Fatal编程技术网
  • ruby/
  • &引用;未初始化常量OpenSSL::PKey::EC“;来自Ruby on CentOS 6.6

&引用;未初始化常量OpenSSL::PKey::EC“;来自Ruby on CentOS 6.6

ruby openssl centos jwt

&引用;未初始化常量OpenSSL::PKey::EC“;来自Ruby on CentOS 6.6,ruby,openssl,centos,jwt,openid-connect,Ruby,Openssl,Centos,Jwt,Openid Connect,我有一个Rails服务器应用程序,它使用openid\u connectgem。当我尝试在CentOS 6.6上运行它时,我得到: uninitialized constant OpenSSL::PKey::EC 以下是完整的堆栈跟踪: $ rails server /home/foo/.rvm/gems/ruby-2.1.3/gems/json-jwt-1.5.1/lib/json/jwk/jwkizable.rb:69:in `<top (required)>': uninit

我有一个Rails服务器应用程序,它使用
openid\u connect
gem。当我尝试在CentOS 6.6上运行它时,我得到:

uninitialized constant OpenSSL::PKey::EC
以下是完整的堆栈跟踪:

$ rails server
/home/foo/.rvm/gems/ruby-2.1.3/gems/json-jwt-1.5.1/lib/json/jwk/jwkizable.rb:69:in `<top (required)>': uninitialized constant OpenSSL::PKey::EC (NameError)
    from /home/foo/.rvm/gems/ruby-2.1.3/gems/json-jwt-1.5.1/lib/json/jwt.rb:102:in `<top (required)>'
    from /home/foo/.rvm/gems/ruby-2.1.3/gems/openid_connect-0.9.2/lib/openid_connect/response_object/id_token.rb:1:in `<top (required)>'
    from /home/foo/.rvm/gems/ruby-2.1.3/gems/openid_connect-0.9.2/lib/openid_connect/response_object.rb:7:in `block in <top (required)>'
    from /home/foo/.rvm/gems/ruby-2.1.3/gems/openid_connect-0.9.2/lib/openid_connect/response_object.rb:6:in `each'
    from /home/foo/.rvm/gems/ruby-2.1.3/gems/openid_connect-0.9.2/lib/openid_connect/response_object.rb:6:in `<top (required)>'
    from /home/foo/.rvm/gems/ruby-2.1.3/gems/openid_connect-0.9.2/lib/openid_connect/connect_object.rb:52:in `<top (required)>'
    from /home/foo/.rvm/gems/ruby-2.1.3/gems/openid_connect-0.9.2/lib/openid_connect.rb:85:in `<top (required)>'
    from /home/foo/.rvm/gems/ruby-2.1.3/gems/bundler-1.10.6/lib/bundler/runtime.rb:76:in `require'
    from /home/foo/.rvm/gems/ruby-2.1.3/gems/bundler-1.10.6/lib/bundler/runtime.rb:76:in `block (2 levels) in require'
    from /home/foo/.rvm/gems/ruby-2.1.3/gems/bundler-1.10.6/lib/bundler/runtime.rb:72:in `each'
    from /home/foo/.rvm/gems/ruby-2.1.3/gems/bundler-1.10.6/lib/bundler/runtime.rb:72:in `block in require'
    from /home/foo/.rvm/gems/ruby-2.1.3/gems/bundler-1.10.6/lib/bundler/runtime.rb:61:in `each'
    from /home/foo/.rvm/gems/ruby-2.1.3/gems/bundler-1.10.6/lib/bundler/runtime.rb:61:in `require'
    from /home/foo/.rvm/gems/ruby-2.1.3/gems/bundler-1.10.6/lib/bundler.rb:134:in `require'
    from /home/foo/tmp/openid_connect_sample/config/application.rb:7:in `<top (required)>'
    from /home/foo/.rvm/gems/ruby-2.1.3/gems/railties-3.2.22/lib/rails/commands.rb:53:in `require'
    from /home/foo/.rvm/gems/ruby-2.1.3/gems/railties-3.2.22/lib/rails/commands.rb:53:in `block in <top (required)>'
    from /home/foo/.rvm/gems/ruby-2.1.3/gems/railties-3.2.22/lib/rails/commands.rb:50:in `tap'
    from /home/foo/.rvm/gems/ruby-2.1.3/gems/railties-3.2.22/lib/rails/commands.rb:50:in `<top (required)>'
    from script/rails:6:in `require'
    from script/rails:6:in `<main>'

