[英]SSL Error When installing rubygems, Unable to pull data from 'https://rubygems.org/
I am trying to do the Michael Hartl tutorial.我正在尝试做 Michael Hartl 教程。 When I attempt to install rails 3.2.14 in my gemset, I get the following issue:
当我尝试在我的 gemset 中安装 rails 3.2.14 时,出现以下问题:
$ gem install rails -v 3.2.14
$ gem 安装 rails -v 3.2.14
ERROR: Could not find a valid gem 'rails' (= 3.2.14), here is why:
错误:找不到有效的 gem 'rails' (= 3.2.14),原因如下:
Unable to download data from https://rubygems.org/ - SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed ( https://s3.amazonaws.com/production.s3.rubygems.org/specs.4.8.gz )
无法从https://rubygems.org/下载数据 - SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed ( https://s3.amazonaws.com/production.s3.rubygems.org /specs.4.8.gz )
After Googling around, I found that I could use a non-SSL source for rubygems so I ran:谷歌搜索后,我发现我可以使用非 SSL 源 rubygems,所以我运行了:
sudo gem sources -a http://rubygems.org
Then, when I tried to install rails again, it was successful.然后,当我再次尝试安装rails时,就成功了。 However, I still got the issue above but as a warning:
但是,我仍然遇到上述问题,但作为警告:
WARNING: Unable to pull data from ' https://rubygems.org/ ': SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed ( https://s3.amazonaws.com/production.s3.rubygems.org/specs.4.8.gz )
警告:无法从“ https://rubygems.org/ ”提取数据:SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed ( https://s3.amazonaws.com/production.s3 .rubygems.org/specs.4.8.gz )
How can I remove this warning/error entirely?如何完全删除此警告/错误?
I am using the following:我正在使用以下内容:
Make sure you use latest rvm:确保您使用最新的 rvm:
rvm get stable
Then you can do two things:然后你可以做两件事:
Update certificates:更新证书:
rvm osx-ssl-certs update all
Update rubygems:更新 rubygems:
rvm rubygems latest
Find path for certificate:查找证书路径:
cert_file=$(ruby -ropenssl -e 'puts OpenSSL::X509::DEFAULT_CERT_FILE')
Generate certificate:生成证书:
security find-certificate -a -p /Library/Keychains/System.keychain > "$cert_file"
security find-certificate -a -p /System/Library/Keychains/SystemRootCertificates.keychain >> "$cert_file"
The whole code: https://github.com/wayneeseguin/rvm/blob/master/scripts/functions/osx-ssl-certs整个代码: https : //github.com/wayneeseguin/rvm/blob/master/scripts/functions/osx-ssl-certs
Make sure to update package ca-certificates
.确保更新包
ca-certificates
。 (on old systems it might not be available - do not use an old system which does not receive security updates any more) (在旧系统上它可能不可用 - 不要使用不再接收安全更新的旧系统)
The Ruby Installer builds for windows are prepared by Luis Lavena and the path to certificates will be showing something like C:/Users/Luis/...
check https://github.com/oneclick/rubyinstaller/issues/249 for more details and this answer https://stackoverflow.com/a/27298259/497756 for fix.用于 Windows 的Ruby 安装程序构建由Luis Lavena准备,证书路径将显示类似
C:/Users/Luis/...
更多详细信息,请查看https://github.com/oneclick/rubyinstaller/issues/249和这个答案https://stackoverflow.com/a/27298259/497756进行修复。
Latest findings...最新发现...
