sslError([Error: 268436504 error:10000418:SSL routines:OPENSSL_internal:TLSV1_ALERT_UNKNOWN_CA]))

And directed me to the SSL Error from HTTPS Request/Response troubleshooting page. (I am able to successfully see HTTPS responses when visiting https://google.com.)

Rails console shows:

Faraday::SSLError: SSL_connect returned=1 errno=0 state=error: certificate verify failed
from ~/.rbenv/versions/2.3.0/lib/ruby/2.3.0/net/http.rb:933:in `connect_nonblock'
Caused by OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=error: certificate verify failed
from ~/.rbenv/versions/2.3.0/lib/ruby/2.3.0/net/http.rb:933:in `connect_nonblock'

Expected behavior

Request is shown in Proxyman with response viewable.

This might be outside the scope of Proxyman, but it seems that Ruby is not detecting the certificate for some reason.

Any help you're able to provide is appreciated.

Originally created by @djpowers on GitHub (Nov 11, 2020). Original GitHub issue: https://github.com/ProxymanApp/Proxyman/issues/682 Originally assigned to: @NghiaTranUIT on GitHub. ### Proxyman version? (Ex. Proxyman 1.4.3) 2.11.1 ### macOS Version? (Ex. mac 10.14) 10.15.7 ### Steps to reproduce 1. In a terminal window, run: `export https_proxy=http://127.0.0.1:9090` (approach copied from [this comment](https://github.com/ProxymanApp/Proxyman/issues/236#issuecomment-518063728), fixing presumed typo in IP address) 2. Open a new [Rails console](https://guides.rubyonrails.org/command_line.html#rails-console) and make an API call resulting in an HTTPS request. 3. Response says "Enable SSL Proxying to see this content" (with "Enabled" button indicating certificate is installed and trusted), so then click "Enable all domains from 'rails_console'." 4. Run same request from previous step. Proxyman shows: ``` handshakeFailed(NIOSSL.BoringSSLError.sslError([Error: 268436504 error:10000418:SSL routines:OPENSSL_internal:TLSV1_ALERT_UNKNOWN_CA])) ``` And directed me to the [SSL Error from HTTPS Request/Response](https://docs.proxyman.io/troubleshooting/get-ssl-error-from-https-request-and-response) troubleshooting page. (I am able to successfully see HTTPS responses when visiting `https://google.com`.) Rails console shows: ``` Faraday::SSLError: SSL_connect returned=1 errno=0 state=error: certificate verify failed from ~/.rbenv/versions/2.3.0/lib/ruby/2.3.0/net/http.rb:933:in `connect_nonblock' Caused by OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=error: certificate verify failed from ~/.rbenv/versions/2.3.0/lib/ruby/2.3.0/net/http.rb:933:in `connect_nonblock' ``` ### Expected behavior Request is shown in Proxyman with response viewable. This might be outside the scope of Proxyman, but it seems that Ruby is not detecting the certificate for some reason. Any help you're able to provide is appreciated.
kerem closed this issue 2026-03-03 19:20:54 +03:00
kerem commented 2026-03-03 19:20:54 +03:00
Author
Owner
Copy link

@NghiaTranUIT commented on GitHub (Nov 11, 2020):

If you're able to see HTTPS response from https://google.com, it means the problem comes from your Rail App.

Some libraries need a config to tell Rail app trusts Proxyman self-signed certificate since they're not using Apple Keychain's Trust Store.

For example, Java Virtual Machine doesn't use KeyChain, so I have to manually install it.

For Ruby and Rails, let me google it 😄

<!-- gh-comment-id:725193130 --> @NghiaTranUIT commented on GitHub (Nov 11, 2020): If you're able to see HTTPS response from https://google.com, it means the problem comes from your Rail App. Some libraries need a config to tell Rail app trusts Proxyman self-signed certificate since they're not using Apple Keychain's Trust Store. For example, Java Virtual Machine doesn't use KeyChain, so I have to manually install it. For Ruby and Rails, let me google it 😄
kerem commented 2026-03-03 19:20:54 +03:00
Author
Owner
Copy link

@NghiaTranUIT commented on GitHub (Nov 11, 2020):

I found some tutorials:

Basically, I googled how to use self-signed certificate or disable SSL Verification from Rail app.