$rails服务器
/home/foo/.rvm/gems/ruby-2.1.3/gems/json-jwt-1.5.1/lib/json/jwk/jwkizable.rb:69:in`':未初始化常量OpenSSL::PKey::EC(NameError)
from/home/foo/.rvm/gems/ruby-2.1.3/gems/json-jwt-1.5.1/lib/json/jwt.rb:102:in`'
来自/home/foo/.rvm/gems/ruby-2.1.3/gems/openid\u connect-0.9.2/lib/openid\u connect/response\u object/id\u token.rb:1:in`'
from/home/foo/.rvm/gems/ruby-2.1.3/gems/openid\u connect-0.9.2/lib/openid\u connect/response\u object.rb:7:in'block in'
from/home/foo/.rvm/gems/ruby-2.1.3/gems/openid\u connect-0.9.2/lib/openid\u connect/response\u object.rb:6:在'each'中
来自/home/foo/.rvm/gems/ruby-2.1.3/gems/openid\u connect-0.9.2/lib/openid\u connect/response\u object.rb:6:in`'
来自/home/foo/.rvm/gems/ruby-2.1.3/gems/openid\u connect-0.9.2/lib/openid\u connect/connect\u object.rb:52:in`'
from/home/foo/.rvm/gems/ruby-2.1.3/gems/openid\u connect-0.9.2/lib/openid\u connect.rb:85:in`'
from/home/foo/.rvm/gems/ruby-2.1.3/gems/bundler-1.10.6/lib/bundler/runtime.rb:76:in'require'
from/home/foo/.rvm/gems/ruby-2.1.3/gems/bundler-1.10.6/lib/bundler/runtime.rb:76:在“请求中的块(2个级别)”中
from/home/foo/.rvm/gems/ruby-2.1.3/gems/bundler-1.10.6/lib/bundler/runtime.rb:72:in'each'
from/home/foo/.rvm/gems/ruby-2.1.3/gems/bundler-1.10.6/lib/bundler/runtime.rb:72:in'block in require'
from/home/foo/.rvm/gems/ruby-2.1.3/gems/bundler-1.10.6/lib/bundler/runtime.rb:61:in'each'
from/home/foo/.rvm/gems/ruby-2.1.3/gems/bundler-1.10.6/lib/bundler/runtime.rb:61:in'require'
from/home/foo/.rvm/gems/ruby-2.1.3/gems/bundler-1.10.6/lib/bundler.rb:134:in'require'
from/home/foo/tmp/openid\u connect\u sample/config/application.rb:7:in`'
from/home/foo/.rvm/gems/ruby-2.1.3/gems/railties-3.2.22/lib/rails/commands.rb:53:in'require'
from/home/foo/.rvm/gems/ruby-2.1.3/gems/railties-3.2.22/lib/rails/commands.rb:53:in'block-in'
from/home/foo/.rvm/gems/ruby-2.1.3/gems/railties-3.2.22/lib/rails/commands.rb:50:in'tap'
from/home/foo/.rvm/gems/ruby-2.1.3/gems/railties-3.2.22/lib/rails/commands.rb:50:in`'
来自脚本/rails:6:in'require'
来自脚本/rails:6:in`'
这意味着什么?我如何克服它?