https://gist.github.com/luislavena/f064211759ee0f806c88 https://gist.github.com/luislavena/f064211759ee0f806c88
Most importantly...download https://raw.githubusercontent.com/rubygems/rubygems/master/lib/rubygems/ssl_certs/rubygems.org/AddTrustExternalCARoot-2048.pem最重要的是...下载https://raw.githubusercontent.com/rubygems/rubygems/master/lib/rubygems/ssl_certs/rubygems.org/AddTrustExternalCARoot-2048.pem
Figure out where to stick it弄清楚把它粘在哪里
C:\>gem which rubygems
C:/Ruby21/lib/ruby/2.1.0/rubygems.rb
Then just copy the .pem file in ../2.1.0/rubygems/ssl_certs/ and go on about your business.然后只需将 .pem 文件复制到 ../2.1.0/rubygems/ssl_certs/ 并继续您的业务。
Goto link http://rubygems.org/pages/download转到链接http://rubygems.org/pages/download
If you want to use the non-SSL source, try removing the HTTPS source first, and then adding the HTTP one:如果要使用非 SSL 源,请尝试先删除 HTTPS 源,然后添加 HTTP 源:
sudo gem sources -r https://rubygems.org
sudo gem sources -a http://rubygems.org
UPDATE:更新:
As mpapis states, this should be used only as a temporary workaround.正如 mpapis 所述,这应该仅用作临时解决方法。 There could be some security concerns if you're accessing RubyGems through the non-SSL source.
如果您通过非 SSL 源访问 RubyGems,则可能存在一些安全问题。
Once the workaround is not needed anymore, you should restore the SSL-source:一旦不再需要解决方法,您应该恢复 SSL 源:
sudo gem sources -r http://rubygems.org
sudo gem sources -a https://rubygems.org
On Windows you'll have to use HTTP
source to update gem
then change back to using HTTPS
.在 Windows 上,您必须使用
HTTP
源来更新gem
然后改回使用HTTPS
。
gem sources -r https://rubygems.org/
gem sources -a http://rubygems.org/
gem update --system
gem sources -r http://rubygems.org/
gem sources -a https://rubygems.org/
Edit: Warning I'm not sure if this is safe .编辑:警告我不确定这是否安全。 Does anyone know if ruby packages are signed?
有谁知道 ruby 包是否已签名? The accepted answer looks like a better solution.
接受的答案看起来是更好的解决方案。
Rubygems.org has a guide that not only explains how to fix this problem, but also why so many people are having it: SSL Certificate Update The reason for the problem is rubygems.org switched to a more secure SSL certificate (SHA-2 which use 256bit encryption). Rubygems.org 有一个指南,不仅解释了如何解决这个问题,还解释了为什么这么多人有这个问题: SSL 证书更新问题的原因是 rubygems.org 切换到更安全的 SSL 证书(SHA-2使用 256 位加密)。 The rubygems command line tool bundles the reference to the correct certificate.
rubygems 命令行工具捆绑了对正确证书的引用。 Therefore rubygems itself can't be updated using an older version of rubygems.
因此,无法使用旧版本的 rubygems 更新 rubygems 本身。 Rubygems must first be updated manually.
Rubygems 必须首先手动更新。
First find out what rubygems you have:首先找出你有什么 rubygems:
rubygems –v
Depending on whether you have a 1.8.x, 2.0.x or 2.2.x, you will need to download an update gem, named “rubygems-update-XYZgem”, where XYZ is the version you need.根据您使用的是 1.8.x、2.0.x 还是 2.2.x,您需要下载一个名为“rubygems-update-XYZgem”的更新 gem,其中 XYZ 是您需要的版本。 Running 1.8.x: download: https://github.com/rubygems/rubygems/releases/tag/v1.8.30 Running 2.0.x: download: https://github.com/rubygems/rubygems/releases/tag/v2.0.15 Running 2.2.x: download: https://github.com/rubygems/rubygems/releases/tag/v2.2.3
运行 1.8.x:下载: https : //github.com/rubygems/rubygems/releases/tag/v1.8.30运行 2.0.x:下载: https : //github.com/rubygems/rubygems/releases/tag/v2 .0.15运行 2.2.x:下载: https : //github.com/rubygems/rubygems/releases/tag/v2.2.3
Install update gem:安装更新 gem:
gem install –-local full_path_to_the_gem_file
Run update gem:运行更新 gem:
update_rubygems --no-ri --no-rdoc
Check that rubygems was updated:检查 rubygems 是否已更新:
rubygems –v
Uninstall update gem:卸载更新 gem:
gem uninstall rubygems-update -x
At this point, you may be OK.此时,您可能没问题。 But it is possible that you do not have the latest public key file for the new certificate.
