&引用;未初始化常量OpenSSL::PKey::EC“;来自Ruby on CentOS 6.6
我有一个Rails服务器应用程序,它使用&引用;未初始化常量OpenSSL::PKey::EC“;来自Ruby on CentOS 6.6,ruby,openssl,centos,jwt,openid-connect,Ruby,Openssl,Centos,Jwt,Openid Connect,我有一个Rails服务器应用程序,它使用openid\u connectgem。当我尝试在CentOS 6.6上运行它时,我得到: uninitialized constant OpenSSL::PKey::EC 以下是完整的堆栈跟踪: $ rails server /home/foo/.rvm/gems/ruby-2.1.3/gems/json-jwt-1.5.1/lib/json/jwk/jwkizable.rb:69:in `<top (required)>': uninit
openid\u connect
gem。当我尝试在CentOS 6.6上运行它时,我得到:
uninitialized constant OpenSSL::PKey::EC
以下是完整的堆栈跟踪:
$ rails server
/home/foo/.rvm/gems/ruby-2.1.3/gems/json-jwt-1.5.1/lib/json/jwk/jwkizable.rb:69:in `<top (required)>': uninitialized constant OpenSSL::PKey::EC (NameError)
from /home/foo/.rvm/gems/ruby-2.1.3/gems/json-jwt-1.5.1/lib/json/jwt.rb:102:in `<top (required)>'
from /home/foo/.rvm/gems/ruby-2.1.3/gems/openid_connect-0.9.2/lib/openid_connect/response_object/id_token.rb:1:in `<top (required)>'
from /home/foo/.rvm/gems/ruby-2.1.3/gems/openid_connect-0.9.2/lib/openid_connect/response_object.rb:7:in `block in <top (required)>'
from /home/foo/.rvm/gems/ruby-2.1.3/gems/openid_connect-0.9.2/lib/openid_connect/response_object.rb:6:in `each'
from /home/foo/.rvm/gems/ruby-2.1.3/gems/openid_connect-0.9.2/lib/openid_connect/response_object.rb:6:in `<top (required)>'
from /home/foo/.rvm/gems/ruby-2.1.3/gems/openid_connect-0.9.2/lib/openid_connect/connect_object.rb:52:in `<top (required)>'
from /home/foo/.rvm/gems/ruby-2.1.3/gems/openid_connect-0.9.2/lib/openid_connect.rb:85:in `<top (required)>'
from /home/foo/.rvm/gems/ruby-2.1.3/gems/bundler-1.10.6/lib/bundler/runtime.rb:76:in `require'
from /home/foo/.rvm/gems/ruby-2.1.3/gems/bundler-1.10.6/lib/bundler/runtime.rb:76:in `block (2 levels) in require'
from /home/foo/.rvm/gems/ruby-2.1.3/gems/bundler-1.10.6/lib/bundler/runtime.rb:72:in `each'
from /home/foo/.rvm/gems/ruby-2.1.3/gems/bundler-1.10.6/lib/bundler/runtime.rb:72:in `block in require'
from /home/foo/.rvm/gems/ruby-2.1.3/gems/bundler-1.10.6/lib/bundler/runtime.rb:61:in `each'
from /home/foo/.rvm/gems/ruby-2.1.3/gems/bundler-1.10.6/lib/bundler/runtime.rb:61:in `require'
from /home/foo/.rvm/gems/ruby-2.1.3/gems/bundler-1.10.6/lib/bundler.rb:134:in `require'
from /home/foo/tmp/openid_connect_sample/config/application.rb:7:in `<top (required)>'
from /home/foo/.rvm/gems/ruby-2.1.3/gems/railties-3.2.22/lib/rails/commands.rb:53:in `require'
from /home/foo/.rvm/gems/ruby-2.1.3/gems/railties-3.2.22/lib/rails/commands.rb:53:in `block in <top (required)>'
from /home/foo/.rvm/gems/ruby-2.1.3/gems/railties-3.2.22/lib/rails/commands.rb:50:in `tap'
from /home/foo/.rvm/gems/ruby-2.1.3/gems/railties-3.2.22/lib/rails/commands.rb:50:in `<top (required)>'
from script/rails:6:in `require'
from script/rails:6:in `<main>'
$rails服务器
/home/foo/.rvm/gems/ruby-2.1.3/gems/json-jwt-1.5.1/lib/json/jwk/jwkizable.rb:69:in`':未初始化常量OpenSSL::PKey::EC(NameError)
from/home/foo/.rvm/gems/ruby-2.1.3/gems/json-jwt-1.5.1/lib/json/jwt.rb:102:in`'
来自/home/foo/.rvm/gems/ruby-2.1.3/gems/openid\u connect-0.9.2/lib/openid\u connect/response\u object/id\u token.rb:1:in`'
from/home/foo/.rvm/gems/ruby-2.1.3/gems/openid\u connect-0.9.2/lib/openid\u connect/response\u object.rb:7:in'block in'
from/home/foo/.rvm/gems/ruby-2.1.3/gems/openid\u connect-0.9.2/lib/openid\u connect/response\u object.rb:6:在'each'中
来自/home/foo/.rvm/gems/ruby-2.1.3/gems/openid\u connect-0.9.2/lib/openid\u connect/response\u object.rb:6:in`'