这个问题源于Red Hat拒绝在CentOS默认构建的OpenSSL中包含某些椭圆曲线(EC)算法(因为担心专利诉讼原因)

注意:根据,CentOS 6.7没有此问题。

openid\u connect
gem依赖于
json jwt
gem,它使用未包含的算法之一

因此,您需要重建包含所需算法的新版本OpenSSL

以下是我在我的机器上构建新OpenSSL所遵循的步骤(改编自):

  • cd/usr/src
  • wgethttps://www.openssl.org/source/openssl-1.0.1l.tar.gz
  • yum安装autoconf automake
    (您可能已经安装了这些)
  • tar zxvf openssl-1.0.1l.tar.gz
  • cd openssl-1.0.1l
  • export CFLAGS=“-fPIC”
  • /config--prefix=/opt/openssl共享启用ec启用ecdh启用ecdsa
  • make all
  • make-install
    • 现在,您的Ruby可能仍然链接到旧的OpenSSL库,因此您需要重新构建它以链接到新的OpenSSL库

    您使用的是
    rvm
    那太好了!您安装的任何新Rubies都将基于新的OpenSSL构建
    rvm删除
    您的Ruby并重新安装(或者只需安装一个不同的Ruby版本)

    没有使用
    rvm
    那么我想您需要以传统的方式重建Ruby。但你可能已经知道怎么做了,对吧?如果没有,您将需要查看不同的教程,因为我们无法在这里介绍

    现在重新安装
    bunder
    并进行
    bundle安装
    ,您的
    rails服务器现在应该可以成功运行了
    

    (如果有人需要提供更正或澄清,请留下评论,我将根据需要进行编辑。)
    我在CentOS 6.6中遇到了同样的问题。但是我不想重新编译一个定制的openssl和ruby来解决这个问题。我没有做很好的笔记,因为我尝试了很多东西,但似乎CentOS 6.7的所有最新和最好的软件包的更新都解决了这个问题
    
以下是我拥有的几个相关软件包版本:
    

    openssl098e-0.9.8e-18.el6_5.2.x86_64                                                            
openssl-1.0.1e-42.el6.x86_64                                                                
openssl-1.0.1e-42.el6.i686
openssl-devel-1.0.1e-42.el6.x86_64
glibc-2.12-1.166.el6_7.3.x86_64
kernel-2.6.32-573.7.1.el6.x86_64

    
在更新这些包、重新启动并重新安装我的包之后,json jwt gem工作得非常好
    
这是我们的生产机器,我相信ruby标准libs是从源代码处编译的,然后作为定制RPM创建的
    
我们的构建服务器使用RVM,这最终会让我们更加痛苦。RVM安装程序一直在为centos提取二进制文件,同样的故障再次出现
    

    Found remote file https://rvm.io/binaries/centos/6/x86_64/ruby-1.9.3-p484.tar.bz2

    
我强制源代码重新编译如下:
    

    rvm reinstall --disable-binary ruby-1.9.3-p484

    
我注意到一个非常美妙的信息:
    

     #applying patch .rvm/patches/ruby/ssl_no_ec2m.patch.

    
该修补程序文件具有一些C宏条件,这些条件似乎排除了某些与EC相关的代码
    
这就成功了!我还注意到ruby的openssl.so中有很多与EC相关的符号。以前打包的centos ruby没有以下功能:
    

    $ cd ~/.rvm/rubies/ruby-1.9.3-p484/lib/ruby/1.9.1/x86_64-linux
$ strings openssl.so |grep _EC
PEM_write_bio_ECPKParameters
i2d_ECPKParameters
PEM_read_bio_ECPKParameters
d2i_ECPKParameters
PEM_write_bio_ECPrivateKey
i2d_ECPrivateKey_bio
i2d_EC_PUBKEY_bio
PEM_write_bio_EC_PUBKEY
PEM_read_bio_ECPrivateKey
PEM_read_bio_EC_PUBKEY
d2i_ECPrivateKey_bio
d2i_EC_PUBKEY_bio
OPENSSL_1.0.1_EC
EVP_PKEY_assign_EC_KEY
OP_SINGLE_ECDH_USE

    
如果我不得不猜测,针对我的新openssl 1.0.1包的重新编译一定触发了一些C宏,这些宏打开了某种不受法律保护的替代算法
    

    如果您检查openssl.so的符号,但它没有所有这些与EC相关的内容,这可能是一个问题。
    很高兴知道。我用的是6.6。我将更新我的问题/答案以记录版本。