但您可能没有新证书的最新公钥文件。 To do this:
要做到这一点:
Download the latest certificate, (currently AddTrustExternalCARoot-2048.pem) from https://rubygems.org/pages/download .从https://rubygems.org/pages/download下载最新证书(当前为 AddTrustExternalCARoot-2048.pem)。 All of the certs are also located at: https://github.com/rubygems/rubygems/tree/master/lib/rubygems/ssl_certs
所有证书也位于: https : //github.com/rubygems/rubygems/tree/master/lib/rubygems/ssl_certs
Find out where to put it:找出把它放在哪里:
gem which rubygems
Put this file in the “rubygems\\ssl_certs” directory at this location.将此文件放在此位置的“rubygems\\ssl_certs”目录中。
As per rubygems commit , the certificates are moved to more specific directories.根据rubygems commit ,证书被移动到更具体的目录。 Thus, currently the certificate(AddTrustExternalCARoot-2048.pem) is expected to be on the following path
lib/rubygems/ssl_certs/rubygems.org/AddTrustExternalCARoot-2048.pem
因此,目前证书(AddTrustExternalCARoot-2048.pem)预计在以下路径
lib/rubygems/ssl_certs/rubygems.org/AddTrustExternalCARoot-2048.pem
Try to use the source website for the gems, ie rubygems.org.尝试使用 gem 的源网站,即 rubygems.org。 Use http instead of https.
使用 http 而不是 https。 This method does not involve any work such as installing certs and all that.
此方法不涉及任何工作,例如安装证书等。
Example -例子 -
gem install typhoeus --source http://rubygems.org
This works, but there is one caveat though.这有效,但有一个警告。
The gem is installed, but the documentation is not because of cert errors. gem 已安装,但文档不是因为证书错误。 Here is the error I get
这是我得到的错误
Parsing documentation for typhoeus-0.7.0 WARNING: Unable to pull
data from 'https://rubygems.org/': SSL_connect returned=1 errno=0
state=SSLv3 read server certificate B: certificate verify failed
(https://rubygems.org/latest_specs.4.8.gz)
运行gem update --system
为我工作
This exact error happened to me today on an Ubuntu virtual machine running on VirtualBox.今天我在 VirtualBox 上运行的 Ubuntu 虚拟机上发生了这个确切的错误。 I tried most of the solutions shown above before I noticed that I had resumed from a very old suspended state, and my clock was off by many days.
我尝试了上面显示的大多数解决方案,然后才注意到我已经从一个非常旧的挂起状态恢复了,而且我的时钟已经关闭了很多天。
Updating the clock immediately fixed my issue.更新时钟立即解决了我的问题。 Here's the command I used in my case:
这是我在案例中使用的命令:
sudo service ntp stop && sudo ntpdate pool.ntp.org && sudo service ntp start须藤服务 ntp 停止 && 须藤 ntpdate pool.ntp.org && 须藤服务 ntp 开始
只需使用自制软件卸载并重新安装 openssl 即可为我解决此问题。
brew uninstall --force openssl
brew install openssl
Update the cert.pem
to newest file that provide by cURL: http://curl.haxx.se/ca/cacert.pem将
cert.pem
更新为 cURL 提供的最新文件: http : //curl.haxx.se/ca/cacert.pem
curl -o `ruby -ropenssl -e 'p OpenSSL::X509::DEFAULT_CERT_FILE' |tr -d \"` http://curl.haxx.se/ca/cacert.pem
If you are using windows, open https://rubygems.org/ with internet explorer.如果您使用的是 Windows,请使用 Internet Explorer 打开https://rubygems.org/ 。
Click on security information and import the certificate.单击安全信息并导入证书。 The bottom line is your certification chain is outdated and you need to add this new certificate.
底线是您的认证链已过时,您需要添加此新证书。 Remember that this is not a security violation as long as you can validate the certificate as trusted.
