Fatal编程技术网
  • ruby-on-rails/
  • Ruby on rails 如何在Ruby Http客户端中使用TLS1.2

Ruby on rails 如何在Ruby Http客户端中使用TLS1.2

ruby-on-rails ruby ruby-on-rails-4 openssl

Ruby on rails 如何在Ruby Http客户端中使用TLS1.2,ruby-on-rails,ruby,ruby-on-rails-4,openssl,tls1.2,Ruby On Rails,Ruby,Ruby On Rails 4,Openssl,Tls1.2,我正在尝试使用TLS1.2访问第三方api,但获取了带有有效证书的SSL错误事件 Ruby版本: ruby 2.3.0p0 (2015-12-25 revision 53290) [x86_64-linux] Rails 4.2.5 Rails版本: ruby 2.3.0p0 (2015-12-25 revision 53290) [x86_64-linux] Rails 4.2.5 代码: ua = Net::HTTP.new(SERVER, 443) ua.ins

我正在尝试使用TLS1.2访问第三方api,但获取了带有有效证书的SSL错误事件

Ruby版本:

 ruby 2.3.0p0 (2015-12-25 revision 53290) [x86_64-linux]

Rails 4.2.5
Rails版本:

 ruby 2.3.0p0 (2015-12-25 revision 53290) [x86_64-linux]

Rails 4.2.5
代码:

    ua = Net::HTTP.new(SERVER, 443)
    ua.instance_eval {
      @ssl_context = OpenSSL::SSL::SSLContext.new
      options = OpenSSL::SSL::OP_NO_SSLv2 | OpenSSL::SSL::OP_NO_SSLv3
      if OpenSSL::SSL.const_defined?('OP_NO_COMPRESSION')
        options |= OpenSSL::SSL::OP_NO_COMPRESSION
      end
      @ssl_context.set_params({options: options})
    }
   # ua.instance_eval { @ssl_context = OpenSSL::SSL::SSLContext.new(:TLSv1_2) }
    ua.use_ssl = true

    # Checks presence of CA certificate
    if File.directory?(RootCA)
      ua.ca_path = RootCA
      ua.verify_mode = OpenSSL::SSL::VERIFY_PEER
      ua.verify_depth = 3
    else
      puts "Invalid CA certificates directory. Exiting..."
      exit
    end

OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
    from /home/cp/.rbenv/versions/2.3.0/lib/ruby/2.3.0/net/http.rb:933:in `connect_nonblock'
    from /home/cp/.rbenv/versions/2.3.0/lib/ruby/2.3.0/net/http.rb:933:in `connect'
    from /home/cp/.rbenv/versions/2.3.0/lib/ruby/2.3.0/net/http.rb:863:in `do_start'
    from /home/cp/.rbenv/versions/2.3.0/lib/ruby/2.3.0/net/http.rb:852:in `start'
    from /home/cp/.rbenv/versions/2.3.0/lib/ruby/2.3.0/net/http.rb:1398:in `request'
    from /home/cp/.rbenv/versions/2.3.0/lib/ruby/2.3.0/net/http.rb:1421:in `send_entity'
    from /home/cp/.rbenv/versions/2.3.0/lib/ruby/2.3.0/net/http.rb:1209:in `post'
错误:

    ua = Net::HTTP.new(SERVER, 443)
    ua.instance_eval {
      @ssl_context = OpenSSL::SSL::SSLContext.new
      options = OpenSSL::SSL::OP_NO_SSLv2 | OpenSSL::SSL::OP_NO_SSLv3
      if OpenSSL::SSL.const_defined?('OP_NO_COMPRESSION')
        options |= OpenSSL::SSL::OP_NO_COMPRESSION
      end
      @ssl_context.set_params({options: options})
    }
   # ua.instance_eval { @ssl_context = OpenSSL::SSL::SSLContext.new(:TLSv1_2) }
    ua.use_ssl = true

    # Checks presence of CA certificate
    if File.directory?(RootCA)
      ua.ca_path = RootCA
      ua.verify_mode = OpenSSL::SSL::VERIFY_PEER
      ua.verify_depth = 3
    else
      puts "Invalid CA certificates directory. Exiting..."
      exit
    end

OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
    from /home/cp/.rbenv/versions/2.3.0/lib/ruby/2.3.0/net/http.rb:933:in `connect_nonblock'
    from /home/cp/.rbenv/versions/2.3.0/lib/ruby/2.3.0/net/http.rb:933:in `connect'
    from /home/cp/.rbenv/versions/2.3.0/lib/ruby/2.3.0/net/http.rb:863:in `do_start'
    from /home/cp/.rbenv/versions/2.3.0/lib/ruby/2.3.0/net/http.rb:852:in `start'
    from /home/cp/.rbenv/versions/2.3.0/lib/ruby/2.3.0/net/http.rb:1398:in `request'
    from /home/cp/.rbenv/versions/2.3.0/lib/ruby/2.3.0/net/http.rb:1421:in `send_entity'
    from /home/cp/.rbenv/versions/2.3.0/lib/ruby/2.3.0/net/http.rb:1209:in `post'
在使用openssl()构建ruby之后,问题得到了解决。

openssl::SSL::SSLContext.new('TLSv1\U 2\U client')至少这就是我正在使用的。使用TLS 1.0和。另请参见和。我对用Ruby做简单的安全101操作感到非常沮丧,我不再使用它了。