Please let me know if it works.

<!-- gh-comment-id:725197546 --> @NghiaTranUIT commented on GitHub (Nov 11, 2020): I found some tutorials: - https://stackoverflow.com/a/1113614/3127477 - Use `rails s -b 'ssl://127.0.0.1:3000?key=config/ssl/localhost.ross.key&cert=config/ssl/localhost.ross.crt'` (https://rossta.net/blog/local-ssl-for-rails-5.html#trust-the-certificate) - https://medium.com/@matayoshi.mariano/how-to-add-ssl-to-your-localhost-with-puma-37a66a649f29 Basically, I googled how to use self-signed certificate or disable SSL Verification from Rail app. Please let me know if it works.
kerem commented 2026-03-03 19:20:54 +03:00
Author
Owner
Copy link

@djpowers commented on GitHub (Nov 12, 2020):

Thank you so much for the prompt reply and investigation!

The answer in the first option worked for me (adding OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE to a file in config/initializers, along with setting https_proxy in the terminal).

The others options appear to be intended for when running the Rails server, but the Rails console does not accept the --binding=IP flag so I'm not sure if they would be the best solution for that use case.

<!-- gh-comment-id:725827839 --> @djpowers commented on GitHub (Nov 12, 2020): Thank you so much for the prompt reply and investigation! The answer in the first option worked for me (adding `OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE` to a file in config/initializers, along with setting `https_proxy` in the terminal). The others options appear to be intended for when running the Rails server, but the Rails console does not accept the `--binding=IP` flag so I'm not sure if they would be the best solution for that use case.
kerem commented 2026-03-03 19:20:55 +03:00
Author
Owner
Copy link

@NghiaTranUIT commented on GitHub (Nov 12, 2020):

Glad to know that it works for you 👍 I will update the Troubleshooting to let other users know how to fix 😄

<!-- gh-comment-id:725828404 --> @NghiaTranUIT commented on GitHub (Nov 12, 2020): Glad to know that it works for you 👍 I will update the Troubleshooting to let other users know how to fix 😄
kerem commented 2026-03-03 19:20:55 +03:00
Author
Owner
Copy link

@djpowers commented on GitHub (Nov 12, 2020):

Also I'm not sure how it works under the hood, but I noticed that HTTP Toolkit has a clever way of Intercepting HTTP from Node.js and other command line tools by setting environmental variables & overrides. It would be great if Proxyman could implement something similar to avoid the need for changes to the code.

Either way, thanks again for the help! Feel free to close out this issue if that makes sense to you.

<!-- gh-comment-id:725828654 --> @djpowers commented on GitHub (Nov 12, 2020): Also I'm not sure how it works under the hood, but I noticed that HTTP Toolkit has a clever way of [Intercepting HTTP from Node.js](https://httptoolkit.tech/docs/getting-started/intercepting/#intercepting-http-from-nodejs) and other command line tools by setting environmental variables & overrides. It would be great if Proxyman could implement something similar to avoid the need for changes to the code. Either way, thanks again for the help! Feel free to close out this issue if that makes sense to you.
kerem commented 2026-03-03 19:20:55 +03:00
Author
Owner
Copy link

@NghiaTranUIT commented on GitHub (Nov 12, 2020):

Thanks for the hint. I will check out to see how this tool can do it automatically 👍

<!-- gh-comment-id:725829200 --> @NghiaTranUIT commented on GitHub (Nov 12, 2020): Thanks for the hint. I will check out to see how this tool can do it automatically 👍
kerem commented 2026-03-03 19:20:55 +03:00
Author
Owner
Copy link

@djpowers commented on GitHub (Apr 29, 2022):

Closing this out to help clean up the open issues.

In case someone (or future me) stumbles upon this, the initializer step is no longer necessary. See the Ruby docs page for the current solution (the provided environment variable can be set from within the Rails console).

