Ruby on rails 检索PEM证书:SSL\u connect返回=1 errno=0 state=SSLv3读取服务器证书B:证书验证失败
和其他许多人一样,我也遇到了Ruby的错误:SSL\u connect返回=1 errno=0 state=SSLv3读取服务器证书B:证书验证失败 我下载了一个cacert.pem,并尝试这样添加它:Ruby on rails 检索PEM证书:SSL\u connect返回=1 errno=0 state=SSLv3读取服务器证书B:证书验证失败,ruby-on-rails,security,ssl,openssl,sslhandshakeexception,Ruby On Rails,Security,Ssl,Openssl,Sslhandshakeexception,和其他许多人一样,我也遇到了Ruby的错误:SSL\u connect返回=1 errno=0 state=SSLv3读取服务器证书B:证书验证失败 我下载了一个cacert.pem,并尝试这样添加它: require 'net/http' # create a path to the file "C:\RailsInstaller\cacert.pem" cacert_file = File.join(%w{c: RailsInstaller cacert.pem}) Net::HTTP.
require 'net/http'
# create a path to the file "C:\RailsInstaller\cacert.pem"
cacert_file = File.join(%w{c: RailsInstaller cacert.pem})
Net::HTTP.start("curl.haxx.se") do |http|
resp = http.get("/ca/cacert.pem")
if resp.code == "200"
open(cacert_file, "wb") { |file| file.write(resp.body) }
puts "\n\nA bundle of certificate authorities has been installed to"
puts "C:\\RailsInstaller\\cacert.pem\n"
puts "* Please set SSL_CERT_FILE in your current command prompt session with:"
puts " set SSL_CERT_FILE=C:\\RailsInstaller\\cacert.pem"
puts "* To make this a permanent setting, add it to Environment Variables"
puts " under Control Panel -> Advanced -> Environment Variables"
else
abort "\n\n>>>> A cacert.pem bundle could not be downloaded."
end
end
require 'open-uri'
require 'net/https'
module Net
class HTTP
alias_method :original_use_ssl=, :use_ssl=
def use_ssl=(flag)
self.ca_file = Rails.root.join('lib/ca-bundle.crt')
self.verify_mode = OpenSSL::SSL::VERIFY_PEER
self.original_use_ssl = flag
end
end
end
就像这样:
require 'net/http'
# create a path to the file "C:\RailsInstaller\cacert.pem"
cacert_file = File.join(%w{c: RailsInstaller cacert.pem})
Net::HTTP.start("curl.haxx.se") do |http|
resp = http.get("/ca/cacert.pem")
if resp.code == "200"
open(cacert_file, "wb") { |file| file.write(resp.body) }
puts "\n\nA bundle of certificate authorities has been installed to"
puts "C:\\RailsInstaller\\cacert.pem\n"
puts "* Please set SSL_CERT_FILE in your current command prompt session with:"
puts " set SSL_CERT_FILE=C:\\RailsInstaller\\cacert.pem"
puts "* To make this a permanent setting, add it to Environment Variables"
puts " under Control Panel -> Advanced -> Environment Variables"
else
abort "\n\n>>>> A cacert.pem bundle could not be downloaded."
end
end
require 'open-uri'
require 'net/https'
module Net
class HTTP
alias_method :original_use_ssl=, :use_ssl=
def use_ssl=(flag)
self.ca_file = Rails.root.join('lib/ca-bundle.crt')
self.verify_mode = OpenSSL::SSL::VERIFY_PEER
self.original_use_ssl = flag
end
end
end
我甚至试图取消支票:
require 'faraday'
module Faraday
class Adapter
class NetHttp < Faraday::Adapter
def call(env)
super
is_ssl = env[:url].scheme == 'https'
http = net_http_class(env).new(env[:url].host, env[:url].port || (is_ssl ? 443 : 80))
if http.use_ssl = is_ssl
ssl = env[:ssl]
if ssl[:verify] == false
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
else
http.verify_mode = OpenSSL::SSL::VERIFY_NONE # <= PATCH or HACK ssl[:verify]
end
http.cert = ssl[:client_cert] if ssl[:client_cert]
http.key = ssl[:client_key] if ssl[:client_key]
http.ca_file = ssl[:ca_file] if ssl[:ca_file]
end
req = env[:request]
http.read_timeout = net.open_timeout = req[:timeout] if req[:timeout]
http.open_timeout = req[:open_timeout] if req[:open_timeout]
full_path = full_path_for(env[:url].path, env[:url].query, env[:url].fragment)
http_req = Net::HTTPGenericRequest.new(
env[:method].to_s.upcase, # request method
(env[:body] ? true : false), # is there data
true, # does net/http love you, true or false?
full_path, # request uri path
env[:request_headers]) # request headers
if env[:body].respond_to?(:read)
http_req.body_stream = env[:body]
env[:body] = nil
end
http_resp = http.request http_req, env[:body]
resp_headers = {}
http_resp.each_header do |key, value|
resp_headers[key] = value
end
env.update \
:status => http_resp.code.to_i,
:response_headers => resp_headers,
:body => http_resp.body
@app.call env
rescue Errno::ECONNREFUSED
raise Error::ConnectionFailed.new(Errno::ECONNREFUSED)
end
def net_http_class(env)
if proxy = env[:request][:proxy]
Net::HTTP::Proxy(proxy[:uri].host, proxy[:uri].port, proxy[:user], proxy[:password])
else
Net::HTTP
end
end
end
end
end
所以我打开了
https://myserver.com/Request.ashx
在chrome中请求,单击小锁图标以获取证书详细信息。但是我找不到任何要导出的PEM文件。我可以看出这是一个科摩多证书。我没有自己的服务器,因此我必须找到解决方案。您可以对Net::HTTP的给定实例禁用证书验证:
stock.verify_mode = OpenSSL::SSL::VERIFY_NONE
或者,您可以使用以下方法在流程中全局禁用SSL验证:
OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE
注意:Ruby解释器将警告您常量已经初始化。有时你可能会犯严重的错误。如果是这种情况,您可以取消分配常数并使用以下代码再次初始化它:
OpenSSL::SSL.send(:remove_const, :VERIFY_PEER)
OpenSSL::SSL.const_set(:VERIFY_PEER, OpenSSL::SSL::VERIFY_NONE)
对于您的问题,这不是一个完美的解决方案,但如果安全性不是一个大问题,您可以使用上述方法绕过SSL证书验证。您仍将拥有到服务器的加密安全连接 我应该把第二个放在哪里?如果您使用的是rails,那么您可以将它添加到初始值设定项中。否则,只要在开始使用Net::HTTP
之前执行一次,就可以将其放在任何需要的地方。在脚本中需要'net/http'
后,脚本将工作OpenSSL::SSL::VERIFY\u PEER=OpenSSL::SSL::VERIFY\u NONE
结果出现语法错误:动态常量赋值
@bbozo您始终可以使用第一种方法禁用给定实例,但不能全局禁用(第二种方法更适用于开发模式,您仍在使用代码而不是生产服务器进行试验)。无论哪种方法,您都可以取消设置给定常量以避免动态常量分配。您可以尝试以下操作:OpenSSL::SSL.send(:remove_const,:VERIFY_PEER);OpenSSL::SSL.const_set(:VERIFY_PEER,OpenSSL::VERIFY_NONE)
。确保需要net/http