来自/home/foo/.rvm/gems/ruby-2.1.3/gems/openid\u connect-0.9.2/lib/openid\u connect/connect\u object.rb:52:in`'
from/home/foo/.rvm/gems/ruby-2.1.3/gems/openid\u connect-0.9.2/lib/openid\u connect.rb:85:in`'
from/home/foo/.rvm/gems/ruby-2.1.3/gems/bundler-1.10.6/lib/bundler/runtime.rb:76:in'require'
from/home/foo/.rvm/gems/ruby-2.1.3/gems/bundler-1.10.6/lib/bundler/runtime.rb:76:在“请求中的块(2个级别)”中
from/home/foo/.rvm/gems/ruby-2.1.3/gems/bundler-1.10.6/lib/bundler/runtime.rb:72:in'each'
from/home/foo/.rvm/gems/ruby-2.1.3/gems/bundler-1.10.6/lib/bundler/runtime.rb:72:in'block in require'
from/home/foo/.rvm/gems/ruby-2.1.3/gems/bundler-1.10.6/lib/bundler/runtime.rb:61:in'each'
from/home/foo/.rvm/gems/ruby-2.1.3/gems/bundler-1.10.6/lib/bundler/runtime.rb:61:in'require'
from/home/foo/.rvm/gems/ruby-2.1.3/gems/bundler-1.10.6/lib/bundler.rb:134:in'require'
from/home/foo/tmp/openid\u connect\u sample/config/application.rb:7:in`'
from/home/foo/.rvm/gems/ruby-2.1.3/gems/railties-3.2.22/lib/rails/commands.rb:53:in'require'
from/home/foo/.rvm/gems/ruby-2.1.3/gems/railties-3.2.22/lib/rails/commands.rb:53:in'block-in'
from/home/foo/.rvm/gems/ruby-2.1.3/gems/railties-3.2.22/lib/rails/commands.rb:50:in'tap'
from/home/foo/.rvm/gems/ruby-2.1.3/gems/railties-3.2.22/lib/rails/commands.rb:50:in`'
来自脚本/rails:6:in'require'
来自脚本/rails:6:in`'
这意味着什么?我如何克服它?这个问题源于Red Hat拒绝在CentOS默认构建的OpenSSL中包含某些椭圆曲线(EC)算法(因为担心专利诉讼原因) 注意:根据,CentOS 6.7没有此问题。
openid\u connect
gem依赖于json jwt
gem,它使用未包含的算法之一
因此,您需要重建包含所需算法的新版本OpenSSL
以下是我在我的机器上构建新OpenSSL所遵循的步骤(改编自):
cd/usr/src
wgethttps://www.openssl.org/source/openssl-1.0.1l.tar.gz
yum安装autoconf automake
(您可能已经安装了这些)tar zxvf openssl-1.0.1l.tar.gz
cd openssl-1.0.1l
export CFLAGS=“-fPIC”
/config--prefix=/opt/openssl共享启用ec启用ecdh启用ecdsa
make all
make-install
rvm
?那太好了!您安装的任何新Rubies都将基于新的OpenSSL构建rvm删除
您的Ruby并重新安装(或者只需安装一个不同的Ruby版本)
没有使用rvm
?那么我想您需要以传统的方式重建Ruby。但你可能已经知道怎么做了,对吧?如果没有,您将需要查看不同的教程,因为我们无法在这里介绍
现在重新安装bunder
并进行bundle安装
,您的rails服务器现在应该可以成功运行了
(如果有人需要提供更正或澄清,请留下评论,我将根据需要进行编辑。)我在CentOS 6.6中遇到了同样的问题。但是我不想重新编译一个定制的openssl和ruby来解决这个问题。我没有做很好的笔记,因为我尝试了很多东西,但似乎CentOS 6.7的所有最新和最好的软件包的更新都解决了这个问题
以下是我拥有的几个相关软件包版本:
openssl098e-0.9.8e-18.el6_5.2.x86_64
openssl-1.0.1e-42.el6.x86_64
openssl-1.0.1e-42.el6.i686
openssl-devel-1.0.1e-42.el6.x86_64
glibc-2.12-1.166.el6_7.3.x86_64
kernel-2.6.32-573.7.1.el6.x86_64
在更新这些包、重新启动并重新安装我的包之后,json jwt gem工作得非常好
这是我们的生产机器,我相信ruby标准libs是从源代码处编译的,然后作为定制RPM创建的
我们的构建服务器使用RVM,这最终会让我们更加痛苦。RVM安装程序一直在为centos提取二进制文件,同样的故障再次出现
Found remote file https://rvm.io/binaries/centos/6/x86_64/ruby-1.9.3-p484.tar.bz2
我强制源代码重新编译如下:
rvm reinstall --disable-binary ruby-1.9.3-p484
我注意到一个非常美妙的信息:
#applying patch .rvm/patches/ruby/ssl_no_ec2m.patch.
该修补程序文件具有一些C宏条件,这些条件似乎排除了某些与EC相关的代码
这就成功了!我还注意到ruby的openssl.so中有很多与EC相关的符号。以前打包的centos ruby没有以下功能:
$ cd ~/.rvm/rubies/ruby-1.9.3-p484/lib/ruby/1.9.1/x86_64-linux
$ strings openssl.so |grep _EC
PEM_write_bio_ECPKParameters
i2d_ECPKParameters
PEM_read_bio_ECPKParameters
d2i_ECPKParameters
PEM_write_bio_ECPrivateKey
i2d_ECPrivateKey_bio
i2d_EC_PUBKEY_bio
PEM_write_bio_EC_PUBKEY
PEM_read_bio_ECPrivateKey
PEM_read_bio_EC_PUBKEY
d2i_ECPrivateKey_bio
d2i_EC_PUBKEY_bio
OPENSSL_1.0.1_EC
EVP_PKEY_assign_EC_KEY
OP_SINGLE_ECDH_USE
如果我不得不猜测,针对我的新openssl 1.0.1包的重新编译一定触发了一些C宏,这些宏打开了某种不受法律保护的替代算法
如果您检查openssl.so的符号,但它没有所有这些与EC相关的内容,这可能是一个问题。很高兴知道。我用的是6.6。我将更新我的问题/答案以记录版本。