Running Homebrew on a corporate network that intercepts SSL traffic


(Nicholas Chammas) #1

I’m running Homebrew on my work laptop on a corporate network. The good folks running the network intercept all SSL traffic, so we have custom CA bundles installed on our laptops.

Homebrew worked fine under these conditions, but today I’m suddenly unable to run brew search due to some issue with SSL, presumably caused by the aforementioned corporate interceptions:

$ brew search psql
Error: SSL_connect returned=1 errno=0 state=error: certificate verify failed
Please report this bug:
  https://docs.brew.sh/Troubleshooting
/usr/local/Homebrew/Library/Homebrew/vendor/portable-ruby/2.3.7/lib/ruby/2.3.0/net/protocol.rb:44:in `connect_nonblock'
/usr/local/Homebrew/Library/Homebrew/vendor/portable-ruby/2.3.7/lib/ruby/2.3.0/net/protocol.rb:44:in `ssl_socket_connect'
/usr/local/Homebrew/Library/Homebrew/vendor/portable-ruby/2.3.7/lib/ruby/2.3.0/net/http.rb:928:in `connect'
/usr/local/Homebrew/Library/Homebrew/vendor/portable-ruby/2.3.7/lib/ruby/2.3.0/net/http.rb:863:in `do_start'
/usr/local/Homebrew/Library/Homebrew/vendor/portable-ruby/2.3.7/lib/ruby/2.3.0/net/http.rb:852:in `start'
/usr/local/Homebrew/Library/Homebrew/vendor/portable-ruby/2.3.7/lib/ruby/2.3.0/open-uri.rb:319:in `open_http'
/usr/local/Homebrew/Library/Homebrew/vendor/portable-ruby/2.3.7/lib/ruby/2.3.0/open-uri.rb:737:in `buffer_open'
/usr/local/Homebrew/Library/Homebrew/vendor/portable-ruby/2.3.7/lib/ruby/2.3.0/open-uri.rb:212:in `block in open_loop'
/usr/local/Homebrew/Library/Homebrew/vendor/portable-ruby/2.3.7/lib/ruby/2.3.0/open-uri.rb:210:in `catch'
/usr/local/Homebrew/Library/Homebrew/vendor/portable-ruby/2.3.7/lib/ruby/2.3.0/open-uri.rb:210:in `open_loop'
/usr/local/Homebrew/Library/Homebrew/vendor/portable-ruby/2.3.7/lib/ruby/2.3.0/open-uri.rb:151:in `open_uri'
/usr/local/Homebrew/Library/Homebrew/vendor/portable-ruby/2.3.7/lib/ruby/2.3.0/open-uri.rb:717:in `open'
/usr/local/Homebrew/Library/Taps/homebrew/homebrew-cask-versions/Casks/gpg-suite-nightly.rb:7:in `block (2 levels) in load'
/usr/local/Homebrew/Library/Homebrew/cask/lib/hbc/dsl.rb:161:in `block (2 levels) in url'
/usr/local/Homebrew/Library/Homebrew/lazy_object.rb:8:in `__getobj__'
/usr/local/Homebrew/Library/Homebrew/vendor/portable-ruby/2.3.7/lib/ruby/2.3.0/delegate.rb:80:in `method_missing'
/usr/local/Homebrew/Library/Taps/homebrew/homebrew-cask-versions/Casks/gpg-suite-nightly.rb:12:in `block in load'
/usr/local/Homebrew/Library/Homebrew/cask/lib/hbc/cask.rb:40:in `instance_eval'
/usr/local/Homebrew/Library/Homebrew/cask/lib/hbc/cask.rb:40:in `initialize'
/usr/local/Homebrew/Library/Homebrew/cask/lib/hbc/cask_loader.rb:32:in `new'
/usr/local/Homebrew/Library/Homebrew/cask/lib/hbc/cask_loader.rb:32:in `cask'
/usr/local/Homebrew/Library/Homebrew/cask/lib/hbc/cask_loader.rb:76:in `cask'
/usr/local/Homebrew/Library/Homebrew/compat/hbc/cask_loader.rb:15:in `cask'
/usr/local/Homebrew/Library/Homebrew/cask/lib/hbc/cask_loader.rb:122:in `cask'
/usr/local/Homebrew/Library/Taps/homebrew/homebrew-cask-versions/Casks/gpg-suite-nightly.rb:1:in `load'
/usr/local/Homebrew/Library/Homebrew/cask/lib/hbc/cask_loader.rb:59:in `instance_eval'
/usr/local/Homebrew/Library/Homebrew/cask/lib/hbc/cask_loader.rb:59:in `load'
/usr/local/Homebrew/Library/Homebrew/cask/lib/hbc/cask.rb:21:in `block in each'
/usr/local/Homebrew/Library/Homebrew/cask/lib/hbc/cask.rb:19:in `each'
/usr/local/Homebrew/Library/Homebrew/cask/lib/hbc/cask.rb:19:in `each'
/usr/local/Homebrew/Library/Homebrew/searchable.rb:27:in `select'
/usr/local/Homebrew/Library/Homebrew/searchable.rb:27:in `search_string'
/usr/local/Homebrew/Library/Homebrew/searchable.rb:7:in `search'
/usr/local/Homebrew/Library/Homebrew/extend/os/mac/search.rb:29:in `search_casks'
/usr/local/Homebrew/Library/Homebrew/cmd/search.rb:83:in `search'
/usr/local/Homebrew/Library/Homebrew/brew.rb:87:in `<main>'

The money shot appears to be:

Error: SSL_connect returned=1 errno=0 state=error: certificate verify failed

Everything else is working fine, though:

$ brew update
Already up-to-date.
$ brew --version
Homebrew 1.7.1-204-g8e703e3
Homebrew/homebrew-core (git revision 4257cb; last commit 2018-08-09)
$ brew doctor
Please note that these warnings are just used to help the Homebrew maintainers
with debugging if you file an issue. If everything you use Homebrew for is
working fine: please don't worry or file an issue; just ignore this. Thanks!

Warning: Putting non-prefixed coreutils in your path can cause gmp builds to fail.
$ 

So how do I troubleshoot the certificate verify failed error? For example, how do I manually point Ruby (which is where I gather the error is coming from) to the custom CA bundle, to see if that helps? What else should I try?


Installs work fine but cannot search - SSL Error
Installs work fine but cannot search - SSL Error