<!-- gh-comment-id:1112816442 --> @djpowers commented on GitHub (Apr 29, 2022): Closing this out to help clean up the open issues. In case someone (or future me) stumbles upon this, the initializer step is no longer necessary. See the [Ruby docs page](https://docs.proxyman.io/debug-devices/ruby) for the current solution (the provided environment variable can be set from within the Rails console).
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
6.9.0
6.8.0
6.7.0
6.6.0
6.5.0
6.4.0
6.3.0
6.2.0
6.1.0
6.0.2
6.0.0
6.0.1
5.25.0
5.24.0
5.23.0
5.23.1
5.22.0
5.20.0
5.21.0
5.19.0
5.18.0
5.17.0
5.16.0
5.15.0
5.14.0
5.12.2
5.12.1
5.12.0
5.11.0
5.10.0
5.8.0
5.9.0
5.7.0
5.6.1
5.6.0
5.5.0
5.4.0
5.2.0
5.3.0
5.1.1
5.0.0
4.16.0
4.15.0
4.14.0
4.13.0
4.12.0
4.11.0
4.10.0
4.9.1
4.9.0
4.8.2
4.8.1
4.8.0
4.7.1
4.7.0
4.6.1
4.6.0
4.5.0
4.4.0
4.3.1
4.3.0
4.2.1
4.2.0
4.1.0
4.0.0
3.15.0
3.14.0
3.13.0
3.12.0
3.11.0
3.10.0
3.9.0
3.8.0
3.7.0
3.6.2
3.6.1
3.6.0
3.5.2
3.5.1
3.5.0
3.4.0
3.3.0
3.2.0
3.1.0
3.0.0
2.35.4
2.35.3
2.35.2
2.35.1
2.35.0
2.34.1
2.34.0
2.33.0
2.32.1
2.32.0
2.31.0
2.30.0
2.29.0
2.28.0
2.27.0
2.26.0
2.25.0
2.24.0
2.23.0
2.22.0
2.21.1
2.21.0
2.20.0
2.19.0
2.18.0
2.17.0
2.16.1
2.16.0
2.15.2
2.15.1
2.15.0
2.14.2
2.14.1
2.14.0
2.13.0
2.12.0
2.11.1
2.11.0
2.10.0
2.9.1
2.9.0
2.8.0
2.7.0
2.6.0
2.5.3
2.5.2
2.5.1
2.5.0
2.4.2
2.4.1
2.4.0
2.3.0
2.2.0
2.1.1
2.1.0
2.0.1
2.0.0
1.24.0
1.23.0
1.22.0
1.21.0
1.20.0
1.19.0
1.18.1
1.18.0
1.17.1
1.17.0
1.16.0
1.15.0
1.14.1
1.14.0
1.13.1
1.13.0
1.12.0
1.11.0
1.10.0
1.9.3
1.9.2
1.9.1
1.9.0
1.8.0
1.7.2
1.7.1
1.7.0
1.6.2
1.6.1
1.6.0
1.5.1
1.5.0
1.4.7
1.4.6
1.4.5.1
1.4.5
1.4.4.1
1.4.4
1.4.3
1.4.2
1.4.1.1
1.4.1
1.4
1.3.9
1.3.8
1.3.7
1.3.6
1.3.5
1.3.4.3
1.3.4.2
1.3.4.1
1.3.4
1.3.3
1.3.2
1.3.1
1.3
1.2
1.1.2
1.1.1
1.1
1.0.3
1.0.2
1.0
0.8.1
0.8
0.7
0.6
0.5.1
0.5
v0.4.1
Labels
Clear labels   
Discussion

   
Feature request

   
In Progress...

   
Plugins

   
Waiting response

   
Windows

   
Windows

   
bug

   
duplicate

   
enhancement

   
feature

   
good first issue

   
iOS

   
macOS 10.11

   
question

   
wontfix

   
Done
No labels
Discussion
Feature request
In Progress...
Plugins
Waiting response
Windows
Windows
bug
duplicate
enhancement
feature
good first issue
iOS
macOS 10.11
question
wontfix
Done
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/Proxyman#677
No description provided.