请记住,只要您可以将证书验证为可信,这就不构成安全违规。
可以使用 HTTP 而不是 HTTPS 自动下载 gems 的方法/单行:
printf -- '---\n:sources:\n- http://rubygems.org\n' | tee ~/.gemrc
In my case, the Ubuntu CA certificates were out of date.就我而言,Ubuntu CA 证书已过时。 I fixed it by running:
我通过运行修复它:
sudo update-ca-certificates
The particular case of RubyGems (the command line tool) is that it requires to bundle inside of its code the trust certificates, which allow RubyGems to establish a connection with the servers even when base operating system is unable to verify the identity of them. RubyGems(命令行工具)的特殊情况是它需要在其代码内部捆绑信任证书,这允许 RubyGems 与服务器建立连接,即使基本操作系统无法验证它们的身份。
Up until a few months ago, this certificate was provided by one CA, but newer certificate is provided by a different one.直到几个月前,该证书由一个 CA 提供,但较新的证书由另一个 CA 提供。
Because of this, existing installations of RubyGems would have to been updated before the switch of the certificate and give enough time for the change to spread (and people to update)因此,必须在证书切换之前更新 RubyGems 的现有安装,并留出足够的时间让更改传播(以及人们进行更新)
Anyone can find his solution by following the simple steps given in the link below任何人都可以按照以下链接中给出的简单步骤找到他的解决方案
https://gist.github.com/luislavena/f064211759ee0f806c88 https://gist.github.com/luislavena/f064211759ee0f806c88
Try试试
gem update --system
Hope it solves the problem.希望它能解决问题。
I had same problem while trying to install cucumber gem.我在尝试安装黄瓜 gem 时遇到了同样的问题。 However I noticed that bundler gem already installed with ruby 2.0.
但是我注意到 bundler gem 已经安装在 ruby 2.0 中。 I created a Gemfile.rb in the project folder with required gems and followed this steps
我在项目文件夹中用所需的宝石创建了一个 Gemfile.rb 并按照以下步骤操作
All the required gems installed.安装了所有必需的 gem。
Install CSWcacertificates prior to 'gem install'在“gem install”之前安装 CSWcacertificates
pkgutil -yi CSWcacertificates
If you're using a ruby kit that's not from OpenCSW, your ruby version may expect to find the certificate file in another place.如果您使用的 ruby 套件不是来自 OpenCSW,则您的 ruby 版本可能希望在其他地方找到证书文件。 In this case, I simply symlinked OpenCSW's /etc/opt/csw/ssl/cert.pem to the expected place.
在这种情况下,我只是将 OpenCSW 的 /etc/opt/csw/ssl/cert.pem 符号链接到预期的位置。
Check where ruby expects to find it :检查 ruby 期望在哪里找到它:
export cf=`ruby -ropenssl -e 'puts OpenSSL::X509::DEFAULT_CERT_FILE'` && echo $cf
Then, if there's a discrepancy, link it:然后,如果有差异,请链接:
ln -s /etc/opt/csw/ssl/cert.pem $cf && file $cf
Or may be prevented by firewall like me.或者像我这样的防火墙可能会阻止。 Try this:
试试这个:
sudo gem install --http-proxy http://localhost:port cocoapods -V sudo gem install --http-proxy http://localhost:port cocoapods -V
For Windows user:对于 Windows 用户:
After installing Ruby 2.2.3 (+ rubygems 2.5.1) successfully on a test machine with access to the internet, I had this SSL error when I installed bundler on a production machine, within the network.在可以访问 Internet 的测试机器上成功安装 Ruby 2.2.3(+ rubygems 2.5.1)后,当我在网络内的生产机器上安装 bundler 时出现此 SSL 错误。
As I had network access limitations, and there was no way to change the settings for SSL access, and based on the error messages, I performed the steps below to be able to finish the installation of the bundler (this may sound crazy, but it worked...).由于我有网络访问限制,并且无法更改 SSL 访问的设置,并且根据错误消息,我执行了以下步骤以完成捆绑程序的安装(这可能听起来很疯狂,但它工作...)。
Through a machine with unrestricted access to the internet, downloaded the following files:通过一台可以不受限制地访问互联网的机器,下载了以下文件:
I added these files on an intranet server, keeping the folder structure of the links above:我在内网服务器上添加了这些文件,保持上面链接的文件夹结构:
spec.4.8.gz e latest_specs.4.8.gz spec.4.8.gz 和 latest_specs.4.8.gz
bundler-1.11.2.gemspec.rz bundler-1.11.2.gemspec.rz
bundler-1.11.2.gem bundler-1.11.2.gem
Then I added my intranet to access gem source:然后我添加了我的内网来访问 gem 源:
gem sources -a http://mydomain.com.br
I have run with the success the "gem install bundler" after installation, all it took was remove my intranet of the gem:我在安装后成功运行了“gem install bundler”,只需要删除我的 gem 内网:
gem sources -r http://mydomain.com.br
I hope that is useful in any similar situation....我希望这在任何类似的情况下都有用......
As a Windows 10 user, I followed Dheerendra's answer , and it worked for me one day.作为一名 Windows 10 用户,我遵循了 Dheerendra 的回答,有一天它对我有用。 The next day, I experienced the issue again, and his fix didn't work.
第二天,我又遇到了这个问题,他的修复没有奏效。 For me, the fix was to update
bundler
with:对我来说,修复是使用以下内容更新
bundler
:
gem update bundler
I believe my version of bundler
was more than a few months old.我相信我的
bundler
版本已经有几个月的历史了。
The answer is no longer valid.答案不再有效。 Since I have encountered the issue with older Windows ruby right now I'll post the answer.
由于我现在遇到了较旧的Windows ruby 的问题,因此我将发布答案。
When I wanted to install an activesupport gem:当我想安装一个 activesupport gem 时:
gem in activesupport --version 5.1.6
ERROR: Could not find a valid gem 'activesupport' (= 5.1.6), here is why:
Unable to download data from https://rubygems.org/ - SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B
: certificate verify failed (https://api.rubygems.org/specs.4.8.gz)
The following steps need to copy only the certificates from newer windows ruby.以下步骤只需要从较新的 windows ruby 复制证书。 Take the latest ruby (or at least ruby 2.4.0 ) and do the following:
使用最新的 ruby(或至少 ruby 2.4.0 )并执行以下操作:
copy certificates from these directories (adjust to your needs):从这些目录复制证书(根据您的需要进行调整):
C:\\prg_sdk\\rubies\\Ruby-2.4\\lib\\ruby\\2.4.0\\rubygems\\ssl_certs\\rubygems.org
C:\\prg_sdk\\rubies\\Ruby-2.4\\lib\\ruby\\2.4.0\\rubygems\\ssl_certs\\index.rubygems.org
to destination (again adjust to what you need):到目的地(再次根据您的需要进行调整):
C:\\prg_sdk\\rubies\\Ruby231-p112-x64\\lib\\ruby\\2.3.0\\rubygems\\ssl_certs
Download the cacert.pem file from http://curl.haxx.se/ca/cacert.pem .从http://curl.haxx.se/ca/cacert.pem下载 cacert.pem 文件。 Save this file to C:\\RailsInstaller\\cacert.pem.
将此文件保存到 C:\\RailsInstaller\\cacert.pem。
Now make ruby aware of your certificate authority bundle by setting SSL_CERT_FILE.现在通过设置 SSL_CERT_FILE 使 ruby 知道您的证书颁发机构包。 To set this in your current command prompt session, type:
要在当前的命令提示符会话中进行设置,请键入:
set SSL_CERT_FILE=C:\\RailsInstaller\\cacert.pem设置 SSL_CERT_FILE=C:\\RailsInstaller\\cacert.pem
For Windows, I followed https://gist.github.com/fnichol/867550 .对于 Windows,我关注了https://gist.github.com/fnichol/867550 。 I had to manually download the "cacert.pem" file.
我不得不手动下载“cacert.pem”文件。 (go to https://curl.se/docs/caextract.html .) Put it in any folder it won't be deleted from or with.
(转到https://curl.se/docs/caextract.html 。)将它放在任何文件夹中,不会从中删除或与之一起删除。
Make sure you add it to your systems Environment variables!!!确保将其添加到系统环境变量中!!!
I did this (in Windows 10) via the control panel (select User Accounts) where there is an option to "Change my environment variables".我是通过控制面板(选择用户帐户)完成的(在 Windows 10 中),其中有一个“更改我的环境变量”选项。 Create a new variable and set the value as the path and filename!
创建一个新变量并将值设置为路径和文件名!
var name SSL_CERT_FILE
var value C:\{your_dir}\cacert.pem
This will ensure it remains visible/useable every time you need it (ie, every command window you open)!这将确保它在您每次需要时保持可见/可用(即,您打开的每个命令窗